2011-05-02 12:20:56 +00:00
|
|
|
<?php defined('SYSPATH') or die('No direct access allowed.');
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This class provides login capability
|
|
|
|
*
|
|
|
|
* @package lnApp
|
|
|
|
* @subpackage Page/Login
|
|
|
|
* @category Controllers
|
|
|
|
* @author Deon George
|
|
|
|
* @copyright (c) 2010 Deon George
|
|
|
|
* @license http://dev.leenooks.net/license.html
|
|
|
|
* @also [logout]
|
|
|
|
*/
|
|
|
|
class Controller_lnApp_Login extends Controller_TemplateDefault {
|
2011-07-13 22:59:32 +00:00
|
|
|
protected $auth_required = FALSE;
|
|
|
|
|
2011-05-02 12:20:56 +00:00
|
|
|
public function action_index() {
|
|
|
|
// If user already signed-in
|
|
|
|
if (Auth::instance()->logged_in()!= 0) {
|
|
|
|
// Redirect to the user account
|
2011-08-02 06:20:11 +00:00
|
|
|
Request::current()->redirect('user/welcome');
|
2011-05-02 12:20:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// If there is a post and $_POST is not empty
|
|
|
|
if ($_POST) {
|
2011-07-13 22:59:32 +00:00
|
|
|
// Store our details in a session key
|
|
|
|
Session::instance()->set(Kohana::config('auth.session_key'),$_POST['username']);
|
|
|
|
Session::instance()->set('password',$_POST['password']);
|
|
|
|
|
2011-05-02 12:20:56 +00:00
|
|
|
// If the post data validates using the rules setup in the user model
|
2011-05-14 07:35:33 +00:00
|
|
|
if (Auth::instance()->login($_POST['username'],$_POST['password'])) {
|
2011-05-02 12:20:56 +00:00
|
|
|
// Redirect to the user account
|
|
|
|
if ($redir = Session::instance()->get('afterlogin')) {
|
|
|
|
Session::instance()->delete('afterlogin');
|
2011-05-14 07:35:33 +00:00
|
|
|
Request::current()->redirect($redir);
|
2011-05-02 12:20:56 +00:00
|
|
|
|
|
|
|
} else
|
2011-08-02 06:20:11 +00:00
|
|
|
Request::current()->redirect('user/welcome');
|
2011-05-02 12:20:56 +00:00
|
|
|
|
|
|
|
} else {
|
|
|
|
SystemMessage::add(array(
|
|
|
|
'title'=>_('Invalid username or password'),
|
|
|
|
'type'=>'error',
|
|
|
|
'body'=>_('The username or password was invalid.')
|
|
|
|
));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
Block::add(array(
|
|
|
|
'title'=>_('Login to server'),
|
|
|
|
'body'=>View::factory('login'),
|
|
|
|
'style'=>array('css/login.css'=>'screen'),
|
|
|
|
));
|
|
|
|
|
|
|
|
Script::add(array('type'=>'stdin','data'=>'
|
|
|
|
$(document).ready(function() {
|
|
|
|
$("#ajxbody").click(function() {$("#ajBODY").load("'.$this->request->uri().'/"); return false;});
|
|
|
|
});'
|
|
|
|
));
|
|
|
|
}
|
|
|
|
|
|
|
|
public function action_register() {
|
|
|
|
// If user already signed-in
|
|
|
|
if (Auth::instance()->logged_in()!= 0) {
|
|
|
|
// Redirect to the user account
|
2011-05-14 07:35:33 +00:00
|
|
|
Request::current()->redirect('welcome/index');
|
2011-05-02 12:20:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Instantiate a new user
|
|
|
|
$account = ORM::factory('account');
|
|
|
|
|
|
|
|
// If there is a post and $_POST is not empty
|
|
|
|
if ($_POST) {
|
|
|
|
// Check Auth
|
|
|
|
$status = $account->values($_POST)->check();
|
|
|
|
|
|
|
|
if (! $status) {
|
2011-07-13 22:59:32 +00:00
|
|
|
foreach ($account->validation()->errors('form/register') as $f => $r) {
|
2011-05-02 12:20:56 +00:00
|
|
|
// $r[0] has our reason for validation failure
|
|
|
|
switch ($r[0]) {
|
|
|
|
// Generic validation reason
|
|
|
|
default:
|
|
|
|
SystemMessage::add(array(
|
|
|
|
'title'=>_('Validation failed'),
|
|
|
|
'type'=>'error',
|
2011-07-13 22:59:32 +00:00
|
|
|
'body'=>sprintf(_('The defaults on your submission were not valid for field %s (%s).'),$f,$r)
|
2011-05-02 12:20:56 +00:00
|
|
|
));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$ido = ORM::factory('module')
|
|
|
|
->where('name','=','account')
|
|
|
|
->find();
|
|
|
|
|
|
|
|
$account->id = $ido->record_id->next_id($ido->id);
|
|
|
|
// Save the user details
|
|
|
|
if ($account->save()) {}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
SystemMessage::add(array(
|
|
|
|
'title'=>_('Already have an account?'),
|
|
|
|
'type'=>'info',
|
|
|
|
'body'=>_('If you already have an account, please login..')
