Example #1
0
 /**
  * reset the password and sign the user on
  *
  * The user has entered his or her new password. It should be entered
  * twice -- just in case...
  * If both entries match, the new password is stored in the database and
  * the user is logged in.
  *
  * @return WP_Error event if password could not be reset or user could not be signed on
  */
 public static function handle_reset_password()
 {
     // Prevent Cross-Site-Request-Forgery
     if (!Handlers::is_nonce_ok('new_password_form')) {
         return new \WP_Error('nonce', __('There seems to be a security issue. Please do not continue, but inform us!', 'YALW'), 'error');
     }
     // Prevent user's from obtaining rights of other users
     if (Handlers::get_retrieval_code(Session::get_user_login()) != $_POST['YALW_code']) {
         return new \WP_Error('security', __('I\'m sorry, Dave. I\'m afraid I can\'t do that.', 'YALW'), 'error');
     }
     $events = new \WP_Error();
     if (empty($_POST['YALW_new_password'])) {
         // password empty?
         Session::set_next_widget_task('enter_new_password');
         $events->add('password_empty', __('The password cannot be empty.', 'YALW'), 'warn');
     } elseif ($_POST['YALW_new_password'] != $_POST['YALW_control_password']) {
         // password mismatch?
         Session::set_next_widget_task('enter_new_password');
         $events->add('password_mismatch', __('The passwords are not the same. Please re-enter.', 'YALW'), 'warn');
     } else {
         // set new password and login
         wp_set_password($_POST['YALW_new_password'], Session::get_user_id());
         $tmp_error = Handlers::sign_on(Session::get_user_login(), $_POST['YALW_new_password']);
         $events->add($tmp_error->get_error_code(), $tmp_error->get_error_message(), Handlers::get_event_type($tmp_error));
     }
     return $events;
 }
Example #2
0
File: YALW.php Project: otacke/yalw
/**
 * Control the flow of the login process
 *
 * Depending on the state of the widget, this function uses session variables
 * to store values
 */
function control_login()
{
    /*
     * Mixing GET and POST variables feels a little awkward. I'd prefer POST
     * variables only, but you cannot set them via HTML links and a button for
     * the link would look plain ugly, I think :-/
     */
    // set session action to show password retrieval form
    if (!empty($_GET['action'])) {
        if ($_GET['action'] == 'retrieve_code') {
            Session::set_next_widget_task('retrieve_code');
        }
    }
    // Oh, master, what is thy desire?
    if (!empty($_POST['YALW_option'])) {
        switch ($_POST['YALW_option']) {
            case 'YALW_user_login':
                $events = Handlers::handle_login();
                break;
            case 'retrieve_code':
                $events = Handlers::handle_code_retrieval();
                break;
            case 'YALW_enter_code':
                $events = Handlers::handle_reset_code();
                break;
            case 'YALW_reset_password':
                $events = Handlers::handle_reset_password();
                break;
            default:
                $events = null;
                // should not be necessary, but who knows...
        }
    }
    // store any error that may have occured for Display
    if (!empty($events)) {
        Session::set_events($events);
        /*
         * TODO: Implement an option that will allow admins to receive
         * a notification if an exception occured such as an unexpected
         * internal error, problems with the database or a likely attack
         */
    }
}