mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
mlanthaler:OpenID authentication works now. To use it simple create an user account without password and put your *complete* OpenID identifier in the email field, e.g. "http://markus-lanthaler.myopenid.com/".
You can get a free OpenID from http://www.myopenid.com (merged from branches/gsoc) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@41785 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
b0e9e89aad
commit
fbc375a282
@ -168,9 +168,12 @@ class ContentController extends Controller {
|
||||
|
||||
/**
|
||||
* Returns the default log-in form.
|
||||
*
|
||||
* @todo Check if here should be returned just the default log-in form or
|
||||
* all available log-in forms (also OpenID...)
|
||||
*/
|
||||
public function LoginForm() {
|
||||
return Object::create('LoginForm', $this, "LoginForm");
|
||||
return MemberAuthenticator::getLoginForm($this);
|
||||
}
|
||||
|
||||
public function SilverStripeNavigator() {
|
||||
|
@ -1,5 +1,10 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Authenticator base class
|
||||
*/
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Abstract base class for an authentication method
|
||||
@ -8,6 +13,8 @@
|
||||
* methods like {@link MemberAuthenticator} or {@link OpenIDAuthenticator}.
|
||||
*
|
||||
* @author Markus Lanthaler <markus@silverstripe.com>
|
||||
*
|
||||
* @todo Wouldn't be an interface be the better choice?
|
||||
*/
|
||||
abstract class Authenticator extends Object
|
||||
{
|
||||
@ -15,19 +22,24 @@ abstract class Authenticator extends Object
|
||||
* Method to authenticate an user
|
||||
*
|
||||
* @param array $RAW_data Raw data to authenticate the user
|
||||
* @param Form $form Optional: If passed, better error messages can be
|
||||
* produced by using
|
||||
* {@link Form::sessionMessage()}
|
||||
* @return bool|Member Returns FALSE if authentication fails, otherwise
|
||||
* the member object
|
||||
*/
|
||||
public abstract function authenticate(array $RAW_data);
|
||||
public abstract function authenticate(array $RAW_data, Form $form = null);
|
||||
|
||||
|
||||
/**
|
||||
* Method that creates the login form for this authentication method
|
||||
*
|
||||
* @param Controller The parent controller, necessary to create the
|
||||
* appropriate form action tag
|
||||
* @return Form Returns the login form to use with this authentication
|
||||
* method
|
||||
*/
|
||||
public abstract function getLoginForm();
|
||||
public abstract static function getLoginForm(Controller $controller);
|
||||
}
|
||||
|
||||
?>
|
@ -6,19 +6,18 @@ class Member extends DataObject {
|
||||
'Surname' => "Varchar",
|
||||
'Email' => "Varchar",
|
||||
'Password' => "Varchar",
|
||||
'RememberLoginToken' => "Varchar(50)",
|
||||
'NumVisit' => "Int",
|
||||
'LastVisited' => 'Datetime',
|
||||
'Bounced' => 'Boolean',
|
||||
'AutoLoginHash' => 'Varchar(10)',
|
||||
'AutoLoginExpired' => 'Datetime',
|
||||
'BlacklistedEmail' => 'Boolean',
|
||||
'Bounced' => 'Boolean',
|
||||
'AutoLoginHash' => 'Varchar(10)',
|
||||
'AutoLoginExpired' => 'Datetime',
|
||||
'BlacklistedEmail' => 'Boolean',
|
||||
);
|
||||
static $belongs_many_many = array(
|
||||
"Groups" => "Group",
|
||||
|
||||
);
|
||||
static $has_one = array(
|
||||
);
|
||||
|
||||
static $has_many = array(
|
||||
'UnsubscribedRecords' => 'Member_UnsubscribeRecord'
|
||||
@ -30,23 +29,86 @@ class Member extends DataObject {
|
||||
'Email' => true,
|
||||
);
|
||||
|
||||
|
||||
/**
|
||||
* Logs this member in.
|
||||
* Logs this member in
|
||||
*
|
||||
* @param bool $remember If set to TRUE, the member will be logged in
|
||||
* automatically the next time.
|
||||
*/
|
||||
function logIn() {
|
||||
function logIn($remember = false) {
|
||||
session_regenerate_id(true);
|
||||
Session::set("loggedInAs", $this->ID);
|
||||
|
||||
$this->NumVisit++;
|
||||
|
||||
if($remember) {
|
||||
|
||||
$token = substr(md5(uniqid(rand(), true)), 0, 49 - strlen($this->ID));
|
||||
$this->RememberLoginToken = $token;
|
||||
Cookie::set('alc_enc', $this->ID . ':' . $token);
|
||||
} else {
|
||||
$this->RememberLoginToken = null;
|
||||
Cookie::set('alc_enc', null);
|
||||
Cookie::forceExpiry('alc_enc');
|
||||
}
|
||||
|
||||
$this->write();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
*Logs this member in.
|
||||
* Log the user in if the "remember login" cookie is set
|
||||
*
|
||||
* The <i>remember login token</i> will be changed on every successful
|
||||
* auto-login.
|
||||
*/
|
||||
function logOut(){
|
||||
Cookie::set('alc_enc',null);
|
||||
Session::clear("loggedInAs");
|
||||
static function autoLogin() {
|
||||
if(isset($_COOKIE['alc_enc']) && !Session::get("loggedInAs")) {
|
||||
|
||||
list($uid, $token) = explode(':', $_COOKIE['alc_enc'], 2);
|
||||
$uid = Convert::raw2sql($uid);
|
||||
$token = Convert::raw2sql($token);
|
||||
|
||||
$member = DataObject::get_one(
|
||||
"Member", "Member.ID = $uid And RememberLoginToken = '$token'");
|
||||
|
||||
if($member) {
|
||||
session_regenerate_id(true);
|
||||
Session::set("loggedInAs", $member->ID);
|
||||
|
||||
$token = substr(md5(uniqid(rand(), true)),
|
||||
0, 49 - strlen($member->ID));
|
||||
$member->RememberLoginToken = $token;
|
||||
Cookie::set('alc_enc', $member->ID . ':' . $token);
|
||||
|
||||
$member->NumVisit++;
|
||||
$member->write();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Logs this member out.
|
||||
*/
|
||||
function logOut() {
|
||||
Session::clear("loggedInAs");
|
||||
session_regenerate_id(true);
|
||||
|
||||
$this->RememberLoginToken = null;
|
||||
Cookie::set('alc_enc', null);
|
||||
Cookie::forceExpiry('alc_enc');
|
||||
|
||||
$this->write();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Generate an auto login hash
|
||||
*
|
||||
* @todo This is relative insecure, check if we should fix it
|
||||
*/
|
||||
function generateAutologinHash() {
|
||||
$linkHash = sprintf('%10d', time() );
|
||||
|
||||
@ -59,31 +121,51 @@ class Member extends DataObject {
|
||||
$this->write();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Log a member in with an auto login hash link
|
||||
*/
|
||||
static function autoLoginHash( $RAW_hash ) {
|
||||
|
||||
$SQL_hash = Convert::raw2sql( $RAW_hash );
|
||||
static function autoLoginHash($RAW_hash) {
|
||||
$SQL_hash = Convert::raw2sql($RAW_hash);
|
||||
|
||||
$member = DataObject::get_one('Member',"`AutoLoginHash`='$SQL_hash' AND `AutoLoginExpired` > NOW()");
|
||||
|
||||
if( $member )
|
||||
if($member)
|
||||
$member->logIn();
|
||||
|
||||
return $member;
|
||||
}
|
||||
|
||||
function sendInfo($type = 'signup'){
|
||||
|
||||
/**
|
||||
* Send signup, change password or forgot password informations to an user
|
||||
*
|
||||
* @param string $type Information type to send ("signup",
|
||||
* "changePassword" or "forgotPassword")
|
||||
*/
|
||||
function sendInfo($type = 'signup') {
|
||||
switch($type) {
|
||||
case "signup": $e = new Member_SignupEmail(); break;
|
||||
case "changePassword": $e = new Member_ChangePasswordEmail(); break;
|
||||
case "forgotPassword": $e = new Member_ForgotPasswordEmail(); break;
|
||||
case "signup":
|
||||
$e = new Member_SignupEmail();
|
||||
break;
|
||||
case "changePassword":
|
||||
$e = new Member_ChangePasswordEmail();
|
||||
break;
|
||||
case "forgotPassword":
|
||||
$e = new Member_ForgotPasswordEmail();
|
||||
break;
|
||||
}
|
||||
$e->populateTemplate($this);
|
||||
$e->send();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Returns the fields for the member form
|
||||
*
|
||||
* @return FieldSet Returns a {@link FieldSet} containing the fields for
|
||||
* the member form.
|
||||
*/
|
||||
function getMemberFormFields() {
|
||||
return new FieldSet(
|
||||
new TextField("FirstName", "First Name"),
|
||||
@ -93,108 +175,84 @@ class Member extends DataObject {
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Factory method for the member validator
|
||||
*
|
||||
* @return Member_Validator Returns an instance of a
|
||||
* {@link Member_Validator} object.
|
||||
*/
|
||||
function getValidator() {
|
||||
return new Member_Validator();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Returns the currenly logged in user
|
||||
* @todo get_one() is a bit funky.
|
||||
* Returns the current logged in user
|
||||
*
|
||||
* @return bool|Member Returns the member object of the current logged in
|
||||
* user or FALSE.
|
||||
*/
|
||||
static function currentUser() {
|
||||
self::autoLogin();
|
||||
$id = Session::get("loggedInAs");
|
||||
if(!$id) {
|
||||
self::autoLogin();
|
||||
$id = Session::get("loggedInAs");
|
||||
}
|
||||
|
||||
// Return the details
|
||||
if($id = Session::get("loggedInAs")) {
|
||||
if($id) {
|
||||
return DataObject::get_one("Member", "Member.ID = $id");
|
||||
}
|
||||
}
|
||||
|
||||
static function autoLogin() {
|
||||
// Auto-login
|
||||
if(isset($_COOKIE['alc_enc']) && !Session::get("loggedInAs")) {
|
||||
// Deliberately obscure...
