2008-09-26 04:22:51 +02:00
|
|
|
<?php
|
2016-06-23 01:37:22 +02:00
|
|
|
|
|
|
|
namespace SilverStripe\Security;
|
|
|
|
|
2016-08-19 00:51:35 +02:00
|
|
|
use SilverStripe\Control\Director;
|
|
|
|
use SilverStripe\Control\Session;
|
|
|
|
use SilverStripe\Control\Controller;
|
|
|
|
use SilverStripe\Forms\HiddenField;
|
|
|
|
use SilverStripe\Forms\FieldList;
|
|
|
|
use SilverStripe\Forms\FormAction;
|
|
|
|
use SilverStripe\Forms\TextField;
|
|
|
|
use SilverStripe\Forms\PasswordField;
|
|
|
|
use SilverStripe\Forms\CheckboxField;
|
|
|
|
use SilverStripe\Forms\LiteralField;
|
|
|
|
use SilverStripe\Forms\RequiredFields;
|
2016-11-23 06:09:10 +01:00
|
|
|
use SilverStripe\ORM\ValidationResult;
|
2016-08-19 00:51:35 +02:00
|
|
|
use SilverStripe\View\Requirements;
|
2016-06-23 01:37:22 +02:00
|
|
|
|
2008-09-26 04:22:51 +02:00
|
|
|
/**
|
2014-02-24 06:45:18 +01:00
|
|
|
* Log-in form for the "member" authentication method.
|
|
|
|
*
|
|
|
|
* Available extension points:
|
2014-04-29 23:12:23 +02:00
|
|
|
* - "authenticationFailed": Called when login was not successful.
|
2014-02-24 06:45:18 +01:00
|
|
|
* Arguments: $data containing the form submission
|
2014-04-29 23:12:23 +02:00
|
|
|
* - "forgotPassword": Called before forgot password logic kicks in,
|
|
|
|
* allowing extensions to "veto" execution by returning FALSE.
|
2014-02-24 06:45:18 +01:00
|
|
|
* Arguments: $member containing the detected Member record
|
2008-09-26 04:22:51 +02:00
|
|
|
*/
|
2016-11-29 00:31:16 +01:00
|
|
|
class MemberLoginForm extends LoginForm
|
|
|
|
{
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This field is used in the "You are logged in as %s" message
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
public $loggedInAsField = 'FirstName';
|
|
|
|
|
2017-04-14 06:21:38 +02:00
|
|
|
/**
|
|
|
|
* Required fields for validation
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
private static $required_fields;
|
|
|
|
|
2016-11-29 00:31:16 +01:00
|
|
|
/**
|
|
|
|
* Constructor
|
|
|
|
*
|
|
|
|
* @skipUpgrade
|
|
|
|
* @param Controller $controller The parent controller, necessary to
|
|
|
|
* create the appropriate form action tag.
|
2017-04-14 05:30:55 +02:00
|
|
|
* @param string $authenticatorClass Authenticator for this LoginForm
|
2016-11-29 00:31:16 +01:00
|
|
|
* @param string $name The method on the controller that will return this
|
|
|
|
* form object.
|
|
|
|
* @param FieldList $fields All of the fields in the form - a
|
|
|
|
* {@link FieldList} of {@link FormField}
|
|
|
|
* objects.
