Request::get('redirect') ? Request::get('redirect') : null); $this->View->render('login/index', $data); } } /** * The login action, when you do login/login */ public function login() { // check if csrf token is valid if (!Csrf::isTokenValid()) { LoginModel::logout(); Redirect::home(); exit(); } // perform the login method, put result (true or false) into $login_successful $login_successful = LoginModel::login( Request::post('user_name'), Request::post('user_password'), Request::post('set_remember_me_cookie') ); // check login status: if true, then redirect user to user/index, if false, then to login form again if ($login_successful) { if (Request::post('redirect')) { Redirect::toPreviousViewedPageAfterLogin(ltrim(urldecode(Request::post('redirect')), '/')); } else { Redirect::to('user/index'); } } else { if (Request::post('redirect')) { Redirect::to('login?redirect=' . ltrim(urlencode(Request::post('redirect')), '/')); } else { Redirect::to('login/index'); } } } /** * The logout action * Perform logout, redirect user to main-page */ public function logout() { LoginModel::logout(); Redirect::home(); exit(); } /** * Login with cookie */ public function loginWithCookie() { // run the loginWithCookie() method in the login-model, put the result in $login_successful (true or false) $login_successful = LoginModel::loginWithCookie(Request::cookie('remember_me')); // if login successful, redirect to dashboard/index ... if ($login_successful) { Redirect::to('dashboard/index'); } else { // if not, delete cookie (outdated? attack?) and route user to login form to prevent infinite login loops LoginModel::deleteCookie(); Redirect::to('login/index'); } } /** * Show the request-password-reset page */ public function requestPasswordReset() { $this->View->render('login/requestPasswordReset'); } /** * The request-password-reset action * POST-request after form submit */ public function requestPasswordReset_action() { PasswordResetModel::requestPasswordReset(Request::post('user_name_or_email'), Request::post('captcha')); Redirect::to('login/index'); } /** * Verify the verification token of that user (to show the user the password editing view or not) * @param string $user_name username * @param string $verification_code password reset verification token */ public function verifyPasswordReset($user_name, $verification_code) { // check if this the provided verification code fits the user's verification code if (PasswordResetModel::verifyPasswordReset($user_name, $verification_code)) { // pass URL-provided variable to view to display them $this->View->render('login/resetPassword', array( 'user_name' => $user_name, 'user_password_reset_hash' => $verification_code )); } else { Redirect::to('login/index'); } } /** * Set the new password * Please note that this happens while the user is not logged in. The user identifies via the data provided by the * password reset link from the email, automatically filled into the

fields. See verifyPasswordReset() * for more. Then (regardless of result) route user to index page (user will get success/error via feedback message) * POST request ! * TODO this is an _action */ public function setNewPassword() { PasswordResetModel::setNewPassword( Request::post('user_name'), Request::post('user_password_reset_hash'), Request::post('user_password_new'), Request::post('user_password_repeat') ); Redirect::to('login/index'); } }