phpci/PHPCI/Controller/SessionController.php

<?php
/**
 * PHPCI - Continuous Integration for PHP
 *
 * @copyright    Copyright 2014, Block 8 Limited.
 * @license      https://github.com/Block8/PHPCI/blob/master/LICENSE.md
 * @link         https://www.phptesting.org/
 */

namespace PHPCI\Controller;

use b8;
use PHPCI\Helper\Email;

/**
* Session Controller - Handles user login / logout.
* @author       Dan Cryer <dan@block8.co.uk>
* @package      PHPCI
* @subpackage   Web
*/
class SessionController extends \PHPCI\Controller
{
    /**
     * @var \PHPCI\Store\UserStore
     */
    protected $userStore;

    public function init()
    {
        $this->response->disableLayout();
        $this->userStore       = b8\Store\Factory::getStore('User');
    }

    /**
    * Handles user login (form and processing)
    */
    public function login()
    {
        $isLoginFailure = false;

        if ($this->request->getMethod() == 'POST') {
            $user = $this->userStore->getByEmail($this->getParam('email'));

            if ($user && password_verify($this->getParam('password', ''), $user->getHash())) {
                $_SESSION['phpci_user_id']    = $user->getId();
                header('Location: ' . $this->getLoginRedirect());
                die;
            } else {
                $isLoginFailure = true;
            }
        }

        $form = new b8\Form();
        $form->setMethod('POST');
        $form->setAction(PHPCI_URL.'session/login');

        $email = new b8\Form\Element\Email('email');
        $email->setLabel('Email Address');
        $email->setRequired(true);
        $email->setContainerClass('form-group');
        $email->setClass('form-control');
        $form->addField($email);

        $pwd = new b8\Form\Element\Password('password');
        $pwd->setLabel('Password');
        $pwd->setRequired(true);
        $pwd->setContainerClass('form-group');
        $pwd->setClass('form-control');
        $form->addField($pwd);

        $pwd = new b8\Form\Element\Submit();
        $pwd->setValue('Log in &raquo;');
        $pwd->setClass('btn-success');
        $form->addField($pwd);

        $this->view->form = $form->render();
        $this->view->failed = $isLoginFailure;
        
        return $this->view->render();
    }

    /**
    * Handles user logout.
    */
    public function logout()
    {
        unset($_SESSION['phpci_user']);
        unset($_SESSION['phpci_user_id']);

        session_destroy();
        header('Location: ' . PHPCI_URL);
        die;
    }

    public function forgotPassword()
    {
        if ($this->request->getMethod() == 'POST') {
            $email = $this->getParam('email', null);
            $user = $this->userStore->getByEmail($email);

            if (empty($user)) {
                $this->view->error = 'No user exists with that email address, please try again.';
                return $this->view->render();
            }

            $key = md5(date('Y-m-d') . $user->getHash());
            $url = PHPCI_URL;
            $name = $user->getName();
            $userId = $user->getId();

            $message = <<<MSG
Hi {$name},

You have received this email because you, or someone else, has requested a password reset for PHPCI.

If this was you, please click the following link to reset your password: {$url}session/reset-password/{$userId}/{$key}

Otherwise, please ignore this email and no action will be taken.

Thank you,

PHPCI
MSG;


            $email = new Email();
            $email->setEmailTo($user->getEmail(), $user->getName());
            $email->setSubject('Password reset');
            $email->setBody($message);
            $email->send();

            $this->view->emailed = true;
        }

        return $this->view->render();
    }

    public function resetPassword($userId, $key)
    {
        $user = $this->userStore->getById($userId);
        $userKey = md5(date('Y-m-d') . $user->getHash());

        if (empty($user) || $key != $userKey) {
            $this->view->error = 'Invalid password reset request.';
            return $this->view->render();
        }

        if ($this->request->getMethod() == 'POST') {
            $hash = password_hash($this->getParam('password'), PASSWORD_DEFAULT);
            $user->setHash($hash);

            $_SESSION['phpci_user'] = $this->userStore->save($user);
            $_SESSION['phpci_user_id'] = $user->getId();

            header('Location: ' . PHPCI_URL);
            die;
        }

        $this->view->id = $userId;
        $this->view->key = $key;

        return $this->view->render();
    }

    protected function getLoginRedirect()
    {
        $rtn = PHPCI_URL;

        if (!empty($_SESSION['phpci_login_redirect'])) {
            $rtn .= $_SESSION['phpci_login_redirect'];
            $_SESSION['phpci_login_redirect'] = null;
        }

