2008-09-26 04:22:51 +02:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* Log-in form for the "member" authentication method
|
|
|
|
* @package sapphire
|
|
|
|
* @subpackage security
|
|
|
|
*/
|
|
|
|
class MemberLoginForm extends LoginForm {
|
|
|
|
|
2008-10-08 04:00:12 +02:00
|
|
|
protected $authenticator_class = 'MemberAuthenticator';
|
|
|
|
|
2008-09-26 04:22:51 +02:00
|
|
|
/**
|
|
|
|
* Constructor
|
|
|
|
*
|
|
|
|
* @param Controller $controller The parent controller, necessary to
|
|
|
|
* create the appropriate form action tag.
|
|
|
|
* @param string $name The method on the controller that will return this
|
|
|
|
* form object.
|
|
|
|
* @param FieldSet|FormField $fields All of the fields in the form - a
|
|
|
|
* {@link FieldSet} of {@link FormField}
|
|
|
|
* objects.
|
|
|
|
* @param FieldSet|FormAction $actions All of the action buttons in the
|
|
|
|
* form - a {@link FieldSet} of
|
|
|
|
* {@link FormAction} objects
|
|
|
|
* @param bool $checkCurrentUser If set to TRUE, it will be checked if a
|
|
|
|
* the user is currently logged in, and if
|
|
|
|
* so, only a logout button will be rendered
|
2008-10-08 04:00:12 +02:00
|
|
|
* @param string $authenticatorClassName Name of the authenticator class that this form uses.
|
2008-09-26 04:22:51 +02:00
|
|
|
*/
|
|
|
|
function __construct($controller, $name, $fields = null, $actions = null,
|
|
|
|
$checkCurrentUser = true) {
|
|
|
|
|
2008-10-08 04:00:12 +02:00
|
|
|
// This is now set on the class directly to make it easier to create subclasses
|
|
|
|
// $this->authenticator_class = $authenticatorClassName;
|
2008-09-26 04:22:51 +02:00
|
|
|
|
|
|
|
$customCSS = project() . '/css/member_login.css';
|
|
|
|
if(Director::fileExists($customCSS)) {
|
|
|
|
Requirements::css($customCSS);
|
|
|
|
}
|
2009-02-02 00:49:53 +01:00
|
|
|
|
2008-09-26 04:22:51 +02:00
|
|
|
if(isset($_REQUEST['BackURL'])) {
|
|
|
|
$backURL = $_REQUEST['BackURL'];
|
|
|
|
} else {
|
|
|
|
$backURL = Session::get('BackURL');
|
|
|
|
}
|
|
|
|
|
2009-04-29 03:20:24 +02:00
|
|
|
if($checkCurrentUser && Member::currentUserID() && Member::logged_in_session_exists()) {
|
2009-04-29 02:07:39 +02:00
|
|
|
$fields = new FieldSet(
|
|
|
|
new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this)
|
|
|
|
);
|
|
|
|
$actions = new FieldSet(
|
|
|
|
new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))
|
|
|
|
);
|
2008-09-26 04:22:51 +02:00
|
|
|
} else {
|
|
|
|
if(!$fields) {
|
2010-01-20 21:17:25 +01:00
|
|
|
$label=singleton('Member')->fieldLabel(Member::get_unique_identifier_field());
|
2008-09-26 04:22:51 +02:00
|
|
|
$fields = new FieldSet(
|
|
|
|
new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this),
|
2010-01-20 21:17:25 +01:00
|
|
|
//Regardless of what the unique identifer field is (usually 'Email'), it will be held in the 'Email' value, below:
|
|
|
|
new TextField("Email", $label, Session::get('SessionForms.MemberLoginForm.Email'), null, $this),
|
2009-02-02 00:49:53 +01:00
|
|
|
new PasswordField("Password", _t('Member.PASSWORD', 'Password'))
|
2008-09-26 04:22:51 +02:00
|
|
|
);
|
2008-10-08 04:00:12 +02:00
|
|
|
if(Security::$autologin_enabled) {
|
|
|
|
$fields->push(new CheckboxField(
|
|
|
|
"Remember",
|
2009-01-10 12:35:50 +01:00
|
|
|
_t('Member.REMEMBERME', "Remember me next time?")