|
||||
list($data['Email'], $data['Password']) = explode(':',base64_decode($_COOKIE['alc_enc']),2);
|
||||
|
||||
$lf = new LoginForm(null, null, null, null, false);
|
||||
$lf->performLogin($data);
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the ID of the current logged in user
|
||||
*
|
||||
* @return int Returns the ID of the current logged in user or 0.
|
||||
*/
|
||||
static function currentUserID() {
|
||||
self::autoLogin();
|
||||
|
||||
$id = Session::get("loggedInAs");
|
||||
if(!$id) {
|
||||
self::autoLogin();
|
||||
$id = Session::get("loggedInAs");
|
||||
}
|
||||
|
||||
return is_numeric($id) ? $id : 0;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* before the save of this member, the blacklisted email table is updated to ensure no
|
||||
* promotional material is sent to the member. (newsletters)
|
||||
* standard system messages are still sent such as receipts.
|
||||
* Add the members email address to the blacklist
|
||||
*
|
||||
* With this method the blacklisted email table is updated to ensure that
|
||||
* no promotional material is sent to the member (newsletters).
|
||||
* Standard system messages are still sent such as receipts.
|
||||
*
|
||||
* @param bool $val Set to TRUE if the address should be added to the
|
||||
* blacklist, otherwise to FALSE.
|
||||
* @return
|
||||
* @todo Check for what the parameter $val is needed! (Markus)
|
||||
*/
|
||||
function setBlacklistedEmail($val){
|
||||
if($val && $this->Email){
|
||||
function setBlacklistedEmail($val) {
|
||||
if($val && $this->Email) {
|
||||
$blacklisting = new Email_BlackList();
|
||||
$blacklisting->BlockedEmail = $this->Email;
|
||||
$blacklisting->MemberID = $this->ID;
|
||||
$blacklisting->write();
|
||||
}
|
||||
return $this->setField("BlacklistedEmail",$val);
|
||||
|
||||
$this->setField("BlacklistedEmail", $val);
|
||||
}
|
||||
|
||||
function onBeforeWrite() {
|
||||
// If an email's filled out
|
||||
if($this->Email) {
|
||||
// Look for a record with the same email
|
||||
if($this->ID) $idClause = "AND `Member`.ID <> $this->ID";
|
||||
else $idClause = "";
|
||||
|
||||
$existingRecord = DataObject::get_one("Member", "Email = '" . addslashes($this->Email) . "' $idClause");
|
||||
|
||||
// Debug::message("Found an existing member for email $this->Email");
|
||||
|
||||
// If found
|
||||
if($existingRecord) {
|
||||
// Update this record to merge with that member
|
||||
$newID = $existingRecord->ID;
|
||||
if($this->ID) {
|
||||
DB::query("UPDATE Group_Members SET MemberID = $newID WHERE MemberID = $this->ID");
|
||||
}
|
||||
$this->ID = $newID;
|
||||
// Merge existing data into the local record
|
||||
|
||||
foreach($existingRecord->getAllFields() as $k => $v) {
|
||||
if(!isset($this->changed[$k]) || !$this->changed[$k]) $this->record[$k] = $v;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
parent::onBeforeWrite();
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the member is in one of the given groups
|
||||
*/
|
||||
public function inGroups( $groups ) {
|
||||
foreach( $this->Groups() as $group )
|
||||
$memberGroups[] = $group->Title;
|
||||
|
||||
return count( array_intersect( $memberGroups, $groups ) ) > 0;
|
||||
}
|
||||
|
||||
public function inGroup( $groupID ) {
|
||||
foreach( $this->Groups() as $group )
|
||||
if( $groupID == $group->ID )
|
||||
return true;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/*
|
||||
* Generate a random password
|
||||
* BDC - added randomiser to kick in if there's no words file on the filesystem.
|
||||
*
|
||||
* BDC - added randomiser to kick in if there's no words file on the
|
||||
* filesystem.
|
||||
*
|
||||
* @return string Returns a random password.
|
||||
*/
|
||||
static function createNewPassword() {
|
||||
if(file_exists('/usr/share/silverstripe/wordlist.txt')) {
|
||||
@ -214,17 +272,105 @@ class Member extends DataObject {
|
||||
return $output;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Event handler called before writing to the database
|
||||
*
|
||||
* If an email's filled out look for a record with the same email and if
|
||||
* found update this record to merge with that member.
|
||||
*/
|
||||
function onBeforeWrite() {
|
||||
if($this->Email) {
|
||||
if($this->ID) {
|
||||
$idClause = "AND `Member`.ID <> $this->ID";
|
||||
} else {
|
||||
$idClause = "";
|
||||
}
|
||||
|
||||
$existingRecord = DataObject::get_one(
|
||||
"Member", "Email = '" . addslashes($this->Email) . "' $idClause");
|
||||
|
||||
// Debug::message("Found an existing member for email $this->Email");
|
||||
|
||||
if($existingRecord) {
|
||||
$newID = $existingRecord->ID;
|
||||
if($this->ID) {
|
||||
DB::query("UPDATE Group_Members SET MemberID = $newID WHERE MemberID = $this->ID");
|
||||
}
|
||||
$this->ID = $newID;
|
||||
// Merge existing data into the local record
|
||||
|
||||
foreach($existingRecord->getAllFields() as $k => $v) {
|
||||
if(!isset($this->changed[$k]) || !$this->changed[$k]) $this->record[$k] = $v;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
parent::onBeforeWrite();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Check if the member is in one of the given groups
|
||||
*
|
||||
* @param array $groups Groups to check
|
||||
* @return bool Returns TRUE if the member is in one of the given groups,
|
||||
* otherwise FALSE.
|
||||
*/
|
||||
public function inGroups(array $groups) {
|
||||
foreach($this->Groups() as $group)
|
||||
$memberGroups[] = $group->Title;
|
||||
|
||||
return count(array_intersect($memberGroups, $groups)) > 0;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Check if the member is in the given group
|
||||
*
|
||||
* @param int $groupID ID of the group to check
|
||||
* @return bool Returns TRUE if the member is in the given group,
|
||||
* otherwise FALSE.
|
||||
*/
|
||||
public function inGroup($groupID) {
|
||||
foreach($this->Groups() as $group) {
|
||||
if($groupID == $group->ID)
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Alias for {@link inGroup}
|
||||
*
|
||||
* @param int $groupID ID of the group to check
|
||||
* @return bool Returns TRUE if the member is in the given group,
|
||||
* otherwise FALSE.
|
||||
* @see inGroup()
|
||||
*/
|
||||
public function isInGroup($groupID) {
|
||||
return $this->inGroup($groupID);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Returns true if this user is an administrator.
|
||||
* Administrators have access to everything. The lucky bastards! ;-)
|
||||
*
|
||||
* @return Returns TRUE if this user is an administrator.
|
||||
* @todo Should this function really exists? Is not {@link isAdmin()} the
|
||||
* only right name for this?
|
||||
* @todo Is {@link Group}::CanCMSAdmin not deprecated?
|
||||
*/
|
||||
function _isAdmin() {
|
||||
if($groups = $this->Groups()) {
|
||||
foreach($groups as $group) if($group->CanCMSAdmin) return true;
|
||||
foreach($groups as $group) {
|
||||
if($group->CanCMSAdmin)
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return Permission::check('ADMIN');
|
||||
@ -245,41 +391,79 @@ class Member extends DataObject {
|
||||
}
|
||||
function _isCMSUser() {
|
||||
if($groups = $this->Groups()) {
|
||||
foreach($groups as $group) if($group->CanCMS) return true;
|
||||
foreach($groups as $group) {
|
||||
if($group->CanCMS)
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
//----------------------------------------------------------------------------------------//
|
||||
//------------------- HELPER METHODS -----------------------------------//
|
||||
|
||||
/**
|
||||
* Get the complete name of the member
|
||||
*
|
||||
* @return string Returns the first- and surname of the member. If the ID
|
||||
* of the member is equal 0, only the surname is returned.
|
||||
* @todo Check for what this method is used! (Markus)
|
||||
*/
|
||||
public function getTitle() {
|
||||
if($this->getField('ID') === 0)
|
||||
return $this->getField('Surname');
|
||||
return $this->getField('Surname') . ', ' . $this->getField('FirstName');
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Get the complete name of the member
|
||||
*
|
||||
* @return string Returns the first- and surname of the member.
|
||||
*/
|
||||
public function getName() {
|
||||
return $this->FirstName . ' ' . $this->Surname;
|
||||
}
|
||||
|
||||
public function setName( $name ) {
|
||||
$nameParts = explode( ' ', $name );
|
||||
$this->Surname = array_pop( $nameParts );
|
||||
$this->FirstName = join( ' ', $nameParts );
|
||||
|
||||
/**
|
||||
* Set first- and surname
|
||||
*
|
||||
* This method assumes that the last part of the name is the surname, e.g.
