From 808faf8e1a1f3691ca01b68570bfba8d21e6039c Mon Sep 17 00:00:00 2001 From: Eike Foken Date: Thu, 11 Aug 2011 17:17:13 +0200 Subject: [PATCH] Fix login stuff --- application/config/form_validation.php | 43 +- application/controllers/auth.php | 60 +-- application/libraries/Access.php | 434 ++++++++---------- application/models/user.php | 2 +- .../views/auth/email/forgot_password.php | 11 + .../auth/email/forgot_password_complete.php | 8 + application/views/auth/forgot_password.php | 57 +++ application/views/auth/login.php | 21 +- assets/css/form.css | 6 +- 9 files changed, 352 insertions(+), 290 deletions(-) create mode 100644 application/views/auth/email/forgot_password.php create mode 100644 application/views/auth/email/forgot_password_complete.php create mode 100644 application/views/auth/forgot_password.php diff --git a/application/config/form_validation.php b/application/config/form_validation.php index c4e6266..e3339a1 100644 --- a/application/config/form_validation.php +++ b/application/config/form_validation.php @@ -1,5 +1,41 @@ 'username', + 'label' => _('Username'), + 'rules' => 'required|trim', + ), + array( + 'field' => 'password', + 'label' => _('Password'), + 'rules' => 'required|trim', + ), + array( + 'field' => 'remember', + 'label' => _('Remember me on this computer'), + 'rules' => 'integer', + ), +); + +/** + * Rules for forgotten password page. + * + * @var array + */ +$config['auth/forgot_password'] = array( + array( + 'field' => 'email', + 'label' => _('Email address'), + 'rules' => 'required|valid_email|trim', + ), +); + /** * Rules for creating users. * @@ -24,6 +60,7 @@ $config['users/create'] = array( array( 'field' => 'password_confirm', 'label' => _('Confirm password'), + 'rules' => 'required', ), array( 'field' => 'firstname', @@ -44,7 +81,7 @@ $config['users/create'] = array( 'field' => 'phone', 'label' => _('Phone number'), 'rules' => 'regex_match[/^\+\d{2,4}\s\d{2,4}\s\d{3,10}+$/i]|trim', - ) + ), ); /** @@ -77,7 +114,7 @@ $config['users/edit'] = array( 'field' => 'phone', 'label' => _('Phone number'), 'rules' => 'regex_match[/^\+\d{2,4}\s\d{2,4}\s\d{3,10}+$/i]|trim', - ) + ), ); /** @@ -110,7 +147,7 @@ $config['settings/index'] = array( 'field' => 'phone', 'label' => _('Phone number'), 'rules' => 'regex_match[/^\+\d{2,4}\s\d{2,4}\s\d{3,10}+$/i]|trim', - ) + ), ); /* End of file form_validation.php */ diff --git a/application/controllers/auth.php b/application/controllers/auth.php index 500e9f2..9ecff75 100644 --- a/application/controllers/auth.php +++ b/application/controllers/auth.php @@ -33,30 +33,23 @@ class Auth extends CI_Controller { */ public function login() { if ($this->access->loggedIn()) { - redirect(); + redirect('dashboard'); } - // validate form input - $this->form_validation->set_rules('username', _('Username'), 'required'); - $this->form_validation->set_rules('password', _('Password'), 'required'); + $data['messages'] = $this->messages->get('success'); - if ($this->form_validation->run() == true) { + if ($this->form_validation->run() === true) { // check for "remember me" $remember = (boolean) $this->input->post('remember'); if ($this->access->login($this->input->post('username'), $this->input->post('password'), $remember)) { - $this->data['success'] = true; - redirect('dashboard', 'refresh'); + redirect('dashboard', 303); } else { // if the login was un-successful - $this->data['success'] = false; - $this->data['message'] = $this->access->errors(); + $data['errors'] = $this->messages->get('error'); } - } else { - $this->data['message'] = validation_errors() ? validation_errors() : null; - $this->data['username'] = $this->form_validation->set_value('username'); - - $this->load->view('auth/login', $this->data); } + + $this->load->view('auth/login', $data); } /** @@ -64,8 +57,7 @@ class Auth extends CI_Controller { */ public function logout() { $logout = $this->access->logout(); - - redirect(base_url(), 'refresh'); + redirect('auth/login'); } /** @@ -159,40 +151,32 @@ class Auth extends CI_Controller { * Allows users to request a new password. */ public function forgot_password() { - $this->form_validation->set_rules('email', _('eMail address'), 'required'); - if ($this->form_validation->run() == false) { - //setup the input - $this->data['email'] = array('name' => 'email', - 'id' => 'email', - ); - //set any errors and display the form - $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message'); - $this->load->view('auth/forgot_password', $this->data); - } else { - //run the forgotten password method to email an activation code to the user - $forgotten = $this->access->forgotten_password($this->input->post('email')); + if ($this->form_validation->run() === true) { + // run the forgotten password method to email an activation code to the user + $forgotten = $this->access->forgottenPassword($this->input->post('email')); - if ($forgotten) { //if there were no errors - $this->session->set_flashdata('message', $this->access->messages()); - redirect("auth/login", 'refresh'); //we should display a confirmation page here instead of the login page + if ($forgotten) { // if there were no errors + redirect('auth/login'); // TODO Display a confirmation page here instead of the login page } else { - $this->session->set_flashdata('message', $this->access->errors()); - redirect("auth/forgot_password", 'refresh'); + redirect('auth/forgot_password'); } } + + $data['messages'] = $this->messages->get('success'); + $data['errors'] = $this->messages->get('error'); + + $this->load->view('auth/forgot_password', $data); } /** * Final step for forgotten password. */ public function reset_password($code) { - $reset = $this->access->forgotten_password_complete($code); + $reset = $this->access->forgottenPasswordComplete($code); - if ($reset) { //if the reset worked then send them to the login page - $this->session->set_flashdata('message', $this->access->messages()); + if ($reset) { // if the reset worked then send them to the login page redirect('auth/login'); - } else { //if the reset didnt work then send them back to the forgot password page - $this->session->set_flashdata('message', $this->access->errors()); + } else { // if the reset didn't work then send them back to the forgot password page redirect('auth/forgot_password'); } } diff --git a/application/libraries/Access.php b/application/libraries/Access.php index 2f5dfee..55a4e98 100644 --- a/application/libraries/Access.php +++ b/application/libraries/Access.php @@ -7,279 +7,231 @@ */ class Access { - /** - * Contains the CI instance. - */ - protected $ci; + /** + * Contains the CI instance. + */ + protected $ci; - /** - * Contains occured messages (using the language file). - * - * @var string - */ - protected $messages = array(); + /** + * Contains occured messages (using the language file). + * + * @var string + */ + protected $messages = array(); - /** - * Contains occured errors (using the language file). - * - * @var string - */ - protected $errors = array(); + /** + * Contains occured errors (using the language file). + * + * @var string + */ + protected $errors = array(); - /** - * Constructor. - */ - public function __construct() { - $this->ci =& get_instance(); - $this->ci->load->config('auth', true); - $this->ci->load->library('email'); - $this->ci->lang->load('auth'); - $this->ci->load->model('user'); - $this->ci->load->model('group'); - $this->ci->load->helper('cookie'); + /** + * Constructor. + */ + public function __construct() { + $this->ci =& get_instance(); + $this->ci->load->config('auth', true); + $this->ci->load->library('email'); + $this->ci->lang->load('auth'); + $this->ci->load->model('user'); + $this->ci->load->model('group'); + $this->ci->load->helper('cookie'); - // auto-login the user if they are remembered - if (!$this->loggedIn() && get_cookie('username') && get_cookie('remember_code')) { - $this->ci->access = $this; - $this->ci->user->loginRememberedUser(); - } - } + // auto-login the user if they are remembered + if (!