/** * Reset password and send forgot password email to the user * * @param User $user * @return boolean * @throws NotifierConnectionError */ static function forgotPassword(User $user) { $administrator = owner_company()->getCreatedBy(); $new_password = $user->resetPassword(true); tpl_assign('user', $user); tpl_assign('new_password', $new_password); return self::sendEmail(self::prepareEmailAddress($user->getEmail(), $user->getDisplayName()), self::prepareEmailAddress($administrator->getEmail(), $administrator->getDisplayName()), lang('your password'), tpl_fetch(get_template_path('forgot_password', 'notifier'))); // send }
<?php session_start(); date_default_timezone_set('America/New_York'); include_once "../model/User.php"; $opcion = $_GET["opcion"]; switch ($opcion) { case "resetPassword": $user = new User(); $msg = $user->resetPassword($_POST["username"], $_POST["password"]); if ($msg == "true") { $msg = "Password changed"; } $msg = utf8_encode($msg); header("Location: ../view/resetPassword.php?msg={$msg}"); break; case "login": $userObj = new User(); $username = trim($_POST['txtUser']); $password = trim($_POST['txtPassword']); if ($username != '' and $password != '') { $password = md5($password); $user = $userObj->login($username, $password); if (count($user) > 0) { $_SESSION['authorized'] = true; $_SESSION['username'] = $user['username']; $_SESSION['name'] = $user['name']; $_SESSION['profile'] = $user['idprofile']; $_SESSION['idcustomer'] = $user['idcustomer']; $options = $userObj->getProfileOptions($user['idprofile']); $_SESSION["options"] = $options;
break; case "logout": $logout = $user->logout(); echo json_encode($logout); break; case "create": if (isset($email) && isset($sequence)) { $create = $user->create($email); if ($create['success']) { $sequenceArr = json_decode($sequence); $pattern->save($sequenceArr->name, $sequence, $create['uid']); } echo json_encode($create); } else { echo "Missing Required Parameters"; return; } break; case "resetPassword": if (isset($email)) { $resetPwd = $user->resetPassword($email); echo json_encode($resetPwd); } else { echo "Missing Required Parameters"; return; } break; default: echo "That command is not implemented."; return; }
$uid = ""; $loggedIn = false; redirect("/index.php"); } // moved login views to allow key checking require_once "login.views.php"; if (isset($_SESSION['Output']) && $_SESSION['Output']) { echo "<script type=\"text/javascript\">setTimeout(\"document.getElementById(\\\"loginOutput\\\").style.display=\\\"none\\\"\",5000)</script><span id=\"loginOutput\" class=\"loginOutput\">" . $_SESSION['Output'] . "<br></span>"; $_SESSION['Output'] = null; } if (isset($_GET["register"])) { handle_registration($Db); exit; } elseif (isset($_GET["resetPassword"])) { if (isset($_POST['email'])) { $user->resetPassword($_POST['email']); redirect("/" . $_SESSION['redirect']); } else { echo resetPasswordForm(); insert_header("Jackknife Password Reset"); echo "<a class=\"smalllink\" href=\"index.php\">[api input]</a> </body></html>"; } } if (isset($_GET['login'])) { if (isset($_POST["user"]) && isset($_POST["pass"]) && isset($_GET['login'])) { if ($user->checkLogin($_POST["user"], $_POST["pass"])) { redirect("/" . $_SESSION['redirect']); // logged in OK, redirect to last page exit; } else { fatal_error("Invalid Username or Password");
} break; default: Service::returnError('Invalid action: ' . $action); } } elseif ($_SERVER['REQUEST_METHOD'] == "PUT") { $reset = $_GET["reset"]; $id = $_GET["id"]; $class = new User($id, $tenantID); if (!$user->userCanEdit($id, $class)) { Service::returnError('Access denied.', 403); } if ($reset == "true") { try { $class = new User($id, $tenantID); $class->resetPassword(); } catch (Exception $ex) { header(' ', true, 500); echo 'Unable to reset password:'******'REQUEST_METHOD'] == "DELETE") { $id = Utility::getRequestVariable('id', 0); if ($id == 0) { header(' ', true, 400); echo "No user ID specified."; die; } // To do: what permissions are needed to delete a user? try {