|
||||
* <i>A B C</i> will result in firstname <i>A B</i> and surname <i>C</i>
|
||||
*
|
||||
* @param string $name The name
|
||||
*/
|
||||
public function setName($name) {
|
||||
$nameParts = explode(' ', $name);
|
||||
$this->Surname = array_pop($nameParts);
|
||||
$this->FirstName = join(' ', $nameParts);
|
||||
}
|
||||
|
||||
public function splitName( $name ) {
|
||||
return $this->setName( $name );
|
||||
|
||||
/**
|
||||
* Alias for {@link setName}
|
||||
*
|
||||
* @param string $name The name
|
||||
* @see setName()
|
||||
*/
|
||||
public function splitName($name) {
|
||||
return $this->setName($name);
|
||||
}
|
||||
|
||||
//----------------------------------------------------------------------------------------//
|
||||
//---------------------------------------------------------------------//
|
||||
|
||||
|
||||
/**
|
||||
* @todo Figure out what this function does and document it! (Markus)
|
||||
*/
|
||||
public function Groups() {
|
||||
$groups = $this->getManyManyComponents("Groups");
|
||||
|
||||
$unsecure = DataObject::get("Group_Unsecure", "");
|
||||
if($unsecure) foreach($unsecure as $unsecureItem) {
|
||||
$groups->push($unsecureItem);
|
||||
if($unsecure) {
|
||||
foreach($unsecure as $unsecureItem) {
|
||||
$groups->push($unsecureItem);
|
||||
}
|
||||
}
|
||||
|
||||
$groupIDs = $groups->column();
|
||||
@ -303,17 +487,13 @@ class Member extends DataObject {
|
||||
return $result;
|
||||
}
|
||||
|
||||
public function isInGroup($groupID) {
|
||||
$groups = $this->Groups();
|
||||
foreach($groups as $group) {
|
||||
if($group->ID == $groupID) return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @todo Figure out what this function does and document it! (Markus)
|
||||
*/
|
||||
public function map($filter = "", $sort = "", $blank="") {
|
||||
$ret = new SQLMap(singleton('Member')->extendedSQL($filter, $sort));
|
||||
if($blank){
|
||||
if($blank) {
|
||||
$blankMember = new Member();
|
||||
$blankMember->Surname = $blank;
|
||||
$blankMember->ID = 0;
|
||||
@ -324,72 +504,102 @@ class Member extends DataObject {
|
||||
}
|
||||
|
||||
|
||||
public static function mapInGroups( $groups = null ) {
|
||||
|
||||
if( !$groups )
|
||||
/**
|
||||
* @todo Figure out what this function does and document it! (Markus)
|
||||
*/
|
||||
public static function mapInGroups($groups = null) {
|
||||
if(!$groups)
|
||||
return Member::map();
|
||||
|
||||
$groupIDList = array();
|
||||
|
||||
if( is_a( $groups, 'DataObjectSet' ) )
|
||||
if(is_a($groups, 'DataObjectSet')) {
|
||||
foreach( $groups as $group )
|
||||
$groupIDList[] = $group->ID;
|
||||
elseif( is_array( $groups ) )
|
||||
} elseif(is_array($groups)) {
|
||||
$groupIDList = $groups;
|
||||
else
|
||||
} else {
|
||||
$groupIDList[] = $groups;
|
||||
}
|
||||
|
||||
if( empty( $groupIDList ) )
|
||||
if(empty($groupIDList))
|
||||
return Member::map();
|
||||
|
||||
return new SQLMap( singleton('Member')->extendedSQL( "`GroupID` IN (" . implode( ',', $groupIDList ) . ")", "Surname, FirstName", "", "INNER JOIN `Group_Members` ON `MemberID`=`Member`.`ID`") );
|
||||
return new SQLMap(singleton('Member')->extendedSQL(
|
||||
"`GroupID` IN (" . implode( ',', $groupIDList ) .
|
||||
")", "Surname, FirstName", "", "INNER JOIN `Group_Members` ON `MemberID`=`Member`.`ID`"));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Return a map of all members in the groups given that have CMS permissions
|
||||
* Defaults to all groups with CMS permissions
|
||||
* Get a map of all members in the groups given that have CMS permissions
|
||||
*
|
||||
* If no groups are passed, all groups with CMS permissions will be used.
|
||||
*
|
||||
* @param array $groups Groups to consider or NULL to use all groups with
|
||||
* CMS permissions.
|
||||
* @return SQLMap Returns a map of all members in the groups given that
|
||||
* have CMS permissions.
|
||||
*/
|
||||
public static function mapInCMSGroups( $groups = null ) {
|
||||
if( !$groups || $groups->Count() == 0 )
|
||||
$groups = DataObject::get('Group',"", "", "INNER JOIN `Permission` ON `Permission`.GroupID = `Group`.ID AND `Permission`.Code IN ('ADMIN', 'CMS_ACCESS_AssetAdmin')");
|
||||
public static function mapInCMSGroups($groups = null) {
|
||||
if(!$groups || $groups->Count() == 0) {
|
||||
$groups = DataObject::get('Group', "", "",
|
||||
"INNER JOIN `Permission` ON `Permission`.GroupID = `Group`.ID AND `Permission`.Code IN ('ADMIN', 'CMS_ACCESS_AssetAdmin')");
|
||||
}
|
||||
|
||||
$groupIDList = array();
|
||||
|
||||
if( is_a( $groups, 'DataObjectSet' ) )
|
||||
foreach( $groups as $group )
|
||||
if(is_a($groups, 'DataObjectSet')) {
|
||||
foreach($groups as $group)
|
||||
$groupIDList[] = $group->ID;
|
||||
elseif( is_array( $groups ) )
|
||||
} elseif(is_array($groups)) {
|
||||
$groupIDList = $groups;
|
||||
}
|
||||
|
||||
/*if( empty( $groupIDList ) )
|
||||
return Member::map(); */
|
||||
|
||||
$filterClause = ($groupIDList) ? "`GroupID` IN (" . implode( ',', $groupIDList ) . ")" : "";
|
||||
$filterClause = ($groupIDList)
|
||||
? "`GroupID` IN (" . implode( ',', $groupIDList ) . ")"
|
||||
: "";
|
||||
|
||||
return new SQLMap( singleton('Member')->extendedSQL( $filterClause, "Surname, FirstName", "", "INNER JOIN `Group_Members` ON `MemberID`=`Member`.`ID` INNER JOIN `Group` ON `Group`.`ID`=`GroupID`") );
|
||||
return new SQLMap(singleton('Member')->extendedSQL($filterClause,
|
||||
"Surname, FirstName", "",
|
||||
"INNER JOIN `Group_Members` ON `MemberID`=`Member`.`ID` INNER JOIN `Group` ON `Group`.`ID`=`GroupID`"));
|
||||
}
|
||||
|
||||
/**
|
||||
* When passed an array of groups, and a component set of groups, this function
|
||||
* will return the array of groups the member is NOT in.
|
||||
* @param grouplist an array of group code names.
|
||||
* @param memberGroups a component set of groups ( set to $this->groups() by default )
|
||||
*/
|
||||
public function memberNotInGroups($groupList,$memberGroups = null){
|
||||
if(!$memberGroups) $memberGroups = $this->Groups();
|
||||
|
||||
foreach($memberGroups as $group){
|
||||
if(in_array($group->Code,$groupList)){
|
||||
$index = array_search($group->Code,$groupList);
|
||||
/**
|
||||
* Get the groups in which the member is NOT in
|
||||
*
|
||||
* When passed an array of groups, and a component set of groups, this
|
||||
* function will return the array of groups the member is NOT in.
|
||||
*
|
||||
* @param array $groupList An array of group code names.
|
||||
* @param array $memberGroups A component set of groups (if set to NULL,
|
||||
* $this->groups() will be used)
|
||||
* @return array Groups in which the member is NOT in.
|
||||
*/
|
||||
public function memberNotInGroups($groupList, $memberGroups = null){
|
||||
if(!$memberGroups)
|
||||
$memberGroups = $this->Groups();
|
||||
|
||||
foreach($memberGroups as $group) {
|
||||
if(in_array($group->Code, $groupList)) {
|
||||
$index = array_search($group->Code, $groupList);
|
||||
unset($groupList[$index]);
|
||||
}
|
||||
}
|
||||
return $groupList;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Return a FieldSet of fields that would appropriate for editing this member.
|
||||
* Return a {@link FieldSet} of fields that would appropriate for editing
|
||||
* this member.
|
||||
*
|
||||
* @return FieldSet Return a FieldSet of fields that would appropriate for
|
||||
* editing this member.
|
||||
*/
|
||||
public function getCMSFields() {
|
||||
$fields = new FieldSet(
|
||||
@ -413,12 +623,19 @@ class Member extends DataObject {
|
||||
return $fields;
|
||||
}
|
||||
|
||||
function unsubscribeFromNewsletter( $newsletterType ) {
|
||||
|
||||
/**
|
||||
* Unsubscribe from newsletter
|
||||
*
|
||||
* @param NewsletterType $newsletterType Newsletter type to unsubscribe
|
||||
* from
|
||||
*/
|
||||
function unsubscribeFromNewsletter(NewsletterType $newsletterType) {
|
||||
// record today's date in unsubscriptions
|
||||
// this is a little bit redundant
|
||||
$unsubscribeRecord = new Member_UnsubscribeRecord();
|
||||
$unsubscribeRecord->unsubscribe( $this, $newsletterType );
|
||||
$this->Groups()->remove( $newsletterType->GroupID );
|
||||
// this is a little bit redundant
|
||||
$unsubscribeRecord = new Member_UnsubscribeRecord();
|
||||
$unsubscribeRecord->unsubscribe($this, $newsletterType);
|
||||
$this->Groups()->remove($newsletterType->GroupID);
|
||||
}
|
||||
|
||||
function requireDefaultRecords() {
|
||||
@ -431,161 +648,208 @@ class Member extends DataObject {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Special kind of ComponentSet that has special methods for manipulating a user's membership
|
||||
* Special kind of {@link ComponentSet} that has special methods for
|
||||
* manipulating a user's membership
|
||||
*/
|
||||
class Member_GroupSet extends ComponentSet {
|
||||
/**
|
||||
* Control group membership with a number of checkboxes.
|
||||
* - If the checkbox fields are present in $data, then the member will be added to the group with the same codename.
|
||||
* - If the checkbox fields are *NOT* present in $data, then the member willb e removed from the group with the same codename.
|
||||
* @param checkboxes an array list of the checkbox fieldnames (Only values are used.) eg array(0,1,2);
|
||||
* @param data The form data. usually in the format array(0 => 2) (just pass the checkbox data from your form);
|
||||
* - If the checkbox fields are present in $data, then the member will be
|
||||
* added to the group with the same codename.
|
||||
* - If the checkbox fields are *NOT* present in $data, then the member
|
||||
* will be removed from the group with the same codename.
|
||||
*
|
||||
* @param array $checkboxes An array list of the checkbox fieldnames (only
|
||||
* values are used). E.g. array(0, 1, 2)
|
||||
* @param array $data The form data. Uually in the format array(0 => 2)
|
||||
* (just pass the checkbox data from your form)
|
||||
*/
|
||||
function setByCheckboxes($checkboxes, $data) {
|
||||
function setByCheckboxes(array $checkboxes, array $data) {
|
||||
foreach($checkboxes as $checkbox) {
|
||||
if($data[$checkbox]){
|
||||
if($data[$checkbox]) {
|
||||
$add[] = $checkbox;
|
||||
}else{
|
||||
} else {
|
||||
$remove[] = $checkbox;
|
||||
}
|
||||
}
|
||||
if($add)$this->addManyByCodename($add);
|
||||
if($remove) $this->removeManyByCodename($remove);
|
||||
|
||||
if($add)
|
||||
$this->addManyByCodename($add);
|
||||
|
||||
if($remove)
|
||||
$this->removeManyByCodename($remove);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Allows you to set groups based on a checkboxsetfield.
