<?php
/**
* Free Wallpaper Script
*
* Free Wallpaper Script by Vepa Halliyev is licensed under a Creative Commons Attribution-Share Alike 3.0 License.
*
* @package Free Wallpaper Script
* @author Vepa Halliyev
* @copyright Copyright (c) 2009, Vepa Halliyev, veppa.com.
* @license http://www.veppa.com/free-wallpaper-script/
* @link http://www.veppa.com/free-wallpaper-script/
* @since Version 1.0
* @filesource
*/
/**
* class LoginController
*
* Log a use in and out and send a mail with something on
* if the user doesn't remember is password !!!
*
* @author Philippe Archambault <philippe.archambault@gmail.com>
* @since 0.1
*/
class LoginController extends Controller
{
CONST URL_ADMIN = 'admin/';
private $_layout = 'login';
function __construct()
{
AuthUser::load();
$this->_meta = new stdClass();
$this->setLayout($this->_layout);
}
function index()
{
// already log in ?
$this->_loggedin_redirect();
// show it!
$this->display('login/login', array(
'username' => ''
));
}
private function _loggedin_redirect()
{
// already log in ?
if (AuthUser::isLoggedIn(false))
{
redirect(get_url(self::URL_ADMIN));
}
}
private function _login()
{
if (get_request_method() == 'POST')
{
$data = isset($_POST['login']) ? $_POST['login']: array('username' => '', 'password' => '');
//Flash::set('username', $data['username']);
$data['username'] = trim($data['username']);
if (AuthUser::login($data['username'], $data['password'], isset($data['remember'])))
{
// check if user is not activated account
if(AuthUser::$user->activation!=='0')
{
$resend_code = md5(AuthUser::$user->email);
$user_id = AuthUser::$user->id;
Flash::set('error',__('Your account is not activated. Please check your email to activate your account. If you did not recieve activation email click <a href="{url}">here</a> to resend new one.',
array('{url}'=>get_url('login/resendActivation/'.$user_id.'/'.$resend_code.'/'))));
// user account is not activated. display message to resend activation code and logout
AuthUser::logout();
redirect(get_url('login/message/'));
}
else if(AuthUser::$user->level == User::PERMISSION_PENDING)
{
// TODO send confirmation email once account approved
Flash::set('error',__('Your account is not approved yet. You will recieve confirmation email once your account approved.'));
// user account is not activated. display message to resend activation code and logout
AuthUser::logout();
redirect(get_url('login/message/'));
}
// redirect to last page
$this->_resume_redirect();
}
else
{
$this->validation()->set_error(__('Login failed. Please check your login data and try again.'));
}
}
}
function login()
{
// already log in ?
$this->_loggedin_redirect();
// login
$this->_login();
$data['username'] = trim($_POST['username']);
// show it!
$this->display('login/login', array(
'username' => $data['username']
));
}
function logout()
{
AuthUser::logout();
redirect(get_url());
}
function forgot()
{
if (get_request_method() == 'POST')
{
$rules['email'] = 'trim|required|valid_email';
$fields['email'] = __('Email address');
$validation = $this->validation();
$validation->set_rules($rules);
$validation->set_fields($fields);
if($validation->run())
{
// check if user exists
$user = User::findBy('email', $_POST['email']);
if($user)
{
$this->_sendPasswordTo($user);
$this->display('login/login');
}
else
{
$validation->set_error(__('User not found'));
}
}
}
//return $this->_sendPasswordTo($_POST['forgot']['email']);
$this->display('login/forgot');
}
function securityImage()
{
use_helper('Vimage');
$vImage = new Vimage();
$vImage->genText(4);
$vImage->showimage();
exit;
}
private function _sendPasswordTo($user)
{
if ($user)
{
$new_pass = '12'.dechex(rand(100000000, 4294967295)).'K';
$this->setLayout(false);
$Body = $this->render('login/mail_new_password',array(
'new_pass' => $new_pass,
'site' => get_url()
));
$this->setLayout($this->_layout);
use_helper('Email');
$email = new Email();
$email->from('no-reply@'.DOMAIN, DOMAIN);
$email->to($user->email);
$email->subject( __('Password reminder'));
$email->message($Body);
if($email->send())
{
$user->password = md5($new_pass);
$user->save();
$this->validation()->set_success(__('An email has been send with your new password!'));
}
else
{
$this->validation()->set_error(__('Error accured while sending your new password. Please try again later.'));
}
return true;
}
return false;
}
private function _sendActivationEmail($user)
{
if ($user)
{
$this->setLayout(false);
$Body = $this->render('login/mail_activate',array(
'activation_url' => get_url('login/activate/'.$user->id.'/'.$user->activation.'/'),
'site' => URL_PUBLIC
));
$this->setLayout($this->_layout);
use_helper('Email');
$email = new Email();
$email->from('no-reply@'.DOMAIN, DOMAIN);
$email->to($user->email);
$email->subject( __('Account activation mail'));
$email->message($Body);
return $email->send();
}
return false;
}
function register()
{
exit('disabled');
// already log in ?