public function password() { if ($this->f3->exists('POST.password_reset')) { $mobile = $this->f3->get('SESSION.mobile'); $current_password = $this->f3->get('POST.current_password'); $new_password = $this->f3->get('POST.new_password'); $confirm_password = $this->f3->get('POST.password_confirm'); if ($new_password != $confirm_password || strlen($new_password) < 4) { $this->f3->reroute('/user/password/passwords do not match or lest than 4 characters'); } $user = new User($this->db); $user->load(array('mobile=?', $mobile)); if ($user->password !== md5($current_password)) { $this->f3->reroute('/user/password/the current ' . $user->password . ' password is incorrect ' . $current_password); } else { $user->resetPassword($mobile, $new_password); $this->f3->reroute('/user/password/Password successfully change'); } } $this->f3->set('page_head', 'Password Reset'); $this->f3->set('message', $this->f3->get('PARAMS.message')); $this->f3->set('view', 'home.htm'); $this->f3->set('body', 'user/password.htm'); }
<?php require_once "../includes/session.php"; require_once "../includes/sanitize-all.php"; // Auto load the class when it is beeing created spl_autoload_register(function ($class) { require_once "../classes/" . $class . ".class.php"; }); if (empty($_POST["email"]) or empty($_POST["token"]) or empty($_POST["new-reset-password"]) or empty($_POST["confirm-reset-password"]) or empty($_POST["javascript"])) { die(Translate::string("reset_password_alert.all_fields_required")); } if ($_POST["new-reset-password"] != $_POST["confirm-reset-password"]) { die(Translate::string("reset_password_alert.passwords_dont_match")); } $email = $_POST["email"]; $token = $_POST["token"]; $new_password = $_POST["new-reset-password"]; $session_id = session_id(); $ip_address = $_SERVER['REMOTE_ADDR']; $javascript = $_POST["javascript"]; $browser = $_SERVER['HTTP_USER_AGENT']; if (!User::isTokenValid($email, $token)) { die(Translate::string("reset_password_alert.token_expired")); } $user = new User(); $reset = $user->resetPassword($email, $new_password); if (!$reset or !$user->destroyToken($token)) { die(Translate::string("reset_password_alert.something_went_wrong")); } $user->insertLog("password changed", $email, $javascript, $browser, $ip, $session_id); $user->checkCredentials($email, $new_password, $javascript, $browser, $ip_address, $session_id);
} else { if (isset($_POST['u']) && isset($_POST['email'])) { if (send_reset_email($_POST['u'], $_POST['email'])) { $msg = new InfoText("Check your email for a password reset link.", "Check email"); $page->append($msg); } else { $msg = new AlertText("Error: The email address you provided does not match our records, or something else went wrong. " . 'Please contact <a href="mailto:' . ADMIN_ADDRESS . '">' . ADMIN_ADDRESS . '</a> for assistance.', "Email address mismatch"); $page->append($msg); $page->append(reset_step1()); } } else { if (isset($_REQUEST['u']) && isset($_REQUEST['e']) && isset($_REQUEST['h'])) { if (User::getPasswordResetHash($_REQUEST['u'], $_REQUEST['e']) == $_REQUEST['h'] && $_REQUEST['e'] > time()) { if (isset($_POST['password1']) && isset($_POST['password2'])) { if ($_POST['password1'] == $_POST['password2'] && strlen($_POST['password1']) >= 4) { if (User::resetPassword($_REQUEST['u'], $_REQUEST['e'], $_REQUEST['h'], $_POST['password1'])) { $msg = new InfoText('Your password has been changed. Please <a href="/index.php">log in!</a>!', 'Reset successful'); $page->append($msg); } else { $msg = new AlertText('Sorry, an unknown error occured. Please try again.', 'Unknown error'); $page->append(msg); $page->append(reset_step2()); } } else { if ($_POST['password1'] != $_POST['password2']) { //Password mismatch $msg = new AlertText("Error: The passwords you supplied did not match. Please try again.", "Password mismatch"); $page->append($msg); $page->append(reset_step2()); } else { //Length requirement not met