|
||||
* (pass the form element from your post data directly to this method, and it
|
||||
* will update the groups and add and remove the member as appropriate)
|
||||
* @param checkboxsetField - the CheckboxSetField (with data) from your form.
|
||||
* Allows you to set groups based on a CheckboxSetField
|
||||
*
|
||||
* On the form setup
|
||||
*
|
||||
$fields->push(
|
||||
new CheckboxSetField(
|
||||
"NewsletterSubscriptions",
|
||||
"Receive email notification of events in ",
|
||||
$sourceitems = DataObject::get("NewsletterType")->toDropDownMap("GroupID","Title"),
|
||||
$selectedgroups = $member->Groups()->Map("ID","ID")
|
||||
)
|
||||
);
|
||||
* Pass the form element from your post data directly to this method, and
|
||||
* it will update the groups and add and remove the member as appropriate.
|
||||
*
|
||||
* On the form setup:
|
||||
*
|
||||
* <code>
|
||||
* $fields->push(
|
||||
* new CheckboxSetField(
|
||||
* "NewsletterSubscriptions",
|
||||
* "Receive email notification of events in ",
|
||||
* $sourceitems = DataObject::get("NewsletterType")->toDropDownMap("GroupID","Title"),
|
||||
* $selectedgroups = $member->Groups()->Map("ID","ID")
|
||||
* )
|
||||
* );
|
||||
* </code>
|
||||
*
|
||||
* On the form handler:
|
||||
$groups = $member->Groups();
|
||||
$checkboxfield = $form->Fields()->fieldByName("NewsletterSubscriptions");
|
||||
$groups->setByCheckboxSetField($checkboxfield);
|
||||
*
|
||||
* <code>
|
||||
* $groups = $member->Groups();
|
||||
* $checkboxfield = $form->Fields()->fieldByName("NewsletterSubscriptions");
|
||||
* $groups->setByCheckboxSetField($checkboxfield);
|
||||
* </code>
|
||||
*
|
||||
* @param CheckboxSetField $checkboxsetfield The CheckboxSetField (with
|
||||
* data) from your form.
|
||||
*/
|
||||
function setByCheckboxSetField($checkboxsetfield){
|
||||
|
||||
function setByCheckboxSetField(CheckboxSetField $checkboxsetfield) {
|
||||
// Get the values from the formfield.
|
||||
$values = $checkboxsetfield->Value();
|
||||
$sourceItems = $checkboxsetfield->getSource();
|
||||
|
||||
if($sourceItems){
|
||||
if($sourceItems) {
|
||||
// If (some) values are present, add and remove as necessary.
|
||||
if($values){
|
||||
if($values) {
|
||||
// update the groups based on the selections
|
||||
foreach($sourceItems as $k => $item){
|
||||
if(in_array($k,$values)){
|
||||
foreach($sourceItems as $k => $item) {
|
||||
if(in_array($k,$values)) {
|
||||
$add[] = $k;
|
||||
}else{
|
||||
} else {
|
||||
$remove[] = $k;
|
||||
}
|
||||
}
|
||||
|
||||
// else we should be removing all from the necessary groups.
|
||||
}else{
|
||||
} else {
|
||||
$remove = $sourceItems;
|
||||
}
|
||||
|
||||
if($add)$this->addManyByGroupID($add);
|
||||
if($remove) $this->RemoveManyByGroupID($remove);
|
||||
if($add)
|
||||
$this->addManyByGroupID($add);
|
||||
|
||||
}else{
|
||||
USER_ERROR("Member::setByCheckboxSetField() - No source items could be found for checkboxsetfield ". $checkboxsetfield->Name(),E_USER_WARNING);
|
||||
if($remove)
|
||||
$this->RemoveManyByGroupID($remove);
|
||||
|
||||
} else {
|
||||
USER_ERROR("Member::setByCheckboxSetField() - No source items could be found for checkboxsetfield " .
|
||||
$checkboxsetfield->Name(), E_USER_WARNING);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Adds this member to the groups based on the
|
||||
* groupID.
|
||||
* Adds this member to the groups based on the group IDs
|
||||
*
|
||||
* @param array $ids Group identifiers.
|
||||
*/
|
||||
function addManyByGroupID($groupIds){
|
||||
$groups = $this->getGroupsFromIDs($groupIds);
|
||||
if($groups){
|
||||
foreach($groups as $group){
|
||||
if($groups) {
|
||||
foreach($groups as $group) {
|
||||
$this->add($group);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Removes the member from many groups based on
|
||||
* the group ID.
|
||||
* Removes the member from many groups based on the group IDs
|
||||
*
|
||||
* @param array $ids Group identifiers.
|
||||
*/
|
||||
function removeManyByGroupID($groupIds){
|
||||
function removeManyByGroupID($groupIds) {
|
||||
$groups = $this->getGroupsFromIDs($groupIds);
|
||||
if($groups){
|
||||
foreach($groups as $group){
|
||||
if($groups) {
|
||||
foreach($groups as $group) {
|
||||
$this->remove($group);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Returns the groups from an array of GroupIDs
|
||||
* Returns the groups from an array of group IDs
|
||||
*
|
||||
* @param array $ids Group identifiers.
|
||||
* @return mixed Returns the groups from the array of Group IDs.
|
||||
*/
|
||||
function getGroupsFromIDs($ids){
|
||||
if($ids && count($ids) > 1){
|
||||
return DataObject::get("Group","ID IN (". implode(",",$ids) .")");
|
||||
}else{
|
||||
return DataObject::get_by_id("Group",$ids[0]);
|
||||
if($ids && count($ids) > 1) {
|
||||
return DataObject::get("Group", "ID IN (" . implode(",", $ids) . ")");
|
||||
} else {
|
||||
return DataObject::get_by_id("Group", $ids[0]);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Adds this member to the groups passed.
|
||||
* Adds this member to the groups based on the group codenames
|
||||
*
|
||||
* @param array $codenames Group codenames
|
||||
*/
|
||||
function addManyByCodename($codenames) {
|
||||
$groups = $this->codenamesToGroups($codenames);
|
||||
if($groups){
|
||||
if($groups) {
|
||||
foreach($groups as $group){
|
||||
$this->add($group);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Removes this member from the groups passed.
|
||||
* Removes this member from the groups based on the group codenames
|
||||
*
|
||||
* @param array $codenames Group codenames
|
||||
*/
|
||||
function removeManyByCodename($codenames) {
|
||||
$groups = $this->codenamesToGroups($codenames);
|
||||
if($groups){
|
||||
foreach($groups as $group){
|
||||
if($groups) {
|
||||
foreach($groups as $group) {
|
||||
$this->remove($group);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Helper function to return the appropriate group via a codename.
|
||||
* Helper function to return the appropriate groups via a codenames
|
||||
*
|
||||
* @param array $codenames Group codenames
|
||||
* @return array Returns the the appropriate groups.
|
||||
*/
|
||||
protected function codenamesToGroups($codenames) {
|
||||
$list = "'" . implode("', '", $codenames) . "'";
|
||||
$output = DataObject::get("Group", "Code IN ($list)");
|
||||
|
||||
// Some are missing - throw warnings
|
||||
if(!$output || $output->Count() != sizeof($list)) {
|
||||
foreach($codenames as $codename) $missing[$codename] = $codename;
|
||||
if($output) foreach($output as $record) unset($missing[$record->Code]);
|
||||
if($missing) user_error("The following group-codes aren't matched to any groups: " . implode(", ", $missing) . ". You probably need to link up the correct group codes in phpMyAdmin", E_USER_WARNING);
|
||||
if(!$output || ($output->Count() != sizeof($list))) {
|
||||
foreach($codenames as $codename)
|
||||
$missing[$codename] = $codename;
|
||||
|
||||
if($output) {
|
||||
foreach($output as $record)
|
||||
unset($missing[$record->Code]);
|
||||
}
|
||||
|
||||
if($missing)
|
||||
user_error("The following group-codes aren't matched to any groups: " .
|
||||
implode(", ", $missing) .
|
||||
". You probably need to link up the correct group codes in phpMyAdmin",
|
||||
E_USER_WARNING);
|
||||
}
|
||||
|
||||
return $output;
|
||||
@ -594,9 +858,12 @@ class Member_GroupSet extends ComponentSet {
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Class used as template to send an email to new members
|
||||
*/
|
||||
class Member_SignupEmail extends Email_Template {
|
||||
protected
|
||||
$from = 'ask@perweek.co.nz',
|
||||
$from = '', // setting a blank from address uses the site's default administrator email
|
||||
$to = '$Email',
|
||||
$subject = "Thanks for signing up",
|
||||
$body = '
|
||||
@ -644,17 +911,19 @@ class Member_SignupEmail extends Email_Template {
|
||||
|
||||
function MemberData() {
|
||||
return $this->template_data->listOfFields(
|
||||
"FirstName","Surname","Email",
|
||||
"Phone","Mobile","Street",
|
||||
"Suburb","City","Postcode","DriversLicense5A","DriversLicense5B"
|
||||
"FirstName", "Surname", "Email",
|
||||
"Phone", "Mobile", "Street",
|
||||
"Suburb", "City", "Postcode", "DriversLicense5A", "DriversLicense5B"
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Send an email saying that the password has been reset.
