function Handle($Request)
 {
     header("Cache-Control: no-store, no-cache, must-revalidate, no-transform, max-age=0, post-check=0, pre-check=0");
     header("Pragma: no-cache");
     $userSession = new phpsec\Session();
     $sessionID = $userSession->existingSession();
     if ($sessionID != FALSE) {
         $userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
         return require_once __DIR__ . "/../../view/default/user/index.php";
     } else {
         $newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/home";
         header("Location: {$newLocation}");
     }
 }
 function Handle($Request)
 {
     try {
         $userSession = new phpsec\Session();
         $sessionID = $userSession->existingSession();
         if ($sessionID != FALSE) {
             if (isset($_POST['submit'])) {
                 $userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
                 if (isset($_POST['_x_oldpass']) && $_POST['_x_oldpass'] != "" && isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['repass']) && $_POST['repass'] != "") {
                     $config = (require_once __DIR__ . "/../../config/config.php");
                     if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
                         $this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
                         if ($config['PASSWORD_SUGGESTION'] === "ON") {
                             $this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
                         }
                         return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
                     }
                     if ($_POST['pass'] !== $_POST['repass']) {
                         $this->error .= "Your Password and Re-Type Password fields do not match. Please enter the same password twice." . "<BR>";
                         return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
                     }
                     try {
                         $userObj = phpsec\UserManagement::logIn($userID, $_POST['_x_oldpass']);
                         $userObj->resetPassword($_POST['_x_oldpass'], $_POST['pass']);
                         $this->info .= "Your password have been changed successfully." . "<BR>";
                     } catch (phpsec\WrongPasswordException $e) {
                         if ($config['BRUTE_FORCE_DETECTION'] === "ON") {
                             try {
                                 new phpsec\AdvancedPasswordManagement($userID, $_POST['pass'], TRUE);
                             } catch (phpsec\BruteForceAttackDetectedException $ex) {
                                 \phpsec\User::lockAccount($userID);
                                 $this->error .= "Brute Force Attack detected on this account. This account has now been locked. If its not your fault, then please contact the administrator." . "<BR>";
                             }
                         }
                         $this->error .= "Your old password does not seems correct. Please enter your old password for verification." . "<BR>";
                     }
                 } else {
                     $this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
                 }
             }
         } else {
             $this->error .= "You are not logged-in. Please login to complete the operation." . "<BR>";
             $newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/login";
             header("Location: {$newLocation}");
         }
     } catch (Exception $e) {
         $this->error .= $e->getMessage() . "<BR>";
     }
     return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
 }
 function Handle($Request)
 {
     try {
         $userSession = new phpsec\Session();
         $sessionID = $userSession->existingSession();
         if ($sessionID != FALSE) {
             if (isset($_POST['submit'])) {
                 if (isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['repass']) && $_POST['repass'] != "") {
                     $config = (require_once __DIR__ . "/../../config/config.php");
                     if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
                         $this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
                         if ($config['PASSWORD_SUGGESTION'] === "ON") {
                             $this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
                         }
                         return require_once __DIR__ . "/../../view/default/user/newpassword.php";
                     }
                     if ($_POST['pass'] !== $_POST['repass']) {
                         $this->error .= "Your Password and Re-Type Password fields do not match. Please enter the same password twice." . "<BR>";
                         return require_once __DIR__ . "/../../view/default/user/newpassword.php";
                     }
                     $userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
                     if ($userID !== FALSE) {
                         $userObj = phpsec\UserManagement::forceLogIn($userID);
                         if ($userObj->forceResetPassword($_POST['pass'])) {
                             $this->info .= "Your Password has been changed successfully." . "<BR>";
                         } else {
                             $this->error .= "We encountered an error. Please re-try later!" . "<BR>";
                         }
                     } else {
                         $userSession->destroySession();
                         $this->error .= "Your session seems to be invalid. Cannot proceed!!" . "<BR>";
                     }
                 } else {
                     $this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
                 }
             }
         } else {
             $this->error .= "Seems you should not be accessing this page!" . "<BR>";
             $newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/login";
             header("Location: {$newLocation}");
         }
     } catch (Exception $e) {
         $this->error .= $e->getMessage() . "<BR>";
     }
     return require_once __DIR__ . "/../../view/default/user/newpassword.php";
 }
 function Handle($Request)
 {
     try {
         $userSession = new phpsec\Session();
         $sessionID = $userSession->existingSession();
         if ($sessionID != FALSE) {
             $userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
             $userObj = phpsec\UserManagement::forceLogIn($userID);
             phpsec\UserManagement::logOut($userObj);
         } else {
             phpsec\User::deleteAuthenticationToken();
         }
         $this->info .= "You are now logged out." . "<BR>";
         $nextURL = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/home";
         header("Location: {$nextURL}");
     } catch (Exception $e) {
         $this->error .= $e->getMessage() . "<BR>";
         $lastURL = $_SERVER['HTTP_REFERER'];
         header("Location: {$lastURL}");
     }
 }