<?php if (!empty($_POST)) { require_once '../../../framework/User.php'; if (empty($_POST['id'])) { $id = $_GET['id']; } else { $id = $_POST['id']; } // die($id); $password = $_POST['password']; $_SESSION['user']['id'] = $id; $mUser = new User(); if ($mUser->resetPassword($password)) { header('Location:login.php'); } exit; } if (isset($_GET['id']) && isset($_GET['key'])) { $id = $_GET['id']; $key = $_GET['key']; } else { header('location : login.php'); exit; } $pswdrstlink = "resetPassword.php?id=" . $id; require_once "../../../utility/helper/Common/CommonHelper.php"; require_once "../../master/headerhomehtml.php"; ?> <script> function checkPassword() {
require_once '../Models/PasswordReset.php'; $message = ["PasswordReset" => "Your password has been reset", "PasswordNoMatch" => "Passwords do not match", "EmailNoMatch" => "Email does not match"]; $token = $_POST['token']; $email = trim(strtolower($_POST['email'])); $new_password = trim($_POST['new_password']); $new_password_cf = trim($_POST['new_password_cf']); $db = new Database(); $query = $db->query("SElECT * FROM password_resets where email = '{$email}' AND token = '{$token}'"); $data = $query->fetch(PDO::FETCH_ASSOC); if ($data['email'] === $email) { if ($new_password === $new_password_cf) { $user = new User(); $query = $db->query("SELECT user_id from users where email = '{$email}'"); $user_id_query = $query->fetch(PDO::FETCH_ASSOC); $user_id = $user_id_query['user_id']; $password = password_hash($new_password, PASSWORD_BCRYPT); $user->resetPassword($password, $email, $user_id); echo $password . "<br/>"; echo $user_id . "<br/>"; echo $email . "<br/>"; $db->query("DELETE FROM password_resets where token = '{$token}'"); $_SESSION['confirm_message'] = $message['PasswordReset']; $login->login($email, $new_password); } else { $_SESSION['error_message'] = $message['PasswordNoMatch']; View::render("resetpassword.php?token={$token}"); } } else { $_SESSION['error_message'] = $message['EmailNoMatch']; View::render("resetpassword.php?token={$token}"); }
* @package CandyCMS * @version 0.1 * @copyright Copyright 2012 (C) Cocoon Design Ltd. - All Rights Reserved * * Login page for CandyCMS admin */ session_start(); if (isset($_SESSION['loggedin'])) { header('Location: dashboard.php'); } require 'bootstrap.php'; ?> <?php if (isset($_POST['submit'])) { User::resetPassword($_POST['email']); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>CMS Login</title> <link rel="stylesheet" href="css/login.css" type="text/css" /> <!--[if lt IE 9]> <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> </head> <body> <div id="container">
public function resetPassword() { try { $user = new User($this->data->id); $user->resetPassword(); $this->renderPrompt('information', 'Ok'); } catch (\Exception $e) { $this->renderPrompt('error', $e->getMessage()); } }
$response = (object) array('status' => -3, 'status_explanation' => 'Invalid token.'); } header('Content-Type: application/json'); echo json_encode($response); }, $f3->get('route_ttl')); /** * Route: User Reset Pass * * @example /user/reset-pass */ $f3->route('POST /user/reset-pass', function ($f3, $params) use($db) { $email = $f3->get('POST.email'); $user = new User($email); // If user exists if ($user->existsAlready()) { if ($user->resetPassword()) { $response = (object) array('status' => 1, 'status_explanation' => 'Success'); } else { $response = (object) array('status' => -2, 'status_explanation' => 'Could not send email.'); } } else { $response = (object) array('status' => -1, 'status_explanation' => 'A user with provided email doesn\'t exist.'); } header('Content-Type: application/json'); echo json_encode($response, JSON_PRETTY_PRINT); }, $f3->get('route_ttl')); /** * Route: Find users by searching * * @example /user/reset-pass */