children = new FieldList( new PasswordField( "{$name}[_Password]", (isset($title)) ? $title : _t('Member.PASSWORD', 'Password') ), new PasswordField( "{$name}[_ConfirmPassword]", (isset($titleConfirmField)) ? $titleConfirmField : _t('Member.CONFIRMPASSWORD', 'Confirm Password') ) ); // has to be called in constructor because Field() isn't triggered upon saving the instance if($showOnClick) { $this->children->push(new HiddenField("{$name}[_PasswordFieldVisible]")); } // disable auto complete foreach($this->children as $child) { /** @var FormField $child */ $child->setAttribute('autocomplete', 'off'); } $this->showOnClick = $showOnClick; // we have labels for the subfields $title = false; parent::__construct($name, $title); $this->setValue($value); } /** * @param array $properties * * @return DBHTMLText */ public function Field($properties = array()) { Requirements::javascript(FRAMEWORK_DIR . '/thirdparty/jquery/jquery.js'); Requirements::javascript(FRAMEWORK_DIR . '/client/dist/js/ConfirmedPasswordField.js'); Requirements::css(FRAMEWORK_DIR . '/client/dist/styles/ConfirmedPasswordField.css'); $content = ''; if($this->showOnClick) { if($this->showOnClickTitle) { $title = $this->showOnClickTitle; } else { $title = _t( 'ConfirmedPasswordField.SHOWONCLICKTITLE', 'Change Password', 'Label of the link which triggers display of the "change password" formfields' ); } $content .= "
\n"; $content .= "{$title}\n"; $content .= "
"; } foreach($this->children as $field) { /** @var FormField $field */ $field->setDisabled($this->isDisabled()); $field->setReadonly($this->isReadonly()); if(count($this->attributes)) { foreach($this->attributes as $name => $value) { $field->setAttribute($name, $value); } } $content .= $field->FieldHolder(); } if($this->showOnClick) { $content .= "
\n"; $content .= "
\n"; } return $content; } /** * Returns the children of this field for use in templating. * @return FieldList */ public function getChildren() { return $this->children; } /** * Can be empty is a flag that turns on / off empty field checking. * * For example, set this to false (the default) when creating a user account, * and true when displaying on an edit form. * * @param boolean $value * * @return ConfirmedPasswordField */ public function setCanBeEmpty($value) { $this->canBeEmpty = (bool)$value; return $this; } /** * The title on the link which triggers display of the "password" and * "confirm password" formfields. Only used if {@link setShowOnClick()} * is set to TRUE. * * @param string $title * * @return ConfirmedPasswordField */ public function setShowOnClickTitle($title) { $this->showOnClickTitle = $title; return $this; } /** * @return string $title */ public function getShowOnClickTitle() { return $this->showOnClickTitle; } /** * @param string $title * * @return ConfirmedPasswordField */ public function setRightTitle($title) { foreach($this->children as $field) { /** @var FormField $field */ $field->setRightTitle($title); } return $this; } /** * Set child field titles. Titles in order should be: * - "Current Password" (if getRequireExistingPassword() is set) * - "Password" * - "Confirm Password" * * @param array $titles List of child titles * @return $this */ public function setChildrenTitles($titles) { $expectedChildren = $this->getRequireExistingPassword() ? 3 : 2; if(is_array($titles) && count($titles) == $expectedChildren) { foreach($this->children as $field) { if(isset($titles[0])) { /** @var FormField $field */ $field->setTitle($titles[0]); array_shift($titles); } } } return $this; } /** * Value is sometimes an array, and sometimes a single value, so we need * to handle both cases. * * @param mixed $value * @param mixed $data * @return $this */ public function setValue($value, $data = null) { // If $data is a DataObject, don't use the value, since it's a hashed value if ($data && $data instanceof DataObject) $value = ''; //store this for later $oldValue = $this->value; if(is_array($value)) { $this->value = $value['_Password']; $this->confirmValue = $value['_ConfirmPassword']; $this->currentPasswordValue = ($this->getRequireExistingPassword() && isset($value['_CurrentPassword'])) ? $value['_CurrentPassword'] : null; if($this->showOnClick && isset($value['_PasswordFieldVisible'])) { $this->children->fieldByName($this->getName() . '[_PasswordFieldVisible]') ->setValue($value['_PasswordFieldVisible']); } } else { if($value || (!$value && $this->canBeEmpty)) { $this->value = $value; $this->confirmValue = $value; } } //looking up field by name is expensive, so lets check it needs to change if ($oldValue != $this->value) { $this->children->fieldByName($this->getName() . '[_Password]') ->setValue($this->value); $this->children->fieldByName($this->getName() . '[_ConfirmPassword]') ->setValue($this->confirmValue); } return $this; } /** * Update the names of the child fields when updating name of field. * * @param string $name new name to give to the field. * @return $this */ public function setName($name) { $this->children->fieldByName($this->getName() . '[_Password]') ->setName($name . '[_Password]'); $this->children->fieldByName($this->getName() . '[_ConfirmPassword]') ->setName($name . '[_ConfirmPassword]'); return parent::setName($name); } /** * Determines if the field was actually shown on the client side - if not, * we don't validate or save it. * * @return boolean */ public function isSaveable() { $isVisible = $this->children->fieldByName($this->getName() . '[_PasswordFieldVisible]'); return (!