phpci/PHPCI/Controller/SessionController.php

177 lines
4.7 KiB
PHP
Raw Normal View History

2013-05-10 17:25:51 +02:00
<?php
2013-05-16 03:16:56 +02:00
/**
* PHPCI - Continuous Integration for PHP
*
* @copyright Copyright 2014, Block 8 Limited.
* @license https://github.com/Block8/PHPCI/blob/master/LICENSE.md
* @link https://www.phptesting.org/
*/
2013-05-10 17:25:51 +02:00
namespace PHPCI\Controller;
2013-05-10 17:25:51 +02:00
use b8;
2014-05-08 22:38:32 +02:00
use PHPCI\Helper\Email;
2013-05-10 17:25:51 +02:00
/**
* Session Controller - Handles user login / logout.
* @author Dan Cryer <dan@block8.co.uk>
* @package PHPCI
* @subpackage Web
*/
class SessionController extends \PHPCI\Controller
2013-05-10 17:25:51 +02:00
{
/**
* @var \PHPCI\Store\UserStore
*/
protected $userStore;
public function init()
{
2013-07-30 19:45:27 +02:00
$this->response->disableLayout();
$this->userStore = b8\Store\Factory::getStore('User');
}
2013-05-10 17:25:51 +02:00
/**
* Handles user login (form and processing)
*/
public function login()
2013-07-30 19:45:27 +02:00
{
2013-10-08 08:50:42 +02:00
$isLoginFailure = false;
if ($this->request->getMethod() == 'POST') {
$user = $this->userStore->getByEmail($this->getParam('email'));
2014-12-02 17:26:55 +01:00
if ($user && password_verify($this->getParam('password', ''), $user->getHash())) {
$_SESSION['phpci_user_id'] = $user->getId();
header('Location: ' . $this->getLoginRedirect());
die;
2013-10-08 08:50:42 +02:00
} else {
$isLoginFailure = true;
}
}
2013-05-10 17:25:51 +02:00
$form = new b8\Form();
$form->setMethod('POST');
2013-07-30 19:45:27 +02:00
$form->setAction(PHPCI_URL.'session/login');
2013-05-10 17:25:51 +02:00
$email = new b8\Form\Element\Email('email');
$email->setLabel('Email Address');
$email->setRequired(true);
$email->setContainerClass('form-group');
$email->setClass('form-control');
$form->addField($email);
2013-05-10 17:25:51 +02:00
$pwd = new b8\Form\Element\Password('password');
$pwd->setLabel('Password');
$pwd->setRequired(true);
$pwd->setContainerClass('form-group');
$pwd->setClass('form-control');
$form->addField($pwd);
2013-05-10 17:25:51 +02:00
$pwd = new b8\Form\Element\Submit();
2013-08-02 09:54:28 +02:00
$pwd->setValue('Log in &raquo;');
$pwd->setClass('btn-success');
$form->addField($pwd);
2013-05-10 17:25:51 +02:00
$this->view->form = $form->render();
2013-10-08 08:50:42 +02:00
$this->view->failed = $isLoginFailure;
return $this->view->render();
}
2013-05-10 17:25:51 +02:00
/**
* Handles user logout.
*/
public function logout()
{
unset($_SESSION['phpci_user']);
unset($_SESSION['phpci_user_id']);
session_destroy();
header('Location: ' . PHPCI_URL);
die;
}
2014-05-08 22:38:32 +02:00
public function forgotPassword()
{
if ($this->request->getMethod() == 'POST') {
$email = $this->getParam('email', null);
$user = $this->userStore->getByEmail($email);
if (empty($user)) {
$this->view->error = 'No user exists with that email address, please try again.';
return $this->view->render();
}
$key = md5(date('Y-m-d') . $user->getHash());
$url = PHPCI_URL;
$name = $user->getName();
2014-05-08 22:43:06 +02:00
$userId = $user->getId();
2014-05-08 22:38:32 +02:00
$message = <<<MSG
Hi {$name},
You have received this email because you, or someone else, has requested a password reset for PHPCI.
2014-05-08 22:43:06 +02:00
If this was you, please click the following link to reset your password: {$url}session/reset-password/{$userId}/{$key}
2014-05-08 22:38:32 +02:00
Otherwise, please ignore this email and no action will be taken.
Thank you,
PHPCI
MSG;
$email = new Email();
2014-05-08 22:43:06 +02:00
$email->setEmailTo($user->getEmail(), $user->getName());
2014-05-08 22:38:32 +02:00
$email->setSubject('Password reset');
$email->setBody($message);
$email->send();
$this->view->emailed = true;
}
return $this->view->render();
}
2014-05-08 22:43:06 +02:00
public function resetPassword($userId, $key)
2014-05-08 22:38:32 +02:00
{
2014-05-08 22:43:06 +02:00
$user = $this->userStore->getById($userId);
2014-05-08 22:38:32 +02:00
$userKey = md5(date('Y-m-d') . $user->getHash());
if (empty($user) || $key != $userKey) {
$this->view->error = 'Invalid password reset request.';
return $this->view->render();
}
if ($this->request->getMethod() == 'POST') {
$hash = password_hash($this->getParam('password'), PASSWORD_DEFAULT);
$user->setHash($hash);
$_SESSION['phpci_user'] = $this->userStore->save($user);
$_SESSION['phpci_user_id'] = $user->getId();
2014-05-08 22:38:32 +02:00
header('Location: ' . PHPCI_URL);
die;
}
2014-05-08 22:43:06 +02:00
$this->view->id = $userId;
2014-05-08 22:38:32 +02:00
$this->view->key = $key;
return $this->view->render();
}
protected function getLoginRedirect()
{
$rtn = PHPCI_URL;
if (!empty($_SESSION['phpci_login_redirect'])) {
$rtn .= $_SESSION['phpci_login_redirect'];
$_SESSION['phpci_login_redirect'] = null;
}
return $rtn;
}
}