|
||||
*/
|
||||
|
||||
|
||||
/**
|
||||
* Class used as template to send an email saying that the password has been
|
||||
* changed
|
||||
*/
|
||||
class Member_ChangePasswordEmail extends Email_Template {
|
||||
protected $from = ''; // setting a blank from address uses the site's default administrator email
|
||||
protected $subject = "Your password has been changed";
|
||||
@ -662,31 +931,57 @@ class Member_ChangePasswordEmail extends Email_Template {
|
||||
protected $to = '$Email';
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Class used as template to send the forgot password email
|
||||
*/
|
||||
class Member_ForgotPasswordEmail extends Email_Template {
|
||||
protected $from = '';
|
||||
protected $from = ''; // setting a blank from address uses the site's default administrator email
|
||||
protected $subject = "Your password";
|
||||
protected $ss_template = 'ForgotPasswordEmail';
|
||||
protected $to = '$Email';
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Record to keep track of which records a member has unsubscribed from and when
|
||||
* Record to keep track of which records a member has unsubscribed from and
|
||||
* when
|
||||
*
|
||||
* @todo Check if that email stuff ($from, $to, $subject, $body) is needed
|
||||
* here! (Markus)
|
||||
*/
|
||||
class Member_UnsubscribeRecord extends DataObject {
|
||||
|
||||
static $has_one = array(
|
||||
'NewsletterType' => 'NewsletterType',
|
||||
'Member' => 'Member'
|
||||
);
|
||||
static $has_one = array(
|
||||
'NewsletterType' => 'NewsletterType',
|
||||
'Member' => 'Member'
|
||||
);
|
||||
|
||||
|
||||
/**
|
||||
* Unsubscribe the member from a specific newsletter type
|
||||
*
|
||||
* @param int|Member $member Member object or ID
|
||||
* @param int|NewsletterType $newsletterType Newsletter type object or ID
|
||||
*/
|
||||
function unsubscribe($member, $newsletterType) {
|
||||
// $this->UnsubscribeDate()->setVal( 'now' );
|
||||
$this->MemberID = (is_numeric($member))
|
||||
? $member
|
||||
: $member->ID;
|
||||
|
||||
$this->NewsletterTypeID = (is_numeric($newletterType))
|
||||
? $newsletterType
|
||||
: $newsletterType->ID;
|
||||
|
||||
$this->write();
|
||||
}
|
||||
|
||||
|
||||
function unsubscribe( $member, $newsletterType ) {
|
||||
// $this->UnsubscribeDate()->setVal( 'now' );
|
||||
$this->MemberID = ( is_numeric( $member ) ) ? $member : $member->ID;
|
||||
$this->NewsletterTypeID = ( is_numeric( $newletterType ) ) ? $newsletterType : $newsletterType->ID;
|
||||
$this->write();
|
||||
}
|
||||
protected
|
||||
$from = 'ask@perweek.co.nz',
|
||||
$from = '', // setting a blank from address uses the site's default administrator email
|
||||
$to = '$Email',
|
||||
$subject = "Your password has been changed",
|
||||
$body = '
|
||||
@ -698,9 +993,19 @@ class Member_UnsubscribeRecord extends DataObject {
|
||||
<p>Your password has been changed. Please keep this email, for future reference.</p>';
|
||||
}
|
||||
|
||||
class Member_Validator extends RequiredFields {
|
||||
protected $customRequired = array('FirstName', 'Email', 'Password');
|
||||
|
||||
|
||||
/**
|
||||
* Member Validator
|
||||
*/
|
||||
class Member_Validator extends RequiredFields {
|
||||
|
||||
protected $customRequired = array('FirstName', 'Email'); //, 'Password');
|
||||
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*/
|
||||
public function __construct() {
|
||||
$required = func_get_args();
|
||||
if(isset($required[0]) && is_array($required[0])) {
|
||||
@ -708,24 +1013,43 @@ class Member_Validator extends RequiredFields {
|
||||
}
|
||||
$required = array_merge($required, $this->customRequired);
|
||||
|
||||
parent::__construct($required);
|
||||
parent::__construct($required);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Check if the submitted member data is valid
|
||||
*
|
||||
* Check if a member with that email doesn't already exist, or if it does
|
||||
* that it is this member.
|
||||
*
|
||||
* @param array $data Submitted data
|
||||
* @return bool Returns TRUE if the submitted data is valid, otherwise
|
||||
* FALSE.
|
||||
*/
|
||||
function php($data) {
|
||||
$valid = parent::php($data);
|
||||
|
||||
// Check if a member with that email doesn't already exist, or if it does that it is this member.
|
||||
$member = DataObject::get_one('Member', "Email = '". Convert::raw2sql($data['Email']) ."'");
|
||||
// if we are in a complex table field popup, use ctf[childID], else use ID
|
||||
$id = (isset($_REQUEST['ctf']['childID'])) ? $_REQUEST['ctf']['childID'] : $_REQUEST['ID'];
|
||||
$member = DataObject::get_one('Member',
|
||||
"Email = '". Convert::raw2sql($data['Email']) ."'");
|
||||
|
||||
// if we are in a complex table field popup, use ctf[childID], else use
|
||||
// ID
|
||||
$id = (isset($_REQUEST['ctf']['childID']))
|
||||
? $_REQUEST['ctf']['childID']
|
||||
: $_REQUEST['ID'];
|
||||
|
||||
if(is_object($member) && $member->ID != $id) {
|
||||
$emailField = $this->form->dataFieldByName('Email');
|
||||
$this->validationError($emailField->id(), "There already exists a member with this email", "required");
|
||||
$this->validationError($emailField->id(),
|
||||
"There already exists a member with this email",
|
||||
"required");
|
||||
$valid = false;
|
||||
}
|
||||
|
||||
return $valid;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
?>
|
@ -1,5 +1,13 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Member authenticator
|
||||
*
|
||||
* @author Markus Lanthaler <markus@silverstripe.com>
|
||||
*/
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Authenticator for the default "member" method
|
||||
*
|
||||
@ -11,18 +19,25 @@ class MemberAuthenticator extends Authenticator {
|
||||
* Method to authenticate an user
|
||||
*
|
||||
* @param array $RAW_data Raw data to authenticate the user
|
||||
* @param Form $form Optional: If passed, better error messages can be
|
||||
* produced by using
|
||||
* {@link Form::sessionMessage()}
|
||||
* @return bool|Member Returns FALSE if authentication fails, otherwise
|
||||
* the member object
|
||||
*/
|
||||
public function authenticate(array $RAW_data) {
|
||||
public function authenticate(array $RAW_data, Form $form = null) {
|
||||
$SQL_user = Convert::raw2sql($RAW_data['Email']);
|
||||
$SQL_password = Convert::raw2sql($RAW_data['Password']);
|
||||
|
||||
$member = DataObject::get_one(
|
||||
"Member", "Email = '$SQL_user' And Password = '$SQL_password'");
|
||||
"Member", "Email = '$SQL_user' AND Password = '$SQL_password'");
|
||||
|
||||
if($member) {
|
||||
Session::clear("BackURL");
|
||||
} else if(!is_null($form)) {
|
||||
$form->sessionMessage(
|
||||
"That doesn't seem to be the right email address or password. Please try again.",
|
||||
"bad");
|
||||
}
|
||||
|
||||
return $member;
|
||||
@ -32,11 +47,13 @@ class MemberAuthenticator extends Authenticator {
|
||||
/**
|
||||
* Method that creates the login form for this authentication method
|
||||
*
|
||||
* @param Controller The parent controller, necessary to create the
|
||||
* appropriate form action tag
|
||||
* @return Form Returns the login form to use with this authentication
|
||||
* method
|
||||
*/
|
||||
public function getLoginForm() {
|
||||
return Object::create("MemberLoginForm", $this, "LoginForm");
|
||||
public static function getLoginForm(Controller $controller) {
|
||||
return Object::create("MemberLoginForm", $controller, "LoginForm");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,11 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Log-in form for the "member" authentication method
|
||||
*/
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Log-in form for the "member" authentication method
|
||||
*/
|
||||
@ -7,13 +14,22 @@ class MemberLoginForm extends Form {
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @param $controller
|
||||
* @param $name
|
||||
* @param $fields
|
||||
* @param $actions
|
||||
* @param $checkCurrentUser
|
||||
* @param Controller $controller The parent controller, necessary to
|
||||
* create the appropriate form action tag.
|
||||
* @param string $name The method on the controller that will return this
|
||||
* form object.
|
||||
* @param FieldSet|FormField $fields All of the fields in the form - a
|
||||
* {@link FieldSet} of {@link FormField}
|
||||
* objects.
|
||||
* @param FieldSet|FormAction $actions All of the action buttons in the
|
||||
* form - a {@link FieldSet} of
|
||||
* {@link FormAction} objects
|
||||
* @param bool $checkCurrentUser If set to TRUE, it will be checked if a
|
||||
* the user is currently logged in, and if
|
||||
* so, only a logout button will be rendered
|
||||
*/
|
||||
function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) {
|
||||
function __construct($controller, $name, $fields = null, $actions = null,
|
||||
$checkCurrentUser = true) {
|
||||
|
||||
$customCSS = project() . '/css/member_login.css';
|
||||
if(Director::fileExists($customCSS)) {
|
||||
@ -24,19 +40,21 @@ class MemberLoginForm extends Form {
|
||||
$backURL = $_REQUEST['BackURL'];
|
||||
} else {
|
||||
$backURL = Session::get('BackURL');
|
||||
//Session::clear("BackURL"); don't clear the back URL here! Should be used until the right password is entered!