$this->loggedIn() && get_cookie('username') && get_cookie('remember_code')) { + $this->ci->access = $this; + $this->ci->user->loginRememberedUser(); + } + } - /** - * Changes a users password. - * - * @return boolean - */ - public function changePassword($username, $old, $new) { - if ($this->ci->user->changePassword($username, $old, $new)) { - $this->setMessage(_('Password successfully changed')); - return true; - } + /** + * Changes a users password. + * + * @return boolean + */ + public function changePassword($username, $old, $new) { + if ($this->ci->user->changePassword($username, $old, $new)) { + $this->ci->messages->add(_('Password successfully changed'), 'success'); + return true; + } - $this->setError(_('Unable to change password')); - return false; - } + $this->ci->messages->add(_('Unable to change password'), 'error'); + return false; + } - /** - * forgotten password feature - * - * @return void - */ - public function forgottenPassword($username) { - if ($this->ci->user->forgottenPassword($username)) { - // get user information - $user = $this->getUserByUsername($username); + /** + * forgotten password feature + * + * @return void + */ + public function forgottenPassword($email) { + if ($this->ci->user->forgottenPassword($email)) { + // get user information + $user = $this->ci->user->getUserByEmail($email); - $data = array( + $data = array( 'username' => $user['username'], - 'forgotten_password_code' => $user['forgotten_password_code'] - ); + 'forgotten_password_code' => $user['forgotten_password_code'], + ); - $message = $this->ci->load->view($this->ci->config->item('email_templates', 'auth') . $this->ci->config->item('email_forgot_password', 'auth'), $data, true); - $this->ci->email->clear(); - $config['mailtype'] = $this->ci->config->item('email_type', 'auth'); - $this->ci->email->initialize($config); - $this->ci->email->set_newline("\r\n"); - $this->ci->email->from($this->ci->config->item('admin_email', 'auth'), 'Scattport'); - $this->ci->email->to($user['email']); - $this->ci->email->subject('Scattport - Forgotten Password Verification'); - $this->ci->email->message($message); + $message = $this->ci->load->view('auth/email/forgot_password', $data, true); + $this->ci->email->clear(); + $config['mailtype'] = $this->ci->config->item('email_type', 'auth'); + $this->ci->email->initialize($config); + $this->ci->email->set_newline("\r\n"); + $this->ci->email->from($this->ci->config->item('admin_email', 'auth'), 'Scattport'); + $this->ci->email->to($user['email']); + $this->ci->email->subject('ScattPort - Forgotten Password Verification'); + $this->ci->email->message($message); - if ($this->ci->email->send()) { - $this->setMessage(_('Password reset email sent')); - return true; - } else { - $this->setError(_('Unable to reset password')); - return false; - } - } else { - $this->setError(_('Unable to reset password')); - return false; - } - } + if ($this->ci->email->send()) { + $this->ci->messages->add(_('Password reset email sent'), 'success'); + return true; + } else { + $this->ci->messages->add(_('Unable to send password reset email'), 'error'); + return false; + } + } else { + $this->ci->messages->add(_('This email address is not registered'), 'error'); + return false; + } + } - /** - * forgotten_password_complete - * - * @return void - */ - public function forgottenPasswordComplete($code) { - $profile = $this->ci->user->profile($code, true); // pass the code to profile + /** + * forgotten_password_complete + * + * @return void + */ + public function forgottenPasswordComplete($code) { + $profile = $this->ci->user->profile($code, true); // pass the code to profile - if (!is_object($profile)) { - $this->setError(_('Unable to change password')); - return false; - } + if (!is_object($profile)) { + $this->ci->messages->add(_('Unable to change password'), 'error'); + return false; + } - $new_password = $this->ci->user->forgottenPasswordComplete($code, $profile->salt); + $new_password = $this->ci->user->forgottenPasswordComplete($code, $profile->salt); - if ($new_password) { - $data = array( + if ($new_password) { + $data = array( 'username' => $profile->username, 'new_password' => $new_password - ); + ); - $message = $this->ci->load->view($this->ci->config->item('email_templates', 'ion_auth').