Skip to content
Snippets Groups Projects
Sign.php 4.97 KiB
Newer Older
<?php defined('SYSPATH') || die('No direct script access.');
xamgore's avatar
xamgore committed
class Controller_Handler_Sign extends Controller_Handler
{
    public function before() {
        parent::before();
    }

    public function action_in() {
        $ok = User::instance()->signIn($_POST['login'], $_POST['password']);
        if (!$ok) $this->fail();
xamgore's avatar
xamgore committed
    }

    public function action_up() {
        $config = Kohana::$config->load('security.securityPolicy');

        $this->post
xamgore's avatar
xamgore committed
            ->rule('login', 'not_empty')
            ->rule('activation_code', 'alpha_numeric')
xamgore's avatar
xamgore committed
            ->rule('password', 'min_length', [':value', $config['password']['length']])
            ->rule('confirm_password', 'matches', [':validation', 'confirm_password', 'password'])
            ->rule('email', 'not_empty')
            ->rule('email', 'email');

        if (!$this->post->check())
            $this->fail($this->post->errors('signin'));
        if ($err = User::instance()->signUp($_POST['activation_code'], $_POST['email'], $_POST['login'], $_POST['password']))
            $this->fail(I18n::get($err));
xamgore's avatar
xamgore committed
    }

    public function action_remindPassword() {
        $this->post->rule('email', 'not_empty')->rule('email', 'email');
        
        if (!$this->post->check())
             $this->fail('Введенная строка не является <span>e‑mail</span> адресом!');
        
        if (!Account::doesEmailExist($_POST['email']))
            $this->fail('Пользователь с таким <span>e-mail</span> адресом не зарегистрирован в системе!');
        
        Account::createRecoveryRequest($_POST['email']);
xamgore's avatar
xamgore committed
    }

    public function action_changePassword() {
        $res['success'] = false;

        $config = Kohana::$config->load('security.securityPolicy');

        $this->post->rule('token', 'alpha_numeric')
            ->rule('password', 'min_length', [':value', $config['password']['length']])
            ->rule('confirm_password', 'matches', [':validation', 'confirm_password', 'password']);

        if ($this->post->check()) {
            $token = $_POST['token'];
            if (Account::checkToken($token)) {
                Account::changePasswordByToken($token, $_POST['password']);
                $res['success'] = true;
            }
        }

        if (!$res['success']) {
            $res['errors'] = $this->post->errors('signin');
        }

        $this->response->body(json_encode($res));
    }

    public function action_openidlogin()
    {
        $openid = new OpenID;
        $loginopenid = explode('@', $_GET["loginopenid"])[0];
        $openid->SetIdentity("https://openid.sfedu.ru/server.php/idpage?user=" . $loginopenid);
        $openid->SetTrustRoot('http://' . $_SERVER["HTTP_HOST"]);
Artem Konenko's avatar
Artem Konenko committed
        $openid->SetOptionalFields(['email', 'nickname', 'r61globalkey', 'staff', 'student', 'r61studentid']);
        if ($openid->GetOpenIDServer()) {
            $openid->SetApprovedURL('http://' . $_SERVER["HTTP_HOST"] . Kohana::$base_url . 'handler/sign/openidfinish');
            $openid->Redirect();
        } else {
            $error = $openid->GetError();
            echo "ERROR CODE: " . $error['code'] . "<br>";
            echo "ERROR DESCRIPTION: " . $error['description'] . "<br>";
        }
    }

    public function action_openidfinish()
    {
        if ($_GET['openid_mode'] == 'id_res') {
            $openid = new OpenID;
            $openid->SetIdentity($_GET['openid_identity']);
            $openid_validation_result = $openid->ValidateWithServer();

            if ($openid_validation_result == true) {
            elseif ($openid->IsError() == true) {
                $error = $openid->GetError();
                echo 'Ошибка!';
                echo "[" . $error['code'] . "]: " . $error['description'];
                echo 'Ошибка!';
                echo "При авторизации что-то пошло не так. Попробуете снова?";
            }
        } elseif ($_GET['openid_mode'] == 'cancel') {
            echo "Вы досрочно прекратили процесс авторизации.";
Artem Konenko's avatar
Artem Konenko committed
        $isStudent = $_GET["openid_sreg_student"];
        $isStaff = $_GET["openid_sreg_staff"];
        $globalKey = $_GET["openid_sreg_r61globalkey"];

        $ok = false;
        $user_not_found_in_grade = false;
        try {
            if ($isStudent) {
                $globalKey = 'st-' . str_pad(str_replace('st-', '', $globalKey), 9, '0', STR_PAD_LEFT);
                $ok = User::instance()->signInByOpenID($globalKey) || $ok;
            } elseif ($isStaff) {
                $ok = User::instance()->signInByOpenID($globalKey) || $ok;
            }
        catch (Database_Exception $e) {
            $user_not_found_in_grade = true;
        if (!$ok && !$user_not_found_in_grade) {
        $this->redirect('/');
xamgore's avatar
xamgore committed
}