|
2008-10-08 04:00:12 +02:00
|
|
|
));
|
|
|
|
}
|
2008-09-26 04:22:51 +02:00
|
|
|
}
|
|
|
|
if(!$actions) {
|
|
|
|
$actions = new FieldSet(
|
2008-10-16 13:10:56 +02:00
|
|
|
new FormAction('dologin', _t('Member.BUTTONLOGIN', "Log in")),
|
2009-01-10 12:35:50 +01:00
|
|
|
new LiteralField(
|
|
|
|
'forgotPassword',
|
|
|
|
'<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'
|
|
|
|
)
|
2008-09-26 04:22:51 +02:00
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(isset($backURL)) {
|
|
|
|
$fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
|
|
|
|
}
|
|
|
|
|
|
|
|
parent::__construct($controller, $name, $fields, $actions);
|
2009-03-10 23:08:52 +01:00
|
|
|
|
|
|
|
// Focus on the email input when the page is loaded
|
|
|
|
// Only include this if other form JS validation is enabled
|
|
|
|
if($this->getValidator()->getJavascriptValidationHandler() != 'none') {
|
|
|
|
Requirements::customScript(<<<JS
|
|
|
|
(function() {
|
|
|
|
var el = document.getElementById("MemberLoginForm_LoginForm_Email");
|
|
|
|
if(el && el.focus) el.focus();
|
|
|
|
})();
|
|
|
|
JS
|
|
|
|
);
|
|
|
|
}
|
2008-09-26 04:22:51 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get message from session
|
|
|
|
*/
|
|
|
|
protected function getMessageFromSession() {
|
|
|
|
parent::getMessageFromSession();
|
|
|
|
if(($member = Member::currentUser()) &&
|
|
|
|
!Session::get('MemberLoginForm.force_message')) {
|
|
|
|
$this->message = sprintf(_t('Member.LOGGEDINAS', "You're logged in as %s."), $member->FirstName);
|
|
|
|
}
|
|
|
|
Session::set('MemberLoginForm.force_message', false);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Login form handler method
|
|
|
|
*
|
|
|
|
* This method is called when the user clicks on "Log in"
|
|
|
|
*
|
|
|
|
* @param array $data Submitted data
|
|
|
|
*/
|
|
|
|
public function dologin($data) {
|
|
|
|
if($this->performLogin($data)) {
|
|
|
|
Session::clear('SessionForms.MemberLoginForm.Email');
|
|
|
|
Session::clear('SessionForms.MemberLoginForm.Remember');
|
|
|
|
if(Member::currentUser()->isPasswordExpired()) {
|
|
|
|
if(isset($_REQUEST['BackURL']) && $backURL = $_REQUEST['BackURL']) {
|
|
|
|
Session::set('BackURL', $backURL);
|
|
|
|
}
|
|
|
|
|
|
|
|
$cp = new ChangePasswordForm($this->controller, 'ChangePasswordForm');
|
|
|
|
$cp->sessionMessage('Your password has expired. Please choose a new one.', 'good');
|
|
|
|
|
|
|
|
Director::redirect('Security/changepassword');
|
2009-02-11 22:08:28 +01:00
|
|
|
} elseif(
|
|
|
|
isset($_REQUEST['BackURL'])
|
|
|
|
&& $_REQUEST['BackURL']
|
2009-03-17 23:24:50 +01:00
|
|
|
// absolute redirection URLs may cause spoofing
|
|
|
|
&& Director::is_site_url($_REQUEST['BackURL'])
|
2009-02-11 22:08:28 +01:00
|
|
|
) {
|
|
|
|
Director::redirect($_REQUEST['BackURL']);
|
2009-10-23 02:18:10 +02:00
|
|
|
} elseif (Security::default_login_dest()) {
|
|
|
|
Director::redirect(Director::absoluteBaseURL() . Security::default_login_dest());
|
2008-09-26 04:22:51 +02:00
|
|
|
} else {
|
2008-11-22 04:33:00 +01:00
|
|
|
$member = Member::currentUser();
|
|
|
|
if($member) {
|
|
|
|
$firstname = Convert::raw2xml($member->FirstName);
|
2009-01-10 12:35:50 +01:00
|
|
|
|
|
|
|
if(!empty($data['Remember'])) {
|
|
|
|
Session::set('SessionForms.MemberLoginForm.Remember', '1');
|
|
|
|
$member->logIn(true);
|
|
|
|
} else {
|
|
|
|
$member->logIn();
|
|
|
|
}
|
|
|
|
|
2008-11-22 04:33:00 +01:00
|
|
|
Session::set('Security.Message.message',
|
|
|
|
sprintf(_t('Member.WELCOMEBACK', "Welcome Back, %s"), $firstname)
|
|
|
|
);
|
|
|
|
Session::set("Security.Message.type", "good");
