|
|
<?php
class User_AuthController extends Zend_Controller_Action
{
protected $personmapper = null;
private $db = null;
public function init()
{
$this->db = Zend_Db_Table::getDefaultAdapter();
$this->personmapper = new Application_Model_PersonMapper();
}
public function indexAction()
{
$this->_helper-> viewRenderer-> setNoRender();
$this->_helper->redirector('login', 'auth');
}
public function loginAction()
{
if (Zend_Auth::getInstance()->hasIdentity()) {
$this->_redirect('/user/');
} else {
if (!isset($_POST["login"])){
$loginForm = new user_Form_Login();
} else {
$loginForm = new user_Form_Login($_POST);
if ($loginForm->isValid($_POST)) {
$auth = Zend_Auth::getInstance();
$adapter = new Zend_Auth_Adapter_DbTable(
$this->db,
'pbs_person',
'email',
'password',
'MD5(CONCAT(?, password_salt))'
);
$adapter->setIdentity($loginForm->getValue('email'));
$adapter->setCredential($loginForm->getValue('password'));
$result = $auth->authenticate($adapter);
if ($result->isValid()) {
$this->personmapper = new Application_Model_PersonMapper();
$result = $this->personmapper->findBy(array('email' => Zend_Auth::getInstance()->getIdentity()),true);
$person = new Application_Model_Person($result[0]);
$person->setID($result[0]['personID']);
$date = new DateTime();
$person->setLogindate($date->getTimestamp());
$this->personmapper->save($person);
$this->_helper->redirector('selectmembership', 'person');
return;
} else {
$pbsNotifier = new Pbs_Notifier();
$this->view->notification = $pbsNotifier->notify('Wrong Email or Password', 'error');
}
}
}
$this->view->loginForm = $loginForm;
}
}
public function logoutAction()
{
$this->_helper-> viewRenderer-> setNoRender();
$auth = Zend_Auth::getInstance();
$auth->clearIdentity();
Zend_Session::namespaceUnset('userIDs');
Zend_Session::forgetMe();
$this->_helper->redirector('login', 'auth');
return;
}
public function registerAction()
{
if (Zend_Auth::getInstance()->hasIdentity()) {
$pbsNotifier = new Pbs_Notifier();
$this->view->notification = $pbsNotifier->notify('Already logged in.', 'error');
} else {
if (!isset($_POST["register"])){
$registerForm = new user_Form_Register();
} else {
foreach($_POST as $k => $v) {
if($v != '') {
$data[$k] = $v;
}
}
$registerForm = new user_Form_Register($data);
if ($registerForm->isValid($_POST)) {
$person = new Application_Model_Person($_POST);
$this->personmapper = new Application_Model_PersonMapper();
$date = new DateTime();
$person->setRegisterdate($date->getTimestamp());
$person->setPasswordSalt(MD5($date->getTimestamp()));
$person->setPassword(MD5($person->getPassword() . $person->getPasswordSalt()));
try {
$this->personmapper->save($person);
}catch(Zend_Exception $e)
{
$pbsNotifier = new Pbs_Notifier();
$this->view->notification = $pbsNotifier->notify('Email already registered', 'error');
$this->view->registerForm = $registerForm;
return;
}
$this->_helper->redirector('login', 'auth');
return;
}
}
$this->view->registerForm = $registerForm;
}
}
public function deleteAction()
{
if($this->_request->getParam('personID')) {
if(!Pbs_Acl::checkRight('peoa')) {
$this->_redirect('/user');
}
$personID = $this->_request->getParam('personID');
} else {
if(!Pbs_Acl::checkRight('pdo')) {
$this->_redirect('/user');
}
$userIDsNamespace = Zend_Session::namespaceGet('userIDs');
$personID = $userIDsNamespace['personID'];
}
if($_POST['confirmdelete']) {
if (isset($personID)){
$this->personmapper = new Application_Model_PersonMapper();
$person = $this->personmapper->find($personID);
print_r($person);
try {
$this->personmapper->delete($person);
}catch(Zend_Exception $e)
{
echo "Caught exception: " . get_class($e) . "<br/>";
echo "Message: " . $e->getMessage() . "<br/>";
return;
}
if($this->_request->getParam('personID')) {