|
|
|
|
));
|
|
|
|
|
|
|
|
Block::add(array(
|
|
|
|
'title'=>_('Register'),
|
|
|
|
'body'=>View::factory('bregister')
|
|
|
|
->set('account',$account)
|
2011-05-14 07:35:33 +00:00
|
|
|
->set('errors',$account->validation()->errors('form/register')),
|
2011-05-02 12:20:56 +00:00
|
|
|
));
|
|
|
|
|
|
|
|
$this->template->left = HTML::anchor('login','Login').'...';
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Enable user password reset
|
|
|
|
*/
|
|
|
|
public function action_reset() {
|
|
|
|
// If user already signed-in
|
|
|
|
if (Auth::instance()->logged_in()!= 0) {
|
|
|
|
// Redirect to the user account
|
2011-05-14 07:35:33 +00:00
|
|
|
Request::current()->redirect('welcome/index');
|
2011-05-02 12:20:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// If the user posted their details to reset their password
|
|
|
|
if ($_POST) {
|
|
|
|
// If the email address is correct, create a method token
|
|
|
|
if (! empty($_POST['email']) AND ($ao=ORM::factory('account',array('email'=>$_POST['email']))) AND $ao->loaded()) {
|
|
|
|
$mt = ORM::factory('module_method_token');
|
|
|
|
|
|
|
|
// Find out our password reset method id
|
|
|
|
// @todo move this to a more generic method, so that it can be called by other methods
|
|
|
|
$mo = ORM::factory('module',array('name'=>'account'));
|
|
|
|
$mmo = ORM::factory('module_method',array('name'=>'user_resetpassword','module_id'=>$mo->id));
|
|
|
|
|
|
|
|
// Check to see if there is already a token, if so, do nothing.
|
|
|
|
if ($mt->where('account_id','=',$ao->id)->and_where('method_id','=',$mmo->id)->find()) {
|
|
|
|
if ($mt->date_expire < time()) {
|
|
|
|
$mt->delete();
|
|
|
|
$mt->clear();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (! $mt->loaded()) {
|
|
|
|
$mt->account_id = $ao->id;
|
|
|
|
$mt->method_id = $mmo->id;
|
|
|
|
$mt->date_expire = time() + 15*3600;
|
|
|
|
$mt->token = md5(sprintf('%s:%s:%s',$mt->account_id,$mt->method_id,$mt->date_expire));
|
|
|
|
$mt->save();
|
|
|
|
|
|
|
|
// Send our email with the token
|
|
|
|
$et = EmailTemplate::instance('account_reset_password');
|
|
|
|
$et->to = array($mt->account->email=>sprintf('%s %s',$mt->account->first_name,$mt->account->last_name));
|
|
|
|
$et->variables = array(
|
|
|
|
'SITE'=>URL::base(TRUE,TRUE),
|
|
|
|
'SITE_ADMIN'=>Config::sitename(),
|
|
|
|
'SITE_NAME'=>Config::sitename(),
|
|
|
|
'TOKEN'=>$mt->token,
|
|
|
|
'USER_NAME'=>sprintf('%s %s',$mt->account->first_name,$mt->account->last_name),
|
|
|
|
);
|
|
|
|
$et->send();
|
|
|
|
}
|
|
|
|
|
|
|
|
// Redirect to our password reset, the Auth will validate the token.
|
|
|
|
} elseif (! empty($_REQUEST['token'])) {
|
2011-05-14 07:35:33 +00:00
|
|
|
Request::current()->redirect(sprintf('user/account/resetpassword?token=%s',$_REQUEST['token']));
|
2011-05-02 12:20:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Show our token screen even if the email was invalid.
|
|
|
|
if (isset($_POST['email']))
|
|
|
|
Block::add(array(
|
|
|
|
'title'=>_('Reset your password'),
|
|
|
|
'body'=>View::factory('login_reset_sent'),
|
|
|
|
'style'=>array('css/login.css'=>'screen'),
|
|
|
|
));
|
|
|
|
else
|
2011-05-14 07:35:33 +00:00
|
|
|
Request::current()->redirect('login');
|
2011-05-02 12:20:56 +00:00
|
|
|
|
|
|
|
} else {
|
|
|
|
Block::add(array(
|
|
|
|
'title'=>_('Reset your password'),
|
|
|
|
'body'=>View::factory('login_reset'),
|
|
|
|
'style'=>array('css/login.css'=>'screen'),
|
|
|
|
));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public function action_noaccess() {
|
|
|
|
SystemMessage::add(array(
|
|
|
|
'title'=>_('No access to requested resource'),
|
|
|
|
'type'=>'error',
|
|
|
|
'body'=>_('You do not have access to the requested resource, please contact your administrator.')
|
|
|
|
));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
?>
|