authenticator_class = $authenticatorClassName; $customCSS = project() . '/css/member_login.css'; if(Director::fileExists($customCSS)) { Requirements::css($customCSS); } if(isset($_REQUEST['BackURL'])) { $backURL = $_REQUEST['BackURL']; } else { $backURL = Session::get('BackURL'); } if($checkCurrentUser && Member::currentUserID() && Member::logged_in_session_exists()) { $fields = new FieldSet( new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this) ); $actions = new FieldSet( new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else")) ); } else { if(!$fields) { $fields = new FieldSet( new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this), new TextField("Email", _t('Member.EMAIL', 'Email'), Session::get('SessionForms.MemberLoginForm.Email'), null, $this), new PasswordField("Password", _t('Member.PASSWORD', 'Password')) ); if(Security::$autologin_enabled) { $fields->push(new CheckboxField( "Remember", _t('Member.REMEMBERME', "Remember me next time?") )); } } if(!$actions) { $actions = new FieldSet( new FormAction('dologin', _t('Member.BUTTONLOGIN', "Log in")), new LiteralField( 'forgotPassword', '

' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '

' ) ); } } if(isset($backURL)) { $fields->push(new HiddenField('BackURL', 'BackURL', $backURL)); } parent::__construct($controller, $name, $fields, $actions); // Focus on the email input when the page is loaded // Only include this if other form JS validation is enabled if($this->getValidator()->getJavascriptValidationHandler() != 'none') { Requirements::customScript(<<message = sprintf(_t('Member.LOGGEDINAS', "You're logged in as %s."), $member->FirstName); } Session::set('MemberLoginForm.force_message', false); } /** * Login form handler method * * This method is called when the user clicks on "Log in" * * @param array $data Submitted data */ public function dologin($data) { if($this->performLogin($data)) { Session::clear('SessionForms.MemberLoginForm.Email'); Session::clear('SessionForms.MemberLoginForm.Remember'); if(Member::currentUser()->isPasswordExpired()) { if(isset($_REQUEST['BackURL']) && $backURL = $_REQUEST['BackURL']) { Session::set('BackURL', $backURL); } $cp = new ChangePasswordForm($this->controller, 'ChangePasswordForm'); $cp->sessionMessage('Your password has expired. Please choose a new one.', 'good'); Director::redirect('Security/changepassword'); } elseif( isset($_REQUEST['BackURL']) && $_REQUEST['BackURL'] // absolute redirection URLs may cause spoofing && Director::is_site_url($_REQUEST['BackURL']) ) { Director::redirect($_REQUEST['BackURL']); } elseif (Security::default_login_dest()) { Director::redirect(Director::absoluteBaseURL() . Security::default_login_dest()); } else { $member = Member::currentUser(); if($member) { $firstname = Convert::raw2xml($member->FirstName); if(!empty($data['Remember'])) { Session::set('SessionForms.MemberLoginForm.Remember', '1'); $member->logIn(true); } else { $member->logIn(); } Session::set('Security.Message.message', sprintf(_t('Member.WELCOMEBACK', "Welcome Back, %s"), $firstname) ); Session::set("Security.Message.type", "good"); } Director::redirectBack(); } } else { Session::set('SessionForms.MemberLoginForm.Email', $data['Email']); Session::set('SessionForms.MemberLoginForm.Remember', isset($data['Remember'])); if(isset($_REQUEST['BackURL'])) $backURL = $_REQUEST['BackURL']; else $backURL = null; if($backURL) Session::set('BackURL', $backURL); if($badLoginURL = Session::get("BadLoginURL")) { Director::redirect($badLoginURL); } else { // Show the right tab on failed login $loginLink = Director::absoluteURL(Security::Link("login")); if($backURL) $loginLink .= '?BackURL=' . urlencode($backURL); Director::redirect($loginLink . '#' . $this->FormName() .'_tab'); } } } /** * Log out form handler method * * This method is called when the user clicks on "logout" on the form * created when the parameter $checkCurrentUser of the * {@link __construct constructor} was set to TRUE and the user was * currently logged in. */ public function logout() { $s = new Security(); $s->logout(); } /** * Try to authenticate the user * * @param array Submitted data * @return Member Returns the member object on successful authentication * or NULL on failure. */ public function performLogin($data) { if($member = MemberAuthenticator::authenticate($data, $this)) { $member->LogIn(isset($data['Remember'])); return $member; } else { $this->extend('authenticationFailed', $data); return null; } } /** * Forgot password form handler method * * This method is called when the user clicks on "I've lost my password" * * @param array $data Submitted data */ function forgotPassword($data) { $SQL_data = Convert::raw2sql($data); $SQL_email = $SQL_data['Email']; $member = DataObject::get_one('Member', "\"Email\" = '{$SQL_email}'"); if($member) { $member->generateAutologinHash(); $member->sendInfo( 'forgotPassword', array( 'PasswordResetLink' => Security::getPasswordResetLink($member->AutoLoginHash) ) ); Director::redirect('Security/passwordsent/' . urlencode($data['Email'])); } elseif($data['Email']) { // Avoid information disclosure by displaying the same status, // regardless wether the email address actually exists Director::redirect('Security/passwordsent/' . urlencode($data['Email'])); } else { $this->sessionMessage( _t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad' ); Director::redirect('Security/lostpassword'); } } } ?>