|
||||
}
|
||||
|
||||
if($checkCurrentUser && Member::currentUserID()) {
|
||||
$fields = new FieldSet();
|
||||
$actions = new FieldSet(new FormAction("logout", "Log in as someone else"));
|
||||
$actions = new FieldSet(new FormAction("logout",
|
||||
"Log in as someone else"));
|
||||
} else {
|
||||
if(!$fields) {
|
||||
$fields = new FieldSet(
|
||||
new HiddenField("AuthenticationMethod", null, "Member"),
|
||||
new TextField("Email", "Email address", Session::get('SessionForms.MemberLoginForm.Email')),
|
||||
new TextField("Email", "Email address",
|
||||
Session::get('SessionForms.MemberLoginForm.Email')),
|
||||
new EncryptField("Password", "Password"),
|
||||
new CheckboxField("Remember", "Remember me next time?",true)
|
||||
new CheckboxField("Remember", "Remember me next time?",
|
||||
Session::get('SessionForms.MemberLoginForm.Remember'))
|
||||
);
|
||||
}
|
||||
if(!$actions) {
|
||||
@ -60,7 +78,8 @@ class MemberLoginForm extends Form {
|
||||
*/
|
||||
protected function getMessageFromSession() {
|
||||
parent::getMessageFromSession();
|
||||
if(($member = Member::currentUser()) && !Session::get('MemberLoginForm.force_message')) {
|
||||
if(($member = Member::currentUser()) &&
|
||||
!Session::get('MemberLoginForm.force_message')) {
|
||||
$this->message = "You're logged in as $member->FirstName.";
|
||||
}
|
||||
Session::set('MemberLoginForm.force_message', false);
|
||||
@ -75,18 +94,21 @@ class MemberLoginForm extends Form {
|
||||
* @param array $data Submitted data
|
||||
*/
|
||||
public function dologin($data) {
|
||||
if($this->performLogin($data)){
|
||||
if($this->performLogin($data)) {
|
||||
Session::clear('SessionForms.MemberLoginForm.Email');
|
||||
Session::clear('SessionForms.MemberLoginForm.Remember');
|
||||
|
||||
if($backURL = $_REQUEST['BackURL']) {
|
||||
Session::clear("BackURL");
|
||||
Session::clear('SessionForms.MemberLoginForm.Email');
|
||||
Director::redirect($backURL);
|
||||
} else
|
||||
Director::redirectBack();
|
||||
|
||||
} else {
|
||||
Session::set('SessionForms.MemberLoginForm.Email', $data['Email']);
|
||||
if($badLoginURL = Session::get("BadLoginURL")){
|
||||
Session::set('SessionForms.MemberLoginForm.Remember',
|
||||
isset($data['Remember']));
|
||||
if($badLoginURL = Session::get("BadLoginURL")) {
|
||||
Director::redirect($badLoginURL);
|
||||
} else {
|
||||
Director::redirectBack();
|
||||
@ -96,13 +118,16 @@ class MemberLoginForm extends Form {
|
||||
|
||||
|
||||
/**
|
||||
* Log out
|
||||
* Log out form handler method
|
||||
*
|
||||
* @todo Figure out for what this method is used! Is it really used at all?
|
||||
* This method is called when the user clicks on "logout" on the form
|
||||
* created when the parameter <i>$checkCurrentUser</i> of the
|
||||
* {@link __construct constructor} was set to TRUE and the user was
|
||||
* currently logged in.
|
||||
*/
|
||||
public function logout(){
|
||||
public function logout() {
|
||||
$s = new Security();
|
||||
return $s->logout();
|
||||
$s->logout();
|
||||
}
|
||||
|
||||
|
||||
@ -113,20 +138,16 @@ class MemberLoginForm extends Form {
|
||||
* @return Member Returns the member object on successful authentication
|
||||
* or NULL on failure.
|
||||
*/
|
||||
public function performLogin($data){
|
||||
if($member = MemberAuthenticator::authenticate($data)) {
|
||||
public function performLogin($data) {
|
||||
if($member = MemberAuthenticator::authenticate($data, $this)) {
|
||||
$firstname = Convert::raw2xml($member->FirstName);
|
||||
$this->sessionMessage("Welcome Back, {$firstname}", "good");
|
||||
$member->LogIn();
|
||||
Session::set("Security.Message.message", "Welcome Back, {$firstname}");
|
||||
Session::set("Security.Message.type", "good");
|
||||
|
||||
if(isset($data['Remember'])) {
|
||||
// Deliberately obscure...
|
||||
Cookie::set('alc_enc',base64_encode("$data[Email]:$data[Password]"));
|
||||
}
|
||||
$member->LogIn(isset($data['Remember']));
|
||||
return $member;
|
||||
|
||||
} else {
|
||||
$this->sessionMessage("That doesn't seem to be the right email address or password. Please try again.", "bad");
|
||||
return null;
|
||||
}
|
||||
}
|
||||
@ -135,13 +156,15 @@ class MemberLoginForm extends Form {
|
||||
/**
|
||||
* Forgot password form handler method
|
||||
*
|
||||
* This method is called when the user clicks on "Log in"
|
||||
* This method is called when the user clicks on "I've lost my password"
|
||||
*
|
||||
* @param array $data Submitted data
|
||||
*/
|
||||
function forgotPassword($data) {
|
||||
$SQL_data = Convert::raw2sql($data);
|
||||
if($data['Email'] && $member = DataObject::get_one("Member", "Member.Email = '$SQL_data[Email]'")) {
|
||||
|
||||
if($data['Email'] && $member = DataObject::get_one("Member",
|
||||
"Member.Email = '$SQL_data[Email]'")) {
|
||||
if(!$member->Password) {
|
||||
$member->createNewPassword();
|
||||
$member->write();
|
||||
@ -151,7 +174,9 @@ class MemberLoginForm extends Form {
|
||||
Director::redirect('Security/passwordsent/' . urlencode($data['Email']));
|
||||
|
||||
} else if($data['Email']) {
|
||||
$this->sessionMessage("Sorry, but I don't recognise the email address. Maybe you need to sign up, or perhaps you used another email address?", "bad");
|
||||
$this->sessionMessage(
|
||||
"Sorry, but I don't recognise the email address. Maybe you need to sign up, or perhaps you used another email address?",
|
||||
"bad");
|
||||
Director::redirectBack();
|
||||
|
||||
} else {
|
||||
|
@ -1,5 +1,13 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* OpenID authenticator and controller
|
||||
*
|
||||
* @author Markus Lanthaler <markus@silverstripe.com>
|
||||
*/
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Require the OpenID consumer code.
|
||||
*/
|
||||
@ -29,10 +37,13 @@ class OpenIDAuthenticator extends Authenticator {
|
||||
* Method to authenticate an user
|
||||
*
|
||||
* @param array $RAW_data Raw data to authenticate the user
|
||||
* @param Form $form Optional: If passed, better error messages can be
|
||||
* produced by using
|
||||
* {@link Form::sessionMessage()}
|
||||
* @return bool|Member Returns FALSE if authentication fails, otherwise
|
||||
* the member object
|
||||
*/
|
||||
public function authenticate(array $RAW_data) {
|
||||
public function authenticate(array $RAW_data, Form $form = null) {
|
||||
$openid = $RAW_data['OpenIDURL'];
|
||||
|
||||
$trust_root = Director::absoluteBaseURL();
|
||||
@ -59,9 +70,27 @@ class OpenIDAuthenticator extends Authenticator {
|
||||
|
||||
// No auth request means we can't begin OpenID.
|
||||
if(!$auth_request) {
|
||||
displayError("Authentication error; not a valid OpenID.");
|
||||
if(!is_null($form)) {
|
||||
$form->sessionMessage("That doesn't seem to be a valid OpenID " .
|
||||
"or i-name identifier. Please try again.",
|
||||
"bad");
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
$SQL_user = Convert::raw2sql($auth_request->endpoint->claimed_id);
|
||||
if(!($member = DataObject::get_one("Member", "Email = '$SQL_user'"))) {
|
||||
if(!is_null($form)) {
|
||||
$form->sessionMessage("Either your account is not enabled for " .
|
||||
"OpenID/i-name authentication " .
|
||||
"or the entered identifier is wrong. " .
|
||||
"Please try again.",
|
||||
"bad");
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @todo Check if the POST request should be send directly (without rendering a form)
|
||||
@ -97,6 +126,7 @@ class OpenIDAuthenticator extends Authenticator {
|
||||
"</title></head>",
|
||||
"<body onload='document.getElementById(\"".$form_id."\").submit()'>",
|
||||
$form_html,
|
||||
"<p>Click "Continue" to login. You are only seeing this because you appear to have JavaScript disabled.</p>",
|
||||
"</body></html>");
|
||||
|
||||
print implode("\n", $page_contents);
|
||||
@ -109,11 +139,13 @@ class OpenIDAuthenticator extends Authenticator {
|
||||
/**
|
||||
* Method that creates the login form for this authentication method
|
||||
*
|
||||
* @param Controller The parent controller, necessary to create the
|
||||
* appropriate form action tag
|
||||
* @return Form Returns the login form to use with this authentication
|
||||
* method
|
||||
*/
|
||||
public function getLoginForm() {
|
||||
return Object::create("OpenIDLoginForm", $this, "LoginForm");
|
||||
public static function getLoginForm(Controller $controller) {
|
||||
return Object::create("OpenIDLoginForm", $controller, "LoginForm");
|
||||
}
|
||||
}
|
||||
|
||||
@ -135,11 +167,96 @@ class OpenIDAuthenticator_Controller extends Controller {
|
||||
function run($requestParams) {
|
||||
parent::init();
|
||||
|
||||
if(isset($_GET['debug_profile'])) Profiler::mark("OpenIDAuthenticator_Controller");
|
||||
if(isset($_GET['debug_profile']))
|
||||
Profiler::mark("OpenIDAuthenticator_Controller");
|
||||
|
||||
die("Not implemented yet!");
|
||||
|
||||
if(isset($_GET['debug_profile'])) Profiler::unmark("OpenIDAuthenticator_Controller");
|
||||
/**
|
||||
* This is where the example will store its OpenID information.
|
||||
* You should change this path if you want the example store to be
|
||||
* created elsewhere. After you're done playing with the example
|
||||
* script, you'll have to remove this directory manually.
|
||||
*/
|
||||
$store_path = TEMP_FOLDER;
|
||||
|
||||
if(!file_exists($store_path) && !mkdir($store_path)) {
|
||||
print "Could not create the FileStore directory '$store_path'. ".
|
||||
" Please check the effective permissions.";
|
||||
exit(0);
|
||||
}
|
||||
$store = new Auth_OpenID_FileStore($store_path);
|
||||
|
||||
$consumer = new Auth_OpenID_Consumer($store, new SessionWrapper());
|
||||
|
||||
|
||||
|
||||
// Complete the authentication process using the server's response.
|
||||
$response = $consumer->complete();
|
||||
|
||||
if($response->status == Auth_OpenID_CANCEL) {
|
||||
Session::set("Security.Message.message",
|
||||
"The verification was cancelled. Please try again.");
|
||||
Session::set("Security.Message.type", "bad");
|
||||
|
||||
if(isset($_GET['debug_profile']))
|
||||
Profiler::unmark("OpenIDAuthenticator_Controller");
|
||||
|
||||
Director::redirect("Security/login");
|
||||
|
||||
} else if($response->status == Auth_OpenID_FAILURE) {
|
||||
Session::set("Security.Message.message", // use $response->message ??