$this->_loggedin_redirect();
if(get_request_method() == 'POST')
{
$user = $this->_register();
}
$this->display('login/register',array(
'user' => $user
));
}
private function _register()
{
// specific rules
$rules['password'] = 'required|min_length[4]|max_length[32]|matches[password_repeat]';
// general rules
// TODO do same email validation on email update in "settings/security/"
$rules['email'] = 'trim|required|xss_clean|valid_email|callback__validate_user_email';
$rules['read'] = 'required';
$fields['email'] = __('Email');
$fields['password'] = __('Password');
$fields['password_repeat'] = __('Repeat password');
$fields['read'] = __('Terms of service');
$fields['vImageCodP'] = __('Security code');
$user = new User();
$this->validation()->set_controller($user);
$this->validation()->set_rules($rules);
$this->validation()->set_fields($fields);
// check if user details are correct
if($this->validation()->run())
{
// check security image
$rules['vImageCodP'] = 'required|callback__validate_security_code';
use_helper('Vimage');
$vImage = new Vimage();
$this->validation()->set_controller($vImage);
$this->validation()->set_rules($rules);
if($this->validation()->run())
{
// code is correct create user and send activation link
$data = Record::filterCols($_POST,array(
'email',
'password'
));
$data['password'] = md5($data['password']);
$user = new User($data);
if($user->save('id',MAIN_DB))
{
// send activation email
$this->_sendActivationEmail($user);
// clear not activated users
User::clearNotActivated();
// user created activation code sent
Flash::set('success',__('Your account is created. We sent activation email to you. Please check your email.'));
redirect(get_url('login/message/'));
}
else
{
$this->validation()->set_error(__('Error accured while creating your account. Please try again later.'));
}
}
}
return new User($_POST);
}
function message()
{
$this->display('login/message');
}
function noPermission()
{
$this->display('login/no_permission');
}
function activate($user_id='',$activation_code='')
{
if(!$user_id)
{
$this->_incorrectActivation();
}
if(!strlen($activation_code))
{
$this->_incorrectActivation();
}
// get user from database
$user = User::findBy('id',$user_id);
if(!$user)
{
$message = __('User is not found. Your registration may be delated if it was not activated within 48 hours. Click <a href="{url}">here</a> to start new registration.',array(
'{url}' => get_url('login/register')
));
Flash::set('error',$message);
redirect(get_url('login/message/'));
}
// check if user not already activated
if($user->activation === $activation_code)
{
// update database
$user->activation = '0';
$new_user = new User();
$new_user->id = $user->id;
$new_user->activation = $user->activation;
$new_user->save('id');
}
if($user->activation === '0')
{
$message = __('Congratulations! Your registration is activated. Please <a href="{url}">login</a> to strat using your account.',array(
'{url}' => get_url('login/')
));
Flash::set('success',$message);
redirect(get_url('login/message/'));
}
$this->_incorrectActivation();
}
private function _incorrectActivation()
{
$message__('Incorrect activation link. Please make sure that url is exactly the same.');
Flash::set('error',$message);
redirect(get_url('login/message/'));
}
/*
* TODO use capcha to accept only user requests.
*/
function resendActivation($user_id,$email_md5)
{
$user = User::findBy('id',$user_id);
if($user && md5($user->email)===$email_md5)
{
if($user->activation != '0')
{
if($this->_sendActivationEmail($user))
{
$message = __('Activation email is sent to your email address. Please check your email.');
}
else
{
$message = __('Error accured, please try again later.');
}
}
else
{
$message = __('You already activated your email.');
}
}
else
{
$message = __('Your account is not found.');
}
// use this for not caching email address in url
//header_404();
Flash::set('success',$message);
redirect(get_url('login/message/'));
}
private function _resume_redirect()
{
// $this->_checkVersion();
// redirect to defaut controller and action
if(strlen($_REQUEST['rd']))
{
$url = $_REQUEST['rd'];
}
else
{
$url = get_url(self::URL_ADMIN);
}
redirect($url);
}
} // end LoginController class