        return $rtn;
    }
}
Adding user accounts. 2013-05-10 17:25:51 +02:00			`<?php`
Add file-level docblock to every file. 2013-05-16 03:16:56 +02:00			`/**`
Adding / correcting the file docblock throughout the project 2014-05-12 18:26:17 +02:00			`* PHPCI - Continuous Integration for PHP`
			`*`
			`* @copyright Copyright 2014, Block 8 Limited.`
			`* @license https://github.com/Block8/PHPCI/blob/master/LICENSE.md`
			`* @link https://www.phptesting.org/`
			`*/`
Adding user accounts. 2013-05-10 17:25:51 +02:00
			`namespace PHPCI\Controller;`
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00
Adding user accounts. 2013-05-10 17:25:51 +02:00			`use b8;`
Adding forgot password functionality. 2014-05-08 22:38:32 +02:00			`use PHPCI\Helper\Email;`
Adding user accounts. 2013-05-10 17:25:51 +02:00
Add class-level docblock to every file. 2013-05-16 03:30:48 +02:00			`/**`
			`* Session Controller - Handles user login / logout.`
			`* @author Dan Cryer <dan@block8.co.uk>`
			`* @package PHPCI`
			`* @subpackage Web`
			`*/`
Refactoring to support updated b8framework. 2013-05-22 17:36:55 +02:00			`class SessionController extends \PHPCI\Controller`
Adding user accounts. 2013-05-10 17:25:51 +02:00			`{`
Better docblock type hinting for stores. 2013-10-08 19:24:20 +02:00			`/**`
			`* @var \PHPCI\Store\UserStore`
			`*/`
			`protected $userStore;`

PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`public function init()`
			`{`
Some fixes for subdirectory support. 2013-07-30 19:45:27 +02:00			`$this->response->disableLayout();`
Better docblock type hinting for stores. 2013-10-08 19:24:20 +02:00			`$this->userStore = b8\Store\Factory::getStore('User');`
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`}`
Adding user accounts. 2013-05-10 17:25:51 +02:00
Improved commenting throughout the project. Fixes #18 2013-05-16 18:17:29 +02:00			`/**`
			`* Handles user login (form and processing)`
			`*/`
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`public function login()`
Some fixes for subdirectory support. 2013-07-30 19:45:27 +02:00			`{`
Fixes #125 2013-10-08 08:50:42 +02:00			`$isLoginFailure = false;`

Refactoring to support updated b8framework. 2013-05-22 17:36:55 +02:00			`if ($this->request->getMethod() == 'POST') {`
Better docblock type hinting for stores. 2013-10-08 19:24:20 +02:00			`$user = $this->userStore->getByEmail($this->getParam('email'));`
New UI based on Admin LTE 2014-12-02 17:26:55 +01:00
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`if ($user && password_verify($this->getParam('password', ''), $user->getHash())) {`
Updating session variables to add phpci_ prefix. Fixes #652 2014-12-01 16:56:33 +01:00			`$_SESSION['phpci_user_id'] = $user->getId();`
Making login redirect you to where you were trying to go after logging in. 2014-05-09 12:41:34 +02:00			`header('Location: ' . $this->getLoginRedirect());`
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`die;`
Fixes #125 2013-10-08 08:50:42 +02:00			`} else {`
			`$isLoginFailure = true;`
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`}`
			`}`
Adding user accounts. 2013-05-10 17:25:51 +02:00
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`$form = new b8\Form();`
			`$form->setMethod('POST');`
Some fixes for subdirectory support. 2013-07-30 19:45:27 +02:00			`$form->setAction(PHPCI_URL.'session/login');`
Adding user accounts. 2013-05-10 17:25:51 +02:00
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`$email = new b8\Form\Element\Email('email');`
			`$email->setLabel('Email Address');`
			`$email->setRequired(true);`
Initial work on upgrading to Bootstrap v3 2013-08-01 12:55:10 +02:00			`$email->setContainerClass('form-group');`
Finishing updates to make PHPCI use Bootstrap v3, as per issue #99 2013-07-31 22:04:34 +02:00			`$email->setClass('form-control');`
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`$form->addField($email);`
Adding user accounts. 2013-05-10 17:25:51 +02:00
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`$pwd = new b8\Form\Element\Password('password');`
			`$pwd->setLabel('Password');`
			`$pwd->setRequired(true);`
Initial work on upgrading to Bootstrap v3 2013-08-01 12:55:10 +02:00			`$pwd->setContainerClass('form-group');`
Finishing updates to make PHPCI use Bootstrap v3, as per issue #99 2013-07-31 22:04:34 +02:00			`$pwd->setClass('form-control');`
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`$form->addField($pwd);`
Adding user accounts. 2013-05-10 17:25:51 +02:00
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`$pwd = new b8\Form\Element\Submit();`
Updating PHPCI to use its new logo 2013-08-02 09:54:28 +02:00			`$pwd->setValue('Log in »');`
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`$pwd->setClass('btn-success');`
			`$form->addField($pwd);`
Adding user accounts. 2013-05-10 17:25:51 +02:00
Refactoring to support updated b8framework. 2013-05-22 17:36:55 +02:00			`$this->view->form = $form->render();`
Fixes #125 2013-10-08 08:50:42 +02:00			`$this->view->failed = $isLoginFailure;`
Refactoring to support updated b8framework. 2013-05-22 17:36:55 +02:00
			`return $this->view->render();`
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`}`
Adding user accounts. 2013-05-10 17:25:51 +02:00
Improved commenting throughout the project. Fixes #18 2013-05-16 18:17:29 +02:00			`/**`
			`* Handles user logout.`
			`*/`
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`public function logout()`
			`{`
Updating session variables to add phpci_ prefix. Fixes #652 2014-12-01 16:56:33 +01:00			`unset($_SESSION['phpci_user']);`
			`unset($_SESSION['phpci_user_id']);`