|
|
|
|
* @param FieldList|FormAction $actions All of the action buttons in the
|
|
|
|
* form - a {@link FieldList} of
|
|
|
|
* {@link FormAction} objects
|
|
|
|
* @param bool $checkCurrentUser If set to TRUE, it will be checked if a
|
|
|
|
* the user is currently logged in, and if
|
|
|
|
* so, only a logout button will be rendered
|
|
|
|
*/
|
|
|
|
public function __construct(
|
|
|
|
$controller,
|
2017-04-14 05:30:55 +02:00
|
|
|
$authenticatorClass,
|
2016-11-29 00:31:16 +01:00
|
|
|
$name,
|
|
|
|
$fields = null,
|
|
|
|
$actions = null,
|
|
|
|
$checkCurrentUser = true
|
|
|
|
) {
|
|
|
|
|
2017-04-14 05:30:55 +02:00
|
|
|
$this->authenticator_class = $authenticatorClass;
|
2016-11-29 00:31:16 +01:00
|
|
|
|
|
|
|
$customCSS = project() . '/css/member_login.css';
|
|
|
|
if (Director::fileExists($customCSS)) {
|
|
|
|
Requirements::css($customCSS);
|
|
|
|
}
|
|
|
|
|
2017-04-14 06:21:38 +02:00
|
|
|
if ($controller->request->getVar('BackURL')) {
|
|
|
|
$backURL = $controller->request->getVar('BackURL');
|
2016-11-29 00:31:16 +01:00
|
|
|
} else {
|
|
|
|
$backURL = Session::get('BackURL');
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
|
|
|
|
$fields = FieldList::create(
|
|
|
|
HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this)
|
|
|
|
);
|
|
|
|
$actions = FieldList::create(
|
|
|
|
FormAction::create("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))
|
|
|
|
);
|
|
|
|
} else {
|
|
|
|
if (!$fields) {
|
2017-04-14 06:21:38 +02:00
|
|
|
$fields = $this->getFormFields();
|
2016-11-29 00:31:16 +01:00
|
|
|
}
|
|
|
|
if (!$actions) {
|
2017-04-14 06:21:38 +02:00
|
|
|
$actions = $this->getFormActions();
|
2016-11-29 00:31:16 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($backURL)) {
|
|
|
|
$fields->push(HiddenField::create('BackURL', 'BackURL', $backURL));
|
|
|
|
}
|
|
|
|
|
|
|
|
// Reduce attack surface by enforcing POST requests
|
|
|
|
$this->setFormMethod('POST', true);
|
|
|
|
|
|
|
|
parent::__construct($controller, $name, $fields, $actions);
|
|
|
|
|
2017-04-14 06:21:38 +02:00
|
|
|
$this->setValidator(RequiredFields::create(self::config()->get('required_fields')));
|
|
|
|
}
|
2016-11-29 00:31:16 +01:00
|
|
|
|
2017-04-14 06:21:38 +02:00
|
|
|
/**
|
|
|
|
* Build the FieldList for the login form
|
|
|
|
*
|
|
|
|
* @return FieldList
|
|
|
|
*/
|
|
|
|
protected function getFormFields()
|
|
|
|
{
|
|
|
|
$label = Member::singleton()->fieldLabel(Member::config()->unique_identifier_field);
|
|
|
|
$fields = FieldList::create(
|
|
|
|
HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this),
|
|
|
|
// Regardless of what the unique identifer field is (usually 'Email'), it will be held in the
|
|
|
|
// 'Email' value, below:
|
|
|
|
// @todo Rename the field to a more generic covering name
|
|
|
|
$emailField = TextField::create("Email", $label, null, null, $this),
|
2017-04-20 03:15:24 +02:00
|
|
|
PasswordField::create("Password", _t('SilverStripe\\Security\\Member.PASSWORD', 'Password'))
|
2017-04-14 06:21:38 +02:00
|
|
|
);
|
|
|
|
$emailField->setAttribute('autofocus', 'true');
|
|
|
|
|
|
|
|
if (Security::config()->remember_username) {
|
|
|
|
$emailField->setValue(Session::get('SessionForms.MemberLoginForm.Email'));
|
|
|
|
} else {
|
|
|
|
// Some browsers won't respect this attribute unless it's added to the form
|
|
|
|
