setController($controller); $this->setAuthenticatorClass($authenticatorClass); $customCSS = project() . '/css/member_login.css'; if (Director::fileExists($customCSS)) { Requirements::css($customCSS); } if ($checkCurrentUser && Security::getCurrentUser()) { // @todo find a more elegant way to handle this $logoutAction = Security::logout_url(); $fields = FieldList::create( HiddenField::create('AuthenticationMethod', null, $this->getAuthenticatorClass(), $this) ); $actions = FieldList::create( FormAction::create('logout', _t( 'SilverStripe\\Security\\Member.BUTTONLOGINOTHER', 'Log in as someone else' )) ); } else { if (!$fields) { $fields = $this->getFormFields(); } if (!$actions) { $actions = $this->getFormActions(); } } // Reduce attack surface by enforcing POST requests $this->setFormMethod('POST', true); parent::__construct($controller, $name, $fields, $actions); if (isset($logoutAction)) { $this->setFormAction($logoutAction); } $this->setValidator(RequiredFields::create(self::config()->get('required_fields'))); } /** * Build the FieldList for the login form * * @skipUpgrade * @return FieldList */ protected function getFormFields() { $request = $this->getRequest(); if ($request->getVar('BackURL')) { $backURL = $request->getVar('BackURL'); } else { $backURL = $request->getSession()->get('BackURL'); } $label = Member::singleton()->fieldLabel(Member::config()->get('unique_identifier_field')); $fields = FieldList::create( HiddenField::create("AuthenticationMethod", null, $this->getAuthenticatorClass(), $this), // Regardless of what the unique identifer field is (usually 'Email'), it will be held in the // 'Email' value, below: // @todo Rename the field to a more generic covering name $emailField = TextField::create("Email", $label, null, null, $this), PasswordField::create("Password", _t('SilverStripe\\Security\\Member.PASSWORD', 'Password')) ); $emailField->setAttribute('autofocus', 'true'); if (Security::config()->get('remember_username')) { $emailField->setValue($this->getSession()->get('SessionForms.MemberLoginForm.Email')); } else { // Some browsers won't respect this attribute unless it's added to the form $this->setAttribute('autocomplete', 'off'); $emailField->setAttribute('autocomplete', 'off'); } if (Security::config()->get('autologin_enabled')) { $fields->push( CheckboxField::create( "Remember", _t('SilverStripe\\Security\\Member.KEEPMESIGNEDIN', "Keep me signed in") )->setAttribute( 'title', _t( 'SilverStripe\\Security\\Member.REMEMBERME', "Remember me next time? (for {count} days on this device)", [ 'count' => RememberLoginHash::config()->uninherited('token_expiry_days') ] ) ) ); } if (isset($backURL)) { $fields->push(HiddenField::create('BackURL', 'BackURL', $backURL)); } return $fields; } /** * Build default login form action FieldList * * @return FieldList */ protected function getFormActions() { $actions = FieldList::create( FormAction::create('doLogin', _t('SilverStripe\\Security\\Member.BUTTONLOGIN', "Log in")), LiteralField::create( 'forgotPassword', '
' . _t('SilverStripe\\Security\\Member.BUTTONLOSTPASSWORD', "I've lost my password") . '
' ) ); return $actions; } public function restoreFormState() { parent::restoreFormState(); $session = $this->getSession(); $forceMessage = $session->get('MemberLoginForm.force_message'); if (($member = Security::getCurrentUser()) && !$forceMessage) { $message = _t( 'SilverStripe\\Security\\Member.LOGGEDINAS', "You're logged in as {name}.", array('name' => $member->{$this->loggedInAsField}) ); $this->setMessage($message, ValidationResult::TYPE_INFO); } // Reset forced message if ($forceMessage) { $session->set('MemberLoginForm.force_message', false); } return $this; } /** * The name of this login form, to display in the frontend * Replaces Authenticator::get_name() * * @return string */ public function getAuthenticatorName() { return _t(self::class . '.AUTHENTICATORNAME', "E-mail & Password"); } }