|
||||
"The OpenID/i-name authentication failed.");
|
||||
Session::set("Security.Message.type", "bad");
|
||||
|
||||
if(isset($_GET['debug_profile']))
|
||||
Profiler::unmark("OpenIDAuthenticator_Controller");
|
||||
|
||||
Director::redirect("Security/login");
|
||||
|
||||
} else if($response->status == Auth_OpenID_SUCCESS) {
|
||||
$openid = $response->identity_url;
|
||||
$user = $openid;
|
||||
|
||||
if($response->endpoint->canonicalID) {
|
||||
$user = $response->endpoint->canonicalID;
|
||||
}
|
||||
|
||||
|
||||
if(isset($_GET['debug_profile']))
|
||||
Profiler::unmark("OpenIDAuthenticator_Controller");
|
||||
|
||||
|
||||
$SQL_user = Convert::raw2sql($user);
|
||||
if($member = DataObject::get_one("Member", "Email = '$SQL_user'")) {
|
||||
$firstname = Convert::raw2xml($member->FirstName);
|
||||
Session::set("Security.Message.message", "Welcome Back, {$firstname}");
|
||||
Session::set("Security.Message.type", "good");
|
||||
|
||||
$member->LogIn(
|
||||
Session::get('SessionForms.OpenIDLoginForm.Remember'));
|
||||
|
||||
Session::clear('SessionForms.OpenIDLoginForm.OpenIDURL');
|
||||
Session::clear('SessionForms.OpenIDLoginForm.Remember');
|
||||
|
||||
if($backURL = Session::get("BackURL")) {
|
||||
Session::clear("BackURL");
|
||||
Director::redirect($backURL);
|
||||
} else {
|
||||
Director::redirectBack();
|
||||
}
|
||||
|
||||
} else {
|
||||
Session::set("Security.Message.message",
|
||||
"Login failed. Please try again.");
|
||||
Session::set("Security.Message.type", "bad");
|
||||
|
||||
if($badLoginURL = Session::get("BadLoginURL")) {
|
||||
Director::redirect($badLoginURL);
|
||||
} else {
|
||||
Director::redirectBack();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -166,7 +283,7 @@ class OpenIDAuthenticator_Controller extends Controller {
|
||||
*
|
||||
* @author Markus Lanthaler <markus@silverstripe.com>
|
||||
*/
|
||||
class SessionWrapper {
|
||||
class SessionWrapper extends Auth_Yadis_PHPSession {
|
||||
|
||||
/**
|
||||
* Set a session key/value pair.
|
||||
|
@ -1,5 +1,12 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* OpenID log-in form
|
||||
*
|
||||
* @author Markus Lanthaler <markus@silverstripe.com>
|
||||
*/
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* OpenID log-in form
|
||||
@ -11,11 +18,19 @@ class OpenIDLoginForm extends Form {
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @param $controller
|
||||
* @param $name
|
||||
* @param $fields
|
||||
* @param $actions
|
||||
* @param $checkCurrentUser
|
||||
* @param Controller $controller The parent controller, necessary to
|
||||
* create the appropriate form action tag.
|
||||
* @param string $name The method on the controller that will return this
|
||||
* form object.
|
||||
* @param FieldSet|FormField $fields All of the fields in the form - a
|
||||
* {@link FieldSet} of {@link FormField}
|
||||
* objects.
|
||||
* @param FieldSet|FormAction $actions All of the action buttons in the
|
||||
* form - a {@link FieldSet} of
|
||||
* {@link FormAction} objects
|
||||
* @param bool $checkCurrentUser If set to TRUE, it will be checked if a
|
||||
* the user is currently logged in, and if
|
||||
* so, only a logout button will be rendered
|
||||
*/
|
||||
function __construct($controller, $name, $fields = null, $actions = null,
|
||||
$checkCurrentUser = true) {
|
||||
@ -28,19 +43,20 @@ class OpenIDLoginForm extends Form {
|
||||
$backURL = $_REQUEST['BackURL'];
|
||||
} else {
|
||||
$backURL = Session::get('BackURL');
|
||||
//Session::clear("BackURL"); don't clear the back URL here! Should be used until the right password is entered!
|
||||
}
|
||||
|
||||
if($checkCurrentUser && Member::currentUserID()) {
|
||||
$fields = new FieldSet();
|
||||
$actions = new FieldSet(new FormAction("logout", "Log in as someone else"));
|
||||
$actions = new FieldSet(new FormAction("logout",
|
||||
"Log in as someone else"));
|
||||
} else {
|
||||
if(!$fields) {
|
||||
$fields = new FieldSet(
|
||||
new HiddenField("AuthenticationMethod", null, "OpenID"),
|
||||
new TextField("OpenIDURL", "OpenID URL",
|
||||
Session::get('SessionForms.OpenIDLoginForm.OpenIDURL')),
|
||||
new CheckboxField("Remember", "Remember me next time?", true)
|
||||
Session::get('SessionForms.OpenIDLoginForm.OpenIDURL')),
|
||||
new CheckboxField("Remember", "Remember me next time?",
|
||||
Session::get('SessionForms.OpenIDLoginForm.Remember'))
|
||||
);
|
||||
}
|
||||
if(!$actions) {
|
||||
@ -79,60 +95,34 @@ class OpenIDLoginForm extends Form {
|
||||
* @param array $data Submitted data
|
||||
*/
|
||||
public function dologin($data) {
|
||||
if($this->performLogin($data)){
|
||||
Session::set('SessionForms.OpenIDLoginForm.Remember',
|
||||
isset($data['Remember']));
|
||||
|
||||
if($backURL = $_REQUEST['BackURL']) {
|
||||
Session::clear("BackURL");
|
||||
Session::clear('SessionForms.OpenIDLoginForm.OpenIDURL');
|
||||
Director::redirect($backURL);
|
||||
} else
|
||||
Director::redirectBack();
|
||||
OpenIDAuthenticator::authenticate($data, $this);
|
||||
|
||||
// If the OpenID authenticator returns, an error occured!
|
||||
Session::set('SessionForms.OpenIDLoginForm.OpenIDURL',
|
||||
$data['OpenIDURL']);
|
||||
|
||||
if($badLoginURL = Session::get("BadLoginURL")){
|
||||
Director::redirect($badLoginURL);
|
||||
} else {
|
||||
Session::set('SessionForms.OpenIDLoginForm.OpenIDURL', $data['OpenIDURL']);
|
||||
if($badLoginURL = Session::get("BadLoginURL")){
|
||||
Director::redirect($badLoginURL);
|
||||
} else {
|
||||
Director::redirectBack();
|
||||
}
|
||||
Director::redirectBack();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Log out
|
||||
* Log out form handler method
|
||||
*
|
||||
* @todo Figure out for what this method is used! Is it really used at all?
|
||||
* This method is called when the user clicks on "logout" on the form
|
||||
* created when the parameter <i>$checkCurrentUser</i> of the
|
||||
* {@link __construct constructor} was set to TRUE and the user was
|
||||
* currently logged in.
|
||||
*/
|
||||
public function logout() {
|
||||
$s = new Security();
|
||||
return $s->logout();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Try to authenticate the user
|
||||
*
|
||||
* @param array Submitted data
|
||||
* @return Member Returns the member object on successful authentication
|
||||
* or NULL on failure.
|
||||
*/
|
||||
public function performLogin(array $data) {
|
||||
if($member = OpenIDAuthenticator::authenticate($data)) {
|
||||
$firstname = Convert::raw2xml($member->FirstName);
|
||||
$this->sessionMessage("Welcome Back, {$firstname}", "good");
|
||||
$member->LogIn();
|
||||
|
||||
if(isset($data['Remember'])) {
|
||||
// Deliberately obscure...
|
||||
Cookie::set('alc_enc',base64_encode("$data[OpenIDURL]"));
|
||||
}
|
||||
return $member;
|
||||
|
||||
} else {
|
||||
$this->sessionMessage("Login failed. Please try again.", "bad");
|
||||
return null;
|
||||
}
|
||||
$s->logout();
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -18,20 +18,30 @@ class Security extends Controller {
|
||||
protected static $strictPathChecking = false;
|
||||
|
||||
/**
|
||||
* Register that we've had a permission failure trying to view the given page.
|
||||
* Register that we've had a permission failure trying to view the given page
|
||||
*
|
||||
* This will redirect to a login page.
|
||||
* @param page The controller that you were on to cause the permission failure.
|
||||
* @param messageSet The message to show to the user. This can be a string, or a map of different
|
||||
* messages for different contexts. If you pass an array, you can use the following keys:
|
||||
* - default: The default message
|
||||
* - logInAgain: The message to show if the user has just logged out and the
|
||||
* - alreadyLoggedIn: The message to show if the user is already logged in and lacks the permission to access the item.
|
||||
* If you don't provide a messageSet, a default will be used.
|
||||
*
|
||||
* @param $page The controller that you were on to cause the permission
|
||||
* failure.
|
||||
* @param string|array $messageSet The message to show to the user. This
|
||||
* can be a string, or a map of different
|
||||
* messages for different contexts.
|
||||
* If you pass an array, you can use the
|
||||
* following keys:
|
||||
* - default: The default message
|
||||
* - logInAgain: The message to show
|
||||
* if the user has just
|
||||
* logged out and the
|
||||
* - alreadyLoggedIn: The message to
|
||||
* show if the user
|
||||
* is already logged
|
||||
* in and lacks the
|
||||
* permission to
|
||||
* access the item.
