/**
* Reset password and send forgot password email to the user
*
* @param User $user
* @return boolean
* @throws NotifierConnectionError
*/
static function forgotPassword(User $user)
{
$administrator = owner_company()->getCreatedBy();
$new_password = $user->resetPassword(true);
tpl_assign('user', $user);
tpl_assign('new_password', $new_password);
return self::sendEmail(self::prepareEmailAddress($user->getEmail(), $user->getDisplayName()), self::prepareEmailAddress($administrator->getEmail(), $administrator->getDisplayName()), lang('your password'), tpl_fetch(get_template_path('forgot_password', 'notifier')));
// send
}
<?php
session_start();
date_default_timezone_set('America/New_York');
include_once "../model/User.php";
$opcion = $_GET["opcion"];
switch ($opcion) {
case "resetPassword":
$user = new User();
$msg = $user->resetPassword($_POST["username"], $_POST["password"]);
if ($msg == "true") {
$msg = "Password changed";
}
$msg = utf8_encode($msg);
header("Location: ../view/resetPassword.php?msg={$msg}");
break;
case "login":
$userObj = new User();
$username = trim($_POST['txtUser']);
$password = trim($_POST['txtPassword']);
if ($username != '' and $password != '') {
$password = md5($password);
$user = $userObj->login($username, $password);
if (count($user) > 0) {
$_SESSION['authorized'] = true;
$_SESSION['username'] = $user['username'];
$_SESSION['name'] = $user['name'];
$_SESSION['profile'] = $user['idprofile'];
$_SESSION['idcustomer'] = $user['idcustomer'];
$options = $userObj->getProfileOptions($user['idprofile']);
$_SESSION["options"] = $options;
break;
case "logout":
$logout = $user->logout();
echo json_encode($logout);
break;
case "create":
if (isset($email) && isset($sequence)) {
$create = $user->create($email);
if ($create['success']) {
$sequenceArr = json_decode($sequence);
$pattern->save($sequenceArr->name, $sequence, $create['uid']);
}
echo json_encode($create);
} else {
echo "Missing Required Parameters";
return;
}
break;
case "resetPassword":
if (isset($email)) {
$resetPwd = $user->resetPassword($email);
echo json_encode($resetPwd);
} else {
echo "Missing Required Parameters";
return;
}
break;
default:
echo "That command is not implemented.";
return;
}
$uid = "";
$loggedIn = false;
redirect("/index.php");
}
// moved login views to allow key checking
require_once "login.views.php";
if (isset($_SESSION['Output']) && $_SESSION['Output']) {
echo "<script type=\"text/javascript\">setTimeout(\"document.getElementById(\\\"loginOutput\\\").style.display=\\\"none\\\"\",5000)</script><span id=\"loginOutput\" class=\"loginOutput\">" . $_SESSION['Output'] . "<br></span>";
$_SESSION['Output'] = null;
}
if (isset($_GET["register"])) {
handle_registration($Db);
exit;
} elseif (isset($_GET["resetPassword"])) {
if (isset($_POST['email'])) {
$user->resetPassword($_POST['email']);
redirect("/" . $_SESSION['redirect']);
} else {
echo resetPasswordForm();
insert_header("Jackknife Password Reset");
echo "<a class=\"smalllink\" href=\"index.php\">[api input]</a> </body></html>";
}
}
if (isset($_GET['login'])) {
if (isset($_POST["user"]) && isset($_POST["pass"]) && isset($_GET['login'])) {
if ($user->checkLogin($_POST["user"], $_POST["pass"])) {
redirect("/" . $_SESSION['redirect']);
// logged in OK, redirect to last page
exit;
} else {
fatal_error("Invalid Username or Password");
}
break;
default:
Service::returnError('Invalid action: ' . $action);
}
} elseif ($_SERVER['REQUEST_METHOD'] == "PUT") {
$reset = $_GET["reset"];
$id = $_GET["id"];
$class = new User($id, $tenantID);
if (!$user->userCanEdit($id, $class)) {
Service::returnError('Access denied.', 403);
}
if ($reset == "true") {
try {
$class = new User($id, $tenantID);
$class->resetPassword();
} catch (Exception $ex) {
header(' ', true, 500);
echo 'Unable to reset password:'******'REQUEST_METHOD'] == "DELETE") {
$id = Utility::getRequestVariable('id', 0);
if ($id == 0) {
header(' ', true, 400);
echo "No user ID specified.";
die;
}
// To do: what permissions are needed to delete a user?
