silverstripe-framework/security/ChangePasswordForm.php
Ingo Schommer 64d0d7fd95 Merged revisions 50532 via svnmerge from
svn://svn.silverstripe.com/silverstripe/modules/sapphire/branches/2.2.0-mesq

........
  r50532 | ischommer | 2008-03-04 14:09:45 +1300 (Tue, 04 Mar 2008) | 1 line
  
  setting BackURL in GET parameter of /security/login to avoid redirecting to lostpassword form again
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@55069 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-05-24 01:17:20 +00:00

110 lines
3.2 KiB
PHP
Executable File

<?php
/**
* @package sapphire
* @subpackage security
*/
/**
* Standard Change Password Form
* @package sapphire
* @subpackage security
*/
class ChangePasswordForm extends Form {
/**
* Constructor
*
* @param Controller $controller The parent controller, necessary to
* create the appropriate form action tag.
* @param string $name The method on the controller that will return this
* form object.
* @param FieldSet|FormField $fields All of the fields in the form - a
* {@link FieldSet} of {@link FormField}
* objects.
* @param FieldSet|FormAction $actions All of the action buttons in the
* form - a {@link FieldSet} of
*/
function __construct($controller, $name, $fields = null, $actions = null) {
if(!$fields) {
$fields = new FieldSet();
if(Member::currentUser() && (!isset($_REQUEST['h']) || !Member::autoLoginHash($_REQUEST['h']))) {
$fields->push(new EncryptField("OldPassword",_t('Member.YOUROLDPASSWORD', "Your old password")));
}
$fields->push(new EncryptField("NewPassword1", _t('Member.NEWPASSWORD', "New Password")));
$fields->push(new EncryptField("NewPassword2", _t('Member.CONFIRMNEWPASSWORD', "Confirm New Password")));
}
if(!$actions) {
$actions = new FieldSet(
new FormAction("doChangePassword", _t('Member.BUTTONCHANGEPASSWORD', "Change Password"))
);
}
parent::__construct($controller, $name, $fields, $actions);
}
/**
* Change the password
*
* @param array $data The user submitted data
*/
function doChangePassword(array $data) {
if($member = Member::currentUser()) {
// The user was logged in, check the current password
if($member->checkPassword($data['OldPassword']) == false) {
$this->clearMessage();
$this->sessionMessage(
_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"),
"bad"
);
Director::redirectBack();
return;
}
}
if(!$member) {
if(Session::get('AutoLoginHash')) {
$member = Member::autoLoginHash(Session::get('AutoLoginHash'));
}
// The user is not logged in and no valid auto login hash is available
if(!$member) {
Session::clear('AutoLoginHash');
Director::redirect('loginpage');
return;
}
}
// Check the new password
if($data['NewPassword1'] == $data['NewPassword2']) {
$isValid = $member->changePassword($data['NewPassword1']);
if($isValid->valid()) {
$this->clearMessage();
$this->sessionMessage(
_t('Member.PASSWORDCHANGED', "Your password has been changed, and a copy emailed to you."),
"good");
Session::clear('AutoLoginHash');
$redirectURL = HTTP::setGetVar('BackURL', urlencode(Director::absoluteBaseURL()), Security::Link('login'));
Director::redirect($redirectURL);
} else {
$this->clearMessage();
$this->sessionMessage(nl2br("We couldn't accept that password:\n" . $isValid->starredList()), "bad");
Director::redirectBack();
}
} else {
$this->clearMessage();
$this->sessionMessage(
_t('Member.ERRORNEWPASSWORD', "Your have entered your new password differently, try again"),
"bad");
Director::redirectBack();
}
}
}
?>