Validate if github_token exists Validate if the github_token session key exists before call it 2013-05-17 00:06:01 +02:00			`session_destroy();`
Fixing PHPCI so that it'll work in a subdirectory. 2013-05-17 18:34:31 +02:00			`header('Location: ' . PHPCI_URL);`
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`die;`
			`}`
Adding forgot password functionality. 2014-05-08 22:38:32 +02:00
			`public function forgotPassword()`
			`{`
			`if ($this->request->getMethod() == 'POST') {`
			`$email = $this->getParam('email', null);`
			`$user = $this->userStore->getByEmail($email);`

			`if (empty($user)) {`
			`$this->view->error = 'No user exists with that email address, please try again.';`
			`return $this->view->render();`
			`}`

			`$key = md5(date('Y-m-d') . $user->getHash());`
			`$url = PHPCI_URL;`
			`$name = $user->getName();`
Fixing PHPCS and PHPMD errors 2014-05-08 22:43:06 +02:00			`$userId = $user->getId();`
Adding forgot password functionality. 2014-05-08 22:38:32 +02:00
			`$message = <<<MSG`
			`Hi {$name},`

			`You have received this email because you, or someone else, has requested a password reset for PHPCI.`

Fixing PHPCS and PHPMD errors 2014-05-08 22:43:06 +02:00			`If this was you, please click the following link to reset your password: {$url}session/reset-password/{$userId}/{$key}`
Adding forgot password functionality. 2014-05-08 22:38:32 +02:00
			`Otherwise, please ignore this email and no action will be taken.`

			`Thank you,`

			`PHPCI`
			`MSG;`


			`$email = new Email();`
Fixing PHPCS and PHPMD errors 2014-05-08 22:43:06 +02:00			`$email->setEmailTo($user->getEmail(), $user->getName());`
Adding forgot password functionality. 2014-05-08 22:38:32 +02:00			`$email->setSubject('Password reset');`
			`$email->setBody($message);`
			`$email->send();`

			`$this->view->emailed = true;`
			`}`

			`return $this->view->render();`
			`}`

Fixing PHPCS and PHPMD errors 2014-05-08 22:43:06 +02:00			`public function resetPassword($userId, $key)`
Adding forgot password functionality. 2014-05-08 22:38:32 +02:00			`{`
Fixing PHPCS and PHPMD errors 2014-05-08 22:43:06 +02:00			`$user = $this->userStore->getById($userId);`
Adding forgot password functionality. 2014-05-08 22:38:32 +02:00			`$userKey = md5(date('Y-m-d') . $user->getHash());`

			`if (empty($user) \|\| $key != $userKey) {`
			`$this->view->error = 'Invalid password reset request.';`
			`return $this->view->render();`
			`}`

			`if ($this->request->getMethod() == 'POST') {`
			`$hash = password_hash($this->getParam('password'), PASSWORD_DEFAULT);`
			`$user->setHash($hash);`

Updating session variables to add phpci_ prefix. Fixes #652 2014-12-01 16:56:33 +01:00			`$_SESSION['phpci_user'] = $this->userStore->save($user);`
			`$_SESSION['phpci_user_id'] = $user->getId();`
Adding forgot password functionality. 2014-05-08 22:38:32 +02:00
			`header('Location: ' . PHPCI_URL);`
			`die;`
			`}`

Fixing PHPCS and PHPMD errors 2014-05-08 22:43:06 +02:00			`$this->view->id = $userId;`
Adding forgot password functionality. 2014-05-08 22:38:32 +02:00			`$this->view->key = $key;`

			`return $this->view->render();`
			`}`
Making login redirect you to where you were trying to go after logging in. 2014-05-09 12:41:34 +02:00
			`protected function getLoginRedirect()`
			`{`
			`$rtn = PHPCI_URL;`

Updating session variables to add phpci_ prefix. Fixes #652 2014-12-01 16:56:33 +01:00			`if (!empty($_SESSION['phpci_login_redirect'])) {`
			`$rtn .= $_SESSION['phpci_login_redirect'];`
			`$_SESSION['phpci_login_redirect'] = null;`
Making login redirect you to where you were trying to go after logging in. 2014-05-09 12:41:34 +02:00			`}`

			`return $rtn;`
			`}`
PSR2 compliance for PHPCI/Controller - Issue #18 2013-05-16 16:25:39 +02:00			`}`