try {
public function password()
{
if ($this->f3->exists('POST.password_reset')) {
$mobile = $this->f3->get('SESSION.mobile');
$current_password = $this->f3->get('POST.current_password');
$new_password = $this->f3->get('POST.new_password');
$confirm_password = $this->f3->get('POST.password_confirm');
if ($new_password != $confirm_password || strlen($new_password) < 4) {
$this->f3->reroute('/user/password/passwords do not match or lest than 4 characters');
}
$user = new User($this->db);
$user->load(array('mobile=?', $mobile));
if ($user->password !== md5($current_password)) {
$this->f3->reroute('/user/password/the current ' . $user->password . ' password is incorrect ' . $current_password);
} else {
$user->resetPassword($mobile, $new_password);
$this->f3->reroute('/user/password/Password successfully change');
}
}
$this->f3->set('page_head', 'Password Reset');
$this->f3->set('message', $this->f3->get('PARAMS.message'));
$this->f3->set('view', 'home.htm');
$this->f3->set('body', 'user/password.htm');
}
<?php
require_once "../includes/session.php";
require_once "../includes/sanitize-all.php";
// Auto load the class when it is beeing created
spl_autoload_register(function ($class) {
require_once "../classes/" . $class . ".class.php";
});
if (empty($_POST["email"]) or empty($_POST["token"]) or empty($_POST["new-reset-password"]) or empty($_POST["confirm-reset-password"]) or empty($_POST["javascript"])) {
die(Translate::string("reset_password_alert.all_fields_required"));
}
if ($_POST["new-reset-password"] != $_POST["confirm-reset-password"]) {
die(Translate::string("reset_password_alert.passwords_dont_match"));
}
$email = $_POST["email"];
$token = $_POST["token"];
$new_password = $_POST["new-reset-password"];
$session_id = session_id();
$ip_address = $_SERVER['REMOTE_ADDR'];
$javascript = $_POST["javascript"];
$browser = $_SERVER['HTTP_USER_AGENT'];
if (!User::isTokenValid($email, $token)) {
die(Translate::string("reset_password_alert.token_expired"));
}
$user = new User();
$reset = $user->resetPassword($email, $new_password);
if (!$reset or !$user->destroyToken($token)) {
die(Translate::string("reset_password_alert.something_went_wrong"));
}
$user->insertLog("password changed", $email, $javascript, $browser, $ip, $session_id);
$user->checkCredentials($email, $new_password, $javascript, $browser, $ip_address, $session_id);
} else {
if (isset($_POST['u']) && isset($_POST['email'])) {
if (send_reset_email($_POST['u'], $_POST['email'])) {
$msg = new InfoText("Check your email for a password reset link.", "Check email");
$page->append($msg);
} else {
$msg = new AlertText("Error: The email address you provided does not match our records, or something else went wrong. " . 'Please contact <a href="mailto:' . ADMIN_ADDRESS . '">' . ADMIN_ADDRESS . '</a> for assistance.', "Email address mismatch");
$page->append($msg);
$page->append(reset_step1());
}
} else {
if (isset($_REQUEST['u']) && isset($_REQUEST['e']) && isset($_REQUEST['h'])) {
if (User::getPasswordResetHash($_REQUEST['u'], $_REQUEST['e']) == $_REQUEST['h'] && $_REQUEST['e'] > time()) {
if (isset($_POST['password1']) && isset($_POST['password2'])) {
if ($_POST['password1'] == $_POST['password2'] && strlen($_POST['password1']) >= 4) {
if (User::resetPassword($_REQUEST['u'], $_REQUEST['e'], $_REQUEST['h'], $_POST['password1'])) {
$msg = new InfoText('Your password has been changed. Please <a href="/index.php">log in!</a>!', 'Reset successful');
$page->append($msg);
} else {
$msg = new AlertText('Sorry, an unknown error occured. Please try again.', 'Unknown error');
$page->append(msg);
$page->append(reset_step2());
}
} else {
if ($_POST['password1'] != $_POST['password2']) {
//Password mismatch
$msg = new AlertText("Error: The passwords you supplied did not match. Please try again.", "Password mismatch");
$page->append($msg);
