UserFrosting API

AccountController extends SimpleController

Controller class for /account/* URLs. Handles account-related activities, including login, registration, password recovery, and account settings.

Basic controller class, that imports the entire DI container for easy access to services. Your controller classes may extend this controller class.

$ci		ContainerInterface
checkUsername()	Check a username for availability.	mixed
denyResetPassword()	Processes a request to cancel a password reset request.	mixed
forgotPassword()	Processes a request to email a forgotten password reset link to the user.	mixed
getModalAccountTos()	Returns a modal containing account terms of service.	mixed
imageCaptcha()	Generate a random captcha, store it to the session, and return the captcha image.	mixed
login()	Processes an account login request.	mixed
logout()	Log the user out completely, including destroying any "remember me" token.	mixed
pageForgotPassword()	Render the "forgot password" page.	mixed
pageRegister()	Render the account registration page for UserFrosting.	mixed
pageResendVerification()	Render the "resend verification email" page.	mixed
pageResetPassword()	Reset password page.	mixed
pageSetPassword()	Render the "set password" page.	mixed
pageSettings()	Account settings page.	mixed
pageSignIn()	Render the account sign-in page for UserFrosting.	mixed
profile()	Processes a request to update a user's profile information.	mixed
register()	Processes an new account registration request.	mixed
resendVerification()	Processes a request to resend the verification email for a new user account.	mixed
setPassword()	Processes a request to set the password for a new or current user.	mixed
settings()	Processes a request to update a user's account information.	mixed
suggestUsername()	Suggest an available username for a specified first/last name.	mixed
verify()	Processes an new email verification request.	mixed
__construct()	Constructor.	mixed

$ci


        protected
                ContainerInterface
        $ci

checkUsername()

Check a username for availability.


        public
                                checkUsername(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

This route is throttled by default, to discourage abusing it for account enumeration. This route is "public access".

AuthGuard: false Route: /account/check-username Route Name: {none} Request type: GET

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

denyResetPassword()

Processes a request to cancel a password reset request.


        public
                                denyResetPassword(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

This is provided so that users can cancel a password reset request, if they made it in error or if it was not initiated by themselves. Processes the request from the password reset link, checking that:

The provided token is associated with an existing user account, who has a pending password reset request.

AuthGuard: false Route: /account/set-password/deny Route Name: {none} Request type: GET

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

forgotPassword()

Processes a request to email a forgotten password reset link to the user.


        public
                                forgotPassword(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

Processes the request from the form on the "forgot password" page, checking that:

The rate limit for this type of request is being observed.
The provided email address belongs to a registered account;
The submitted data is valid. Note that we have removed the requirement that a password reset request not already be in progress. This is because we need to allow users to re-request a reset, even if they lose the first reset email. This route is "public access".

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

getModalAccountTos()

Returns a modal containing account terms of service.


        public
                                getModalAccountTos(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

This does NOT render a complete page. Instead, it renders the HTML for the form, which can be embedded in other pages.

AuthGuard: false Route: /modals/account/tos Route Name: {none} Request type: GET

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

imageCaptcha()

Generate a random captcha, store it to the session, and return the captcha image.


        public
                                imageCaptcha(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

AuthGuard: false Route: /account/captcha Route Name: {none} Request type: GET

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

login()

Processes an account login request.


        public
                                login(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

Processes the request from the form on the login page, checking that:

The user is not already logged in.
The rate limit for this type of request is being observed.
Email login is enabled, if an email address was used.
The user account exists.
The user account is enabled and verified.
The user entered a valid username/email and password. This route, by definition, is "public access".

AuthGuard: false Route: /account/login Route Name: {none} Request type: POST

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

logout()

Log the user out completely, including destroying any "remember me" token.


        public
                                logout(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

AuthGuard: true Route: /account/logout Route Name: {none} Request type: GET

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

pageForgotPassword()

Render the "forgot password" page.


        public
                                pageForgotPassword(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

This creates a simple form to allow users who forgot their password to have a time-limited password reset link emailed to them. By default, this is a "public page" (does not require authentication).

AuthGuard: false Route: /account/forgot-password Route Name: forgot-password Request type: GET

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

pageRegister()

Render the account registration page for UserFrosting.


        public
                                pageRegister(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

This allows new (non-authenticated) users to create a new account for themselves on your website (if enabled). By definition, this is a "public page" (does not require authentication).

AuthGuard: false checkEnvironment Route: /account/register Route Name: register Request type: GET

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

pageResendVerification()

Render the "resend verification email" page.


        public
                                pageResendVerification(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

This is a form that allows users who lost their account verification link to have the link resent to their email address. By default, this is a "public page" (does not require authentication).

AuthGuard: false Route: /account/resend-verification Route Name: {none} Request type: GET

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

pageResetPassword()

Reset password page.


        public
                                pageResetPassword(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

Renders the new password page for password reset requests.