$this->showOnClick || ($this->showOnClick && $isVisible && $isVisible->Value())); } /** * Validate this field * * @param Validator $validator * @return bool */ public function validate($validator) { $name = $this->name; // if field isn't visible, don't validate if(!$this->isSaveable()) { return true; } $passwordField = $this->children->fieldByName($name.'[_Password]'); $passwordConfirmField = $this->children->fieldByName($name.'[_ConfirmPassword]'); $passwordField->setValue($this->value); $passwordConfirmField->setValue($this->confirmValue); $value = $passwordField->Value(); // both password-fields should be the same if($value != $passwordConfirmField->Value()) { $validator->validationError( $name, _t('Form.VALIDATIONPASSWORDSDONTMATCH',"Passwords don't match"), "validation" ); return false; } if(!$this->canBeEmpty) { // both password-fields shouldn't be empty if(!$value || !$passwordConfirmField->Value()) { $validator->validationError( $name, _t('Form.VALIDATIONPASSWORDSNOTEMPTY', "Passwords can't be empty"), "validation" ); return false; } } // lengths if(($this->minLength || $this->maxLength)) { $errorMsg = null; $limit = null; if($this->minLength && $this->maxLength) { $limit = "{{$this->minLength},{$this->maxLength}}"; $errorMsg = _t( 'ConfirmedPasswordField.BETWEEN', 'Passwords must be {min} to {max} characters long.', array('min' => $this->minLength, 'max' => $this->maxLength) ); } elseif($this->minLength) { $limit = "{{$this->minLength}}.*"; $errorMsg = _t( 'ConfirmedPasswordField.ATLEAST', 'Passwords must be at least {min} characters long.', array('min' => $this->minLength) ); } elseif($this->maxLength) { $limit = "{0,{$this->maxLength}}"; $errorMsg = _t( 'ConfirmedPasswordField.MAXIMUM', 'Passwords must be at most {max} characters long.', array('max' => $this->maxLength) ); } $limitRegex = '/^.' . $limit . '$/'; if(!empty($value) && !preg_match($limitRegex,$value)) { $validator->validationError( $name, $errorMsg, "validation" ); } } if($this->requireStrongPassword) { if(!preg_match('/^(([a-zA-Z]+\d+)|(\d+[a-zA-Z]+))[a-zA-Z0-9]*$/',$value)) { $validator->validationError( $name, _t('Form.VALIDATIONSTRONGPASSWORD', "Passwords must have at least one digit and one alphanumeric character"), "validation" ); return false; } } // Check if current password is valid if(!empty($value) && $this->getRequireExistingPassword()) { if(!$this->currentPasswordValue) { $validator->validationError( $name, _t( 'ConfirmedPasswordField.CURRENT_PASSWORD_MISSING', "You must enter your current password." ), "validation" ); return false; } // Check this password is valid for the current user $member = Member::currentUser(); if(!$member) { $validator->validationError( $name, _t( 'ConfirmedPasswordField.LOGGED_IN_ERROR', "You must be logged in to change your password." ), "validation" ); return false; } // With a valid user and password, check the password is correct $checkResult = $member->checkPassword($this->currentPasswordValue); if(!$checkResult->valid()) { $validator->validationError( $name, _t( 'ConfirmedPasswordField.CURRENT_PASSWORD_ERROR', "The current password you have entered is not correct." ), "validation" ); return false; } } return true; } /** * Only save if field was shown on the client, and is not empty. * * @param DataObjectInterface $record * * @return boolean */ public function saveInto(DataObjectInterface $record) { if(!$this->isSaveable()) { return false; } if(!($this->canBeEmpty && !$this->value)) { parent::saveInto($record); } } /** * Makes a read only field with some stars in it to replace the password * * @return ReadonlyField */ public function performReadonlyTransformation() { $field = $this->castedCopy('ReadonlyField') ->setTitle($this->title ? $this->title : _t('Member.PASSWORD')) ->setValue('*****'); return $field; } /** * Check if existing password is required * * @return bool */ public function getRequireExistingPassword() { return $this->requireExistingPassword; } /** * Set if the existing password should be required * * @param bool $show Flag to show or hide this field * @return $this */ public function setRequireExistingPassword($show) { // Don't modify if already added / removed if((bool)$show === $this->requireExistingPassword) { return $this; } $this->requireExistingPassword = $show; $name = $this->getName(); $currentName = "{$name}[_CurrentPassword]"; if ($show) { $confirmField = PasswordField::create($currentName, _t('Member.CURRENT_PASSWORD', 'Current Password')); $this->children->unshift($confirmField); } else { $this->children->removeByName($currentName, true); } return $this; } }