$page->append(reset_step2());
} else {
//Length requirement not met
<?php
if (!empty($_POST)) {
require_once '../../../framework/User.php';
if (empty($_POST['id'])) {
$id = $_GET['id'];
} else {
$id = $_POST['id'];
}
// die($id);
$password = $_POST['password'];
$_SESSION['user']['id'] = $id;
$mUser = new User();
if ($mUser->resetPassword($password)) {
header('Location:login.php');
}
exit;
}
if (isset($_GET['id']) && isset($_GET['key'])) {
$id = $_GET['id'];
$key = $_GET['key'];
} else {
header('location : login.php');
exit;
}
$pswdrstlink = "resetPassword.php?id=" . $id;
require_once "../../../utility/helper/Common/CommonHelper.php";
require_once "../../master/headerhomehtml.php";
?>
<script>
function checkPassword() {
require_once '../Models/PasswordReset.php';
$message = ["PasswordReset" => "Your password has been reset", "PasswordNoMatch" => "Passwords do not match", "EmailNoMatch" => "Email does not match"];
$token = $_POST['token'];
$email = trim(strtolower($_POST['email']));
$new_password = trim($_POST['new_password']);
$new_password_cf = trim($_POST['new_password_cf']);
$db = new Database();
$query = $db->query("SElECT * FROM password_resets where email = '{$email}' AND token = '{$token}'");
$data = $query->fetch(PDO::FETCH_ASSOC);
if ($data['email'] === $email) {
if ($new_password === $new_password_cf) {
$user = new User();
$query = $db->query("SELECT user_id from users where email = '{$email}'");
$user_id_query = $query->fetch(PDO::FETCH_ASSOC);
$user_id = $user_id_query['user_id'];
$password = password_hash($new_password, PASSWORD_BCRYPT);
$user->resetPassword($password, $email, $user_id);
echo $password . "<br/>";
echo $user_id . "<br/>";
echo $email . "<br/>";
$db->query("DELETE FROM password_resets where token = '{$token}'");
$_SESSION['confirm_message'] = $message['PasswordReset'];
$login->login($email, $new_password);
} else {
$_SESSION['error_message'] = $message['PasswordNoMatch'];
View::render("resetpassword.php?token={$token}");
}
} else {
$_SESSION['error_message'] = $message['EmailNoMatch'];
View::render("resetpassword.php?token={$token}");
}
* @package CandyCMS
* @version 0.1
* @copyright Copyright 2012 (C) Cocoon Design Ltd. - All Rights Reserved
*
* Login page for CandyCMS admin
*/
session_start();
if (isset($_SESSION['loggedin'])) {
header('Location: dashboard.php');
}
require 'bootstrap.php';
?>
<?php
if (isset($_POST['submit'])) {
User::resetPassword($_POST['email']);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>CMS Login</title>
<link rel="stylesheet" href="css/login.css" type="text/css" />
<!--[if lt IE 9]>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
</head>
<body>
<div id="container">
public function resetPassword()
{
try {
$user = new User($this->data->id);
$user->resetPassword();
$this->renderPrompt('information', 'Ok');
} catch (\Exception $e) {
$this->renderPrompt('error', $e->getMessage());
}
}
$response = (object) array('status' => -3, 'status_explanation' => 'Invalid token.');
}
header('Content-Type: application/json');
echo json_encode($response);
}, $f3->get('route_ttl'));
/**
* Route: User Reset Pass
*
* @example /user/reset-pass
*/
$f3->route('POST /user/reset-pass', function ($f3, $params) use($db) {
$email = $f3->get('POST.email');
$user = new User($email);
// If user exists
if ($user->existsAlready()) {
if ($user->resetPassword()) {
$response = (object) array('status' => 1, 'status_explanation' => 'Success');
} else {
$response = (object) array('status' => -2, 'status_explanation' => 'Could not send email.');
}
} else {
$response = (object) array('status' => -1, 'status_explanation' => 'A user with provided email doesn\'t exist.');
}
header('Content-Type: application/json');
echo json_encode($response, JSON_PRETTY_PRINT);
}, $f3->get('route_ttl'));
/**
* Route: Find users by searching
*
* @example /user/reset-pass
*/