|
||||
*/
|
||||
static function permissionFailure($page = null, $messageSet = null) {
|
||||
// $loginForm = singleton('Security')->LoginForm();
|
||||
|
||||
//user_error('debug', E_USER_ERROR);
|
||||
static function permissionFailure($page, $messageSet = null) {
|
||||
// Prepare the messageSet provided
|
||||
if(!$messageSet) {
|
||||
$messageSet = array(
|
||||
@ -47,24 +57,24 @@ class Security extends Controller {
|
||||
if(Member::currentUserID()) {
|
||||
// user_error( 'PermFailure with member', E_USER_ERROR );
|
||||
|
||||
$message = $messageSet['alreadyLoggedIn'] ? $messageSet['alreadyLoggedIn'] : $messageSet['default'];
|
||||
//$_SESSION['LoginForm']['force_form'] = true;
|
||||
//$_SESSION['LoginForm']['type'] = 'warning';
|
||||
$message = $messageSet['alreadyLoggedIn']
|
||||
? $messageSet['alreadyLoggedIn']
|
||||
: $messageSet['default'];
|
||||
|
||||
Member::logout();
|
||||
|
||||
} else if(substr(Director::history(),0,15) == 'Security/logout') {
|
||||
$message = $messageSet['logInAgain'] ? $messageSet['logInAgain'] : $messageSet['default'];
|
||||
$message = $messageSet['logInAgain']
|
||||
? $messageSet['logInAgain']
|
||||
: $messageSet['default'];
|
||||
|
||||
} else {
|
||||
$message = $messageSet['default'];
|
||||
}
|
||||
|
||||
/* $loginForm->sessionMessage($message, 'warning');
|
||||
Session::set("SecurityMessage.Error.message", $message);
|
||||
Session::set("SecurityMessage.Error.type", $type);*/
|
||||
Session::set("Security.Message.message", $message);
|
||||
Session::set("Security.Message.type", 'warning');
|
||||
|
||||
// $_SESSION['LoginForm']['message'] = $message;
|
||||
Session::set("BackURL", $_SERVER['REQUEST_URI']);
|
||||
|
||||
if(Director::is_ajax()) {
|
||||
@ -85,10 +95,10 @@ class Security extends Controller {
|
||||
switch($_REQUEST['AuthenticationMethod'])
|
||||
{
|
||||
case 'Member':
|
||||
return MemberAuthenticator::GetLoginForm();
|
||||
return MemberAuthenticator::GetLoginForm($this);
|
||||
break;
|
||||
case 'OpenID':
|
||||
return OpenIDAuthenticator::GetLoginForm();
|
||||
return OpenIDAuthenticator::GetLoginForm($this);
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -99,13 +109,16 @@ class Security extends Controller {
|
||||
/**
|
||||
* Get the login forms for all available authentication methods
|
||||
*
|
||||
* @return array Returns an array of available login forms (array of Form
|
||||
* objects).
|
||||
*
|
||||
* @todo Check how to activate/deactivate authentication methods
|
||||
*/
|
||||
function GetLoginForms()
|
||||
{
|
||||
$forms = array();
|
||||
array_push($forms, MemberAuthenticator::GetLoginForm());
|
||||
array_push($forms, OpenIDAuthenticator::GetLoginForm());
|
||||
array_push($forms, MemberAuthenticator::GetLoginForm($this));
|
||||
array_push($forms, OpenIDAuthenticator::GetLoginForm($this));
|
||||
|
||||
return $forms;
|
||||
}
|
||||
@ -115,6 +128,7 @@ class Security extends Controller {
|
||||
* Get a link to a security action
|
||||
*
|
||||
* @param string $action Name of the action
|
||||
* @return string Returns the link to the given action
|
||||
*/
|
||||
function Link($action = null) {
|
||||
return "Security/$action";
|
||||
@ -130,15 +144,18 @@ class Security extends Controller {
|
||||
* they should go.
|
||||
*/
|
||||
function logout($redirect = true) {
|
||||
Cookie::set('alc_enc',null);
|
||||
Cookie::forceExpiry('alc_enc');
|
||||
Session::clear("loggedInAs");
|
||||
if($redirect) Director::redirectBack();
|
||||
if($member = Member::currentUser())
|
||||
$member->logOut();
|
||||
|
||||
if($redirect)
|
||||
Director::redirectBack();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Show the "login" page
|
||||
*
|
||||
* @return string Returns the "login" page as HTML code.
|
||||
*/
|
||||
function login() {
|
||||
Requirements::javascript("jsparty/behaviour.js");
|
||||
@ -164,9 +181,23 @@ class Security extends Controller {
|
||||
foreach($forms as $form)
|
||||
$content .= $form->forTemplate();
|
||||
|
||||
$customisedController = $controller->customise(array(
|
||||
"Content" => $content
|
||||
));
|
||||
if(strlen($message = Session::get('Security.Message.message')) > 0) {
|
||||
$message_type = Session::get('Security.Message.type');
|
||||
if($message_type == 'bad') {
|
||||
$message = "<p class=\"message $message_type\">$message</p>";
|
||||
} else {
|
||||
$message = "<p>$message</p>";
|
||||
}
|
||||
|
||||
$customisedController = $controller->customise(array(
|
||||
"Content" => $message,
|
||||
"Form" => $content
|
||||
));
|
||||
} else {
|
||||
$customisedController = $controller->customise(array(
|
||||
"Content" => $content
|
||||
));
|
||||
}
|
||||
|
||||
return $customisedController->renderWith("Page");
|
||||
}
|
||||
@ -174,7 +205,9 @@ class Security extends Controller {
|
||||
|
||||
|
||||
/**
|
||||
* Show the "lost password" page
|
||||
*
|
||||
* @return string Returns the "lost password " page as HTML code.
|
||||
*/
|
||||
function lostpassword() {
|
||||
Requirements::javascript("jsparty/prototype.js");
|
||||
@ -189,7 +222,8 @@ class Security extends Controller {
|
||||
$controller = new Page_Controller($tmpPage);
|
||||
|
||||
$customisedController = $controller->customise(array(
|
||||
"Content" => "<p>Enter your e-mail address and we will send you a password</p>",
|
||||
"Content" =>
|
||||
"<p>Enter your e-mail address and we will send you a password</p>",
|
||||
"Form" => $this->LostPasswordForm(),
|
||||
));
|
||||
|
||||
@ -199,7 +233,9 @@ class Security extends Controller {
|
||||
|
||||
|
||||
/**
|
||||
* Show the "password sent" page
|
||||
*
|
||||
* @return string Returns the "password sent" page as HTML code.
|
||||
*/
|
||||
function passwordsent() {
|
||||
Requirements::javascript("jsparty/behaviour.js");
|
||||
@ -216,7 +252,8 @@ class Security extends Controller {
|
||||
$email = $this->urlParams['ID'];
|
||||
$customisedController = $controller->customise(array(
|
||||
"Title" => "Password sent to '$email'",
|
||||
"Content" => "<p>Thank you, your password has been sent to '$email'.</p>",
|
||||
"Content" =>
|
||||
"<p>Thank you, your password has been sent to '$email'.</p>",
|
||||
));
|
||||
|
||||
//Controller::$currentController = $controller;
|
||||
@ -225,7 +262,9 @@ class Security extends Controller {
|
||||
|
||||
|
||||
/**
|
||||
* Factory method for the lost password form
|
||||
*
|
||||
* @return Form Returns the lost password form
|
||||
*/
|
||||
function LostPasswordForm() {
|
||||
return new MemberLoginForm($this, "LostPasswordForm", new FieldSet(
|
||||
@ -238,17 +277,23 @@ class Security extends Controller {
|
||||
|
||||
|
||||
/**
|
||||
* Authenticate using the given email and password, returning the appropriate member object if
|
||||
* Authenticate using the given email and password, returning the
|
||||
* appropriate member object if
|
||||
*
|
||||
* @return bool|Member Returns FALSE if authentication fails, otherwise
|
||||
* the member object
|
||||
*/
|
||||
static function authenticate($RAW_email, $RAW_password) {
|
||||
$SQL_email = Convert::raw2sql($RAW_email);
|
||||
$SQL_password = Convert::raw2sql($RAW_password);
|
||||
|
||||
// Default login (see {@setDetaultAdmin()})
|
||||
if( $RAW_email == self::$username && $RAW_password == self::$password && !empty( self::$username ) && !empty( self::$password ) ) {
|
||||
if(($RAW_email == self::$username) && ($RAW_password == self::$password)
|
||||
&& !empty(self::$username) && !empty(self::$password)) {
|
||||
$member = self::findAnAdministrator();
|
||||
} else {
|
||||
$member = DataObject::get_one("Member", "Email = '$SQL_email' And Password = '$SQL_password'");
|
||||
$member = DataObject::get_one("Member",
|
||||
"Email = '$SQL_email' And Password = '$SQL_password'");
|
||||
}
|
||||
|
||||
return $member;
|
||||
@ -257,8 +302,12 @@ class Security extends Controller {
|
||||
|
||||
/**
|
||||
* Return a member with administrator privileges
|
||||
*
|
||||
* @return Member Returns a member object that has administrator
|
||||
* privileges.
|
||||
*/
|
||||
static function findAnAdministrator($username = 'admin', $password = 'password') {
|
||||
static function findAnAdministrator($username = 'admin',
|
||||
$password = 'password') {
|
||||
$permission = DataObject::get_one("Permission", "`Code` = 'ADMIN'");
|
||||
|
||||
$adminGroup = null;
|
||||
@ -292,10 +341,10 @@ class Security extends Controller {
|
||||
|
||||
|
||||
/**
|
||||
* This will set a static default-admin (e.g. "td") which is not existing as
|
||||
* a database-record. By this workaround we can test pages in dev-mode with
|
||||
* a unified login. Submitted login-credentials are first checked against
|
||||
* this static information in {@authenticate()}.
|
||||
* This will set a static default-admin (e.g. "td") which is not existing
|
||||
* as a database-record. By this workaround we can test pages in dev-mode
|
||||
* with a unified login. Submitted login-credentials are first checked
|
||||
* against this static information in {@authenticate()}.
|
||||
*
|
||||
* @param $username String
|
||||
* @param $password String (Cleartext)
|
||||
@ -310,10 +359,12 @@ class Security extends Controller {
|
||||
|
||||
|
||||
/**
|
||||
* Set strict path checking. This prevents sharing of the session
|
||||
* across several sites in the domain.
|
||||
* Set strict path checking
|
||||
*
|
||||
* @param strictPathChecking boolean to enable or disable strict patch checking.
|
||||
* This prevents sharing of the session across several sites in the domain.
|
||||
*
|
||||
* @param boolean $strictPathChecking To enable or disable strict patch
|
||||
* checking.
|
||||
*/
|
||||
static function setStrictPathChecking($strictPathChecking) {
|
||||
self::$strictPathChecking = $strictPathChecking;
|
||||
@ -321,7 +372,9 @@ class Security extends Controller {
|
||||
|
||||
|
||||
/**
|
||||
* Get strict path checking
|
||||
*
|
||||
* @return boolean Status of strict path checking
|
||||
*/
|
||||
static function getStrictPathChecking() {
|
||||
return self::$strictPathChecking;
|
||||
|
Loading…
x
Reference in New Issue
Block a user