$this->_helper->redirector('', 'person');
} else {
$auth->clearIdentity();
Zend_Session::namespaceUnset('userIDs');
Zend_Session::forgetMe();
$this->_helper->redirector('login', 'auth');
}
return;
}
} else {
$deleteconfirmform = new user_Form_ConfirmDeleteAccount();
$this->view->deleteconfirmform = $deleteconfirmform;
}
}
public function recoverpasswordAction()
{
if (isset($_POST["savePassword"])){
$personID = $_POST['personID'];
$recoverPasswordForm = new user_Form_NewPassword(array("personID" => $personID, $_POST));
if ($recoverPasswordForm->isValid($_POST)) {
$this->personmapper = new Application_Model_PersonMapper();
$person = $this->personmapper->find($personID);
$date = new DateTime();
$person->setPassword($_POST['password']);
$person->setPasswordSalt(MD5($date->getTimestamp()));
$person->setPassword(MD5($person->getPassword() . $person->getPasswordSalt()));
try {
$this->personmapper->save($person);
} catch(Zend_Exception $e)
{
echo "Caught exception: " . get_class($e) . "<br/>";
echo "Message: " . $e->getMessage() . "<br/>";
echo "Email Address already existing.";
return;
}
$this->_helper->redirector('login', 'auth');
return;
}
} else if(isset($_GET['recoveryid'])) {
$recoveryid = $_GET['recoveryid'];
$passwordRecoveryMapper = new Application_Model_PasswordRecoveryMapper();
$passwordRecovery = $passwordRecoveryMapper->findBy(array("recoveryID" => $recoveryid),true);
if(count($passwordRecovery) > 0) {
$passwordRecoveryObject = new Application_Model_PasswordRecovery();
$passwordRecoveryObject->setID($passwordRecovery[0]['personID']);
$passwordRecoveryObject->setRecoveryID($passwordRecovery[0]['recoveryID']);
$personID = $passwordRecoveryObject->getID();
$recoverPasswordForm = new user_Form_NewPassword(array("personID" => $personID));
try {
$passwordRecoveryMapper->delete($passwordRecoveryObject);
} catch(Zend_Exception $e)
{
echo "Caught exception: " . get_class($e) . "<br/>";
echo "Message: " . $e->getMessage() . "<br/>";
return;
}
} else {
$this->_helper->redirector('login', 'auth');
return;
}
} else {
if (!isset($_POST["recoverPassword"])){
$recoverPasswordForm = new user_Form_RecoverPassword();
} else {
$recoverPasswordForm = new user_Form_RecoverPassword($_POST);
if ($recoverPasswordForm->isValid($_POST)) {
$recoverPasswordForm->getView()->url();
$this->personmapper = new Application_Model_PersonMapper();
$result = $this->personmapper->findBy(array('email' => $_POST['email']),true);
$person = new Application_Model_Person($result[0]);
$person->setID($result[0]['personID']);
$email = $person->getEmail();
$name = $person->getFirstname() . ' ' . $person->getName();
$url = $this->getRequest()->getScheme() . '://' . $this->getRequest()->getHttpHost() . $this->view->url();
$recoveryid = randomString(100);
$mailbody = 'Um das Passwort zu ändern klicken Sie auf folgenden Link<br /><br /><a href="'. $url . '/auth/recoverpassword/?recoveryid='. $recoveryid . '">Passwort ändern</a>';
$mail = new Zend_Mail();
$mail->setBodyHtml($mailbody, 'utf8');
$mail->getBodyHtml()->getContent();
$mail->setFrom('admin@local', 'Admin');
$mail->addTo($email, $name);
$mail->setSubject('Password Wiederherstellung Preboot Server');
$passwordRecoveryMapper = new Application_Model_PasswordRecoveryMapper();
$passwordRecoveryObject = new Application_Model_PasswordRecovery();
$passwordRecoveryObject->setID($person->getID());
$passwordRecoveryObject->setRecoveryID($recoveryid);
try {
$passwordRecoveryMapper->save($passwordRecoveryObject);
$mail->send();
}catch(Zend_Exception $e)
{
echo "Caught exception: " . get_class($e) . "<br/>";
echo "Message: " . $e->getMessage() . "<br/>";
return;
}
$this->_helper->redirector('login', 'auth');
return;
}
}
}
$this->view->recoverPasswordForm = $recoverPasswordForm;
}
}
|