|
|
|
|
}
|
2008-10-08 04:00:12 +02:00
|
|
|
Director::redirectBack();
|
2008-09-26 04:22:51 +02:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
Session::set('SessionForms.MemberLoginForm.Email', $data['Email']);
|
|
|
|
Session::set('SessionForms.MemberLoginForm.Remember', isset($data['Remember']));
|
2008-11-10 04:51:35 +01:00
|
|
|
|
|
|
|
if(isset($_REQUEST['BackURL'])) $backURL = $_REQUEST['BackURL'];
|
|
|
|
else $backURL = null;
|
|
|
|
|
|
|
|
if($backURL) Session::set('BackURL', $backURL);
|
2008-09-26 04:22:51 +02:00
|
|
|
|
|
|
|
if($badLoginURL = Session::get("BadLoginURL")) {
|
|
|
|
Director::redirect($badLoginURL);
|
|
|
|
} else {
|
|
|
|
// Show the right tab on failed login
|
2008-11-10 04:51:35 +01:00
|
|
|
$loginLink = Director::absoluteURL(Security::Link("login"));
|
|
|
|
if($backURL) $loginLink .= '?BackURL=' . urlencode($backURL);
|
|
|
|
Director::redirect($loginLink . '#' . $this->FormName() .'_tab');
|
2008-09-26 04:22:51 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Log out form handler method
|
|
|
|
*
|
|
|
|
* This method is called when the user clicks on "logout" on the form
|
|
|
|
* created when the parameter <i>$checkCurrentUser</i> of the
|
|
|
|
* {@link __construct constructor} was set to TRUE and the user was
|
|
|
|
* currently logged in.
|
|
|
|
*/
|
|
|
|
public function logout() {
|
|
|
|
$s = new Security();
|
|
|
|
$s->logout();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Try to authenticate the user
|
|
|
|
*
|
|
|
|
* @param array Submitted data
|
|
|
|
* @return Member Returns the member object on successful authentication
|
|
|
|
* or NULL on failure.
|
|
|
|
*/
|
|
|
|
public function performLogin($data) {
|
|
|
|
if($member = MemberAuthenticator::authenticate($data, $this)) {
|
|
|
|
$member->LogIn(isset($data['Remember']));
|
|
|
|
return $member;
|
|
|
|
|
|
|
|
} else {
|
|
|
|
$this->extend('authenticationFailed', $data);
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Forgot password form handler method
|
|
|
|
*
|
|
|
|
* This method is called when the user clicks on "I've lost my password"
|
|
|
|
*
|
|
|
|
* @param array $data Submitted data
|
|
|
|
*/
|
|
|
|
function forgotPassword($data) {
|
|
|
|
$SQL_data = Convert::raw2sql($data);
|
2008-10-16 13:29:43 +02:00
|
|
|
$SQL_email = $SQL_data['Email'];
|
2008-11-24 10:31:14 +01:00
|
|
|
$member = DataObject::get_one('Member', "\"Email\" = '{$SQL_email}'");
|
2008-09-26 04:22:51 +02:00
|
|
|
|
2008-10-16 13:29:43 +02:00
|
|
|
if($member) {
|
2008-09-26 04:22:51 +02:00
|
|
|
$member->generateAutologinHash();
|
|
|
|
|
2008-10-16 13:29:43 +02:00
|
|
|
$member->sendInfo(
|
|
|
|
'forgotPassword',
|
|
|
|
array(
|
|
|
|
'PasswordResetLink' => Security::getPasswordResetLink($member->AutoLoginHash)
|
|
|
|
)
|
|
|
|
);
|
2008-09-26 04:22:51 +02:00
|
|
|
|
2008-10-08 04:00:12 +02:00
|
|
|
Director::redirect('Security/passwordsent/' . urlencode($data['Email']));
|
2008-10-16 13:29:43 +02:00
|
|
|
} elseif($data['Email']) {
|
2009-09-10 05:01:46 +02:00
|
|
|
// Avoid information disclosure by displaying the same status,
|
|
|
|
// regardless wether the email address actually exists
|
|
|
|
Director::redirect('Security/passwordsent/' . urlencode($data['Email']));
|
2008-09-26 04:22:51 +02:00
|
|
|
} else {
|
2008-10-16 13:29:43 +02:00
|
|
|
$this->sessionMessage(
|
|
|
|
_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'),
|
|
|
|
'bad'
|
|
|
|
);
|
|
|
|
|
|
|
|
Director::redirect('Security/lostpassword');
|
2008-09-26 04:22:51 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
2009-02-02 00:49:53 +01:00
|
|
|
?>
|