$this->setAttribute('autocomplete', 'off');
|
|
|
|
$emailField->setAttribute('autocomplete', 'off');
|
|
|
|
}
|
|
|
|
if (Security::config()->autologin_enabled) {
|
|
|
|
$fields->push(
|
|
|
|
CheckboxField::create(
|
|
|
|
"Remember",
|
2017-04-20 03:15:24 +02:00
|
|
|
_t('SilverStripe\\Security\\Member.KEEPMESIGNEDIN', "Keep me signed in")
|
2017-04-14 06:21:38 +02:00
|
|
|
)->setAttribute(
|
|
|
|
'title',
|
|
|
|
sprintf(
|
2017-04-20 03:15:24 +02:00
|
|
|
_t('SilverStripe\\Security\\Member.REMEMBERME', "Remember me next time? (for %d days on this device)"),
|
2017-04-14 06:21:38 +02:00
|
|
|
RememberLoginHash::config()->uninherited('token_expiry_days')
|
|
|
|
)
|
|
|
|
)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
return $fields;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Build default login form action FieldList
|
|
|
|
*
|
|
|
|
* @return FieldList
|
|
|
|
*/
|
|
|
|
protected function getFormActions()
|
|
|
|
{
|
|
|
|
$actions = FieldList::create(
|
2017-04-20 03:15:24 +02:00
|
|
|
FormAction::create('dologin', _t('SilverStripe\\Security\\Member.BUTTONLOGIN', "Log in")),
|
2017-04-14 06:21:38 +02:00
|
|
|
LiteralField::create(
|
|
|
|
'forgotPassword',
|
|
|
|
'<p id="ForgotPassword"><a href="' . Security::lost_password_url() . '">'
|
2017-04-20 03:15:24 +02:00
|
|
|
. _t('SilverStripe\\Security\\Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'
|
2017-04-14 06:21:38 +02:00
|
|
|
)
|
|
|
|
);
|
|
|
|
|
|
|
|
return $actions;
|
2016-11-29 00:31:16 +01:00
|
|
|
}
|
|
|
|
|
2016-11-23 06:09:10 +01:00
|
|
|
public function restoreFormState()
|
2016-11-29 00:31:16 +01:00
|
|
|
{
|
2016-11-23 06:09:10 +01:00
|
|
|
parent::restoreFormState();
|
2016-11-29 00:31:16 +01:00
|
|
|
|
|
|
|
$forceMessage = Session::get('MemberLoginForm.force_message');
|
|
|
|
if (($member = Member::currentUser()) && !$forceMessage) {
|
2016-11-23 06:09:10 +01:00
|
|
|
$message = _t(
|
2017-04-20 03:15:24 +02:00
|
|
|
'SilverStripe\\Security\\Member.LOGGEDINAS',
|
2016-11-29 00:31:16 +01:00
|
|
|
"You're logged in as {name}.",
|
|
|
|
array('name' => $member->{$this->loggedInAsField})
|
|
|
|
);
|
2016-11-23 06:09:10 +01:00
|
|
|
$this->setMessage($message, ValidationResult::TYPE_INFO);
|
2016-11-29 00:31:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// Reset forced message
|
|
|
|
if ($forceMessage) {
|
|
|
|
Session::set('MemberLoginForm.force_message', false);
|
|
|
|
}
|
|
|
|
|
2016-11-23 06:09:10 +01:00
|
|
|
return $this;
|
2016-11-29 00:31:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2017-03-02 03:24:38 +01:00
|
|
|
* @return MemberLoginHandler
|
2016-11-29 00:31:16 +01:00
|
|
|
*/
|
2017-03-02 03:24:38 +01:00
|
|
|
protected function buildRequestHandler()
|
2016-11-29 00:31:16 +01:00
|
|
|
{
|
2017-03-02 03:24:38 +01:00
|
|
|
return MemberLoginHandler::create($this);
|
2016-11-29 00:31:16 +01:00
|
|
|
}
|
2017-04-14 05:30:55 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* The name of this login form, to display in the frontend
|
|
|
|
* Replaces Authenticator::get_name()
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getAuthenticatorName()
|
|
|
|
{
|
2017-04-20 03:15:24 +02:00
|
|
|
return _t('SilverStripe\\Security\\MemberLoginForm.AUTHENTICATORNAME', "E-mail & Password");
|
2017-04-14 05:30:55 +02:00
|
|
|
}
|
2008-09-26 04:22:51 +02:00
|
|
|
}
|