function admin_reset_password()
{
$this->set('uid', $this->passedArgs['uid']);
$this->set('uname', $this->passedArgs['uname']);
if (!empty($this->data)) {
$changedPass = $this->data['User']['password'];
if ($this->User->reset_password($this->passedArgs['uid'], $this->data)) {
$this->Session->setFlash('Password changed successfully!');
$this->set('changedPass', $changedPass);
$this->MyEmail->sendEmail();
$this->redirect(array('action' => 'admin_show_all_users', 'admin' => true));
} else {
$this->Session->setFlash('Password change error!');
}
}
}
if they have not posted uname/pass show warning, but allow.
if they posted uname/pass, "logout", clear cookies, then login as usual
LOSTPASS:
when UUID = 0 - ok, reset.
when UUID <> 0 and they posted lostpass, so, it's weird but let them do it.
*/
$result = true;
$redir = false;
$mesg = '';
$redirurl = '2; URL=index.php';
if (isset($_POST['lostpass']) && $_POST['lostpass']) {
// reset password
try {
$db = db_clients();
$user = new User($db, 0, $_POST['lostpass']);
$user->reset_password($db);
$mesg = 'New password was sent to registered email address';
} catch (Exception $e) {
$result = false;
$mesg = 'Request failed: ' . $e->getMessage() . ' (' . $e->getCode() . ')';
}
} elseif (isset($_POST['username'], $_POST['password']) && $_POST['username'] && $_POST['password'] != '') {
// login requested
try {
$db = db_clients();
$user = new User($db, 0, $_POST['username']);
$olduser = $UUID;
$expdate = $user->exp