$this->ci->config->item('email_forgot_password_complete', 'ion_auth'), $data, true); + $message = $this->ci->load->view('auth/email/forgot_password_complete', $data, true); - $this->ci->email->clear(); - $config['mailtype'] = $this->ci->config->item('email_type', 'ion_auth'); - $this->ci->email->initialize($config); - $this->ci->email->set_newline("\r\n"); - $this->ci->email->from($this->ci->config->item('admin_email', 'ion_auth'), $this->ci->config->item('site_title', 'ion_auth')); - $this->ci->email->to($profile->email); - $this->ci->email->subject($this->ci->config->item('site_title', 'ion_auth') . ' - New Password'); - $this->ci->email->message($message); + $this->ci->email->clear(); + $config['mailtype'] = $this->ci->config->item('email_type', 'auth'); + $this->ci->email->initialize($config); + $this->ci->email->set_newline("\r\n"); + $this->ci->email->from($this->ci->config->item('admin_email', 'auth'), $this->ci->config->item('site_title', 'auth')); + $this->ci->email->to($profile->email); + $this->ci->email->subject('ScattPort - New Password'); + $this->ci->email->message($message); - if ($this->ci->email->send()) { - $this->setMessage(_('Password successfully changed')); - return true; - } else { - $this->setError(_('Unable to change password')); - return false; - } - } + if ($this->ci->email->send()) { + $this->ci->messages->add(_('Password successfully changed'), 'success'); + return true; + } else { + $this->ci->messages->add(_('Unable to change password'), 'error'); + return false; + } + } - $this->setError(_('Unable to change password')); - return false; - } + $this->ci->messages->add(_('Unable to change password'), 'error'); + return false; + } - /** - * Logs the user in. - * - * @return boolean - */ - public function login($username, $password, $remember = false) { - if ($this->ci->user->login($username, $password, $remember)) { - $this->setMessage(_('Logged in successfully')); - return true; - } else { - $this->setError(_('Incorrect username or password')); - return false; - } - } + /** + * Logs the user in. + * + * @return boolean + */ + public function login($username, $password, $remember = false) { + if ($this->ci->user->login($username, $password, $remember)) { + $this->ci->messages->add(_('Logged in successfully'), 'success'); + return true; + } else { + $this->ci->messages->add(_('Incorrect username or password'), 'error'); + return false; + } + } - /** - * Logs the user out. - * - * @return boolean - */ - public function logout() { - $this->ci->session->unset_userdata('username'); - $this->ci->session->unset_userdata('group'); - $this->ci->session->unset_userdata('user_id'); + /** + * Logs the user out. + * + * @return boolean + */ + public function logout() { + $this->ci->session->unset_userdata('username'); + $this->ci->session->unset_userdata('group'); + $this->ci->session->unset_userdata('user_id'); - // delete the remember cookies if they exist - if (get_cookie('username')) { - delete_cookie('username'); - } if (get_cookie('remember_code')) { - delete_cookie('remember_code'); - } + // delete the remember cookies if they exist + if (get_cookie('username')) { + delete_cookie('username'); + } if (get_cookie('remember_code')) { + delete_cookie('remember_code'); + } - $this->ci->session->sess_destroy(); + $this->ci->session->sess_destroy(); - $this->setMessage(_('Logged out successfully')); - return true; - } + $this->ci->messages->add(_('Logged out successfully'), 'success'); + return true; + } - /** - * Checks if the user is logged in. - * - * @return boolean - */ - public function loggedIn() { - return (boolean) $this->ci->session->userdata('username'); - } + /** + * Checks if the user is logged in. + * + * @return boolean + */ + public function loggedIn() { + return (boolean) $this->ci->session->userdata('username'); + } - /** - * Checks if the user is an admin. - * - * @return boolean - */ - public function isAdmin() { - $adminGroup = 'admins'; - $userGroup = $this->ci->session->userdata('group'); - return $userGroup == $adminGroup; - } + /** + * Checks if the user is an admin. + * + * @return boolean + */ + public function isAdmin() { + $adminGroup = 'admins'; + $userGroup = $this->ci->session->userdata('group'); + return $userGroup == $adminGroup; + } - /** - * Checks if the current user is assigned to the specified group. - * - * @return boolean - */ - public function isGroup($checkGroup) { - $userGroup = $this->ci->session->userdata('group'); + /** + * Checks if the current user is assigned to the specified group. + * + * @return boolean + */ + public function isGroup($checkGroup) { + $userGroup = $this->ci->session->userdata('group'); - if (is_array($checkGroup)) { - return in_array($userGroup, $checkGroup); - } - return $userGroup == $checkGroup; - } + if (is_array($checkGroup)) { + return in_array($userGroup, $checkGroup); + } + return $userGroup == $checkGroup; + } - /** - * Gets the current logged in user. - * - * @return object - */ - public function getCurrentUser() { - return $this->ci->user->getUserByID($this->ci->session->userdata('user_id')); - } + /** + * Gets the current logged in user. + * + * @return object + */ + public function getCurrentUser() { + return $this->ci->user->getUserByID($this->ci->session->userdata('user_id')); + } - /** - * Gets the profile of the current user. - * - * @return array - */ - public function profile() { - return $this->ci->user->profile($this->ci->session->userdata('username')); - } - - /** - * Sets a message. - * - * @return string - */ - public function setMessage($message) { - $this->messages[] = $message; - return $message; - } - - /** - * Gets all messages. - * - * @return void - */ - public function messages() { - $output = ''; - foreach ($this->messages as $message) { - $output .= $message . '
'; - } - - return $output; - } - - /** - * Sets an error message. - * - * @return void - */ - public function setError($error) { - $this->errors[] = $error; - return $error; - } - - /** - * Gets all error messages. - * - * @return void - */ - public function errors() { - $output = ''; - foreach ($this->errors as $error) { - $output .= $error . '
'; - } - - return $output; - } + /** + * Gets the profile of the current user. + * + * @return array + */ + public function profile() { + return $this->ci->user->profile($this->ci->session->userdata('username')); + } } diff --git a/application/models/user.php b/application/models/user.php index 4462a19..c8bea8f 100644 --- a/application/models/user.php +++ b/application/models/user.php @@ -367,7 +367,7 @@ class User extends CI_Model { public function getUserByEmail($email) { $this->db->where('users.email', $email); $this->db->limit(1); - return $this->get(); + return $this->get()->row_array(); } /** diff --git a/application/views/auth/email/forgot_password.php b/application/views/auth/email/forgot_password.php new file mode 100644 index 0000000..de0215b --- /dev/null +++ b/application/views/auth/email/forgot_password.php @@ -0,0 +1,11 @@ +, + +To reset your password, please go to the following page: + +{unwrap}{/unwrap} + +Your password will be automatically reset, and a new password will be emailed to you. + +If you do not wish to reset your password, ignore this message. It will expire in 24 hours. + +Thank you! diff --git a/application/views/auth/email/forgot_password_complete.php b/application/views/auth/email/forgot_password_complete.php new file mode 100644 index 0000000..3de3615 --- /dev/null +++ b/application/views/auth/email/forgot_password_complete.php @@ -0,0 +1,8 @@ +, + +Here is your new login information: + +Username: +Password: + +Thank you! diff --git a/application/views/auth/forgot_password.php b/application/views/auth/forgot_password.php new file mode 100644 index 0000000..64c5f69 --- /dev/null +++ b/application/views/auth/forgot_password.php @@ -0,0 +1,57 @@ + + + + + + +ScattPort | <?=_('Login');?> + + + + + + + + + + + +
+ +
+

Scattport

+ +" . _('Error') . ": " . $e . "

"; + } + } else if (isset($messages) && is_array($messages)) { + foreach ($messages as $m) { + echo "

" . _('Success') . ": " . $m . "

"; + } + } +?> +
+
    +
  • + +
    + + +
    +
    • +
  • +
    + +
    +
    • +
+
+ +

+
+
\ No newline at end of file diff --git a/application/views/auth/login.php b/application/views/auth/login.php index 430e6e3..6cf1ebb 100644 --- a/application/views/auth/login.php +++ b/application/views/auth/login.php @@ -24,12 +24,15 @@

Scattport

" . $e . "

"; - if (isset($notice)) - foreach ($notice as $n) - echo "

" . $n . "

"; + if (isset($errors)) { + foreach ($errors as $e) { + echo "

" . _('Error') . ": " . $e . "

"; + } + } else if (isset($messages) && is_array($messages)) { + foreach ($messages as $m) { + echo "

" . _('Success') . ": " . $m . "

"; + } + } ?>