AuthGuard: false Route: /account/set-password/confirm Route Name: {none} Request type: GET

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

pageSetPassword()

Render the "set password" page.


        public
                                pageSetPassword(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

Renders the page where new users who have had accounts created for them by another user, can set their password. By default, this is a "public page" (does not require authentication).

AuthGuard: false Route: Route Name: {none} Request type: GET

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

pageSettings()

Account settings page.


        public
                                pageSettings(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

Provides a form for users to modify various properties of their account, such as name, email, locale, etc. Any fields that the user does not have permission to modify will be automatically disabled. This page requires authentication.

AuthGuard: true Route: /account/settings Route Name: {none} Request type: GET

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

pageSignIn()

Render the account sign-in page for UserFrosting.


        public
                                pageSignIn(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

This allows existing users to sign in. By definition, this is a "public page" (does not require authentication).

AuthGuard: false checkEnvironment Route: /account/sign-in Route Name: login Request type: GET

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

profile()

Processes a request to update a user's profile information.


        public
                                profile(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

Processes the request from the user profile settings form, checking that:

They have the necessary permissions to update the posted field(s);
The submitted data is valid. This route requires authentication.

AuthGuard: true Route: /account/settings/profile Route Name: {none} Request type: POST

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

register()

Processes an new account registration request.


        public
                                register(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

This is throttled to prevent account enumeration, since it needs to divulge when a username/email has been used. Processes the request from the form on the registration page, checking that:

The honeypot was not modified;
The master account has already been created (during installation);
Account registration is enabled;
The user is not already logged in;
Valid information was entered;
The captcha, if enabled, is correct;
The username and email are not already taken. Automatically sends an activation link upon success, if account activation is enabled. This route is "public access". Returns the User Object for the user record that was created.

AuthGuard: false Route: /account/register Route Name: {none} Request type: POST

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

resendVerification()

Processes a request to resend the verification email for a new user account.


        public
                                resendVerification(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

Processes the request from the resend verification email form, checking that:

The rate limit on this type of request is observed;
The provided email is associated with an existing user account;
The user account is not already verified;
The submitted data is valid. This route is "public access".

AuthGuard: false Route: /account/resend-verification Route Name: {none} Request type: POST

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

setPassword()

Processes a request to set the password for a new or current user.


        public
                                setPassword(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

Processes the request from the password create/reset form, which should have the secret token embedded in it, checking that:

The provided secret token is associated with an existing user account;
The user has a password set/reset request in progress;
The token has not expired;
The submitted data (new password) is valid. This route is "public access".

AuthGuard: false Route: /account/set-password Route Name: {none} Request type: POST

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

settings()

Processes a request to update a user's account information.


        public
                                settings(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

Processes the request from the user account settings form, checking that:

The user correctly input their current password;
They have the necessary permissions to update the posted field(s);
The submitted data is valid. This route requires authentication.

AuthGuard: true Route: /account/settings Route Name: settings Request type: POST

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

suggestUsername()

Suggest an available username for a specified first/last name.


        public
                                suggestUsername(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

This route is "public access".

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

verify()

Processes an new email verification request.


        public
                                verify(
                    
                            $request :
                ServerRequestInterface
                            
                    
            ,                 $response :
                ResponseInterface
                            
                    
            ,                 $args :
                array
                            
                )
        : mixed

Processes the request from the email verification link that was emailed to the user, checking that:

The token provided matches a user in the database;
The user account is not already verified; This route is "public access".

AuthGuard: false Route: /account/verify Route Name: {none} Request type: GET

Parameters

$request : ServerRequestInterface
$response : ResponseInterface
$args : array

Return values

mixed

__construct()

Constructor.


        public
                                __construct(
                    
                            $ci :
                ContainerInterface
                            
                )
        : mixed

Parameters

$ci : ContainerInterface: The global container object, which holds all your services.

Return values

mixed

AccountController extends SimpleController

Tags

Table of Contents

Properties

$ci

Methods

checkUsername()

Parameters

Tags

Return values

denyResetPassword()

Parameters

Return values

forgotPassword()

Parameters

Tags

Return values

getModalAccountTos()

Parameters

Return values

imageCaptcha()

Parameters

Return values

login()

Parameters

Return values

logout()

Parameters

Return values

pageForgotPassword()

Parameters

Return values

pageRegister()

Parameters

Tags

Return values

pageResendVerification()

Parameters

Return values

pageResetPassword()

Parameters

Return values

pageSetPassword()

Parameters

Return values

pageSettings()

Parameters

Tags

Return values

pageSignIn()

Parameters

Return values

profile()

Parameters

Return values

register()

Parameters

Tags

Return values

resendVerification()

Parameters

Return values

setPassword()

Parameters

Return values

settings()

Parameters

Return values

suggestUsername()

Parameters

Tags

Return values

verify()

Parameters

Return values

__construct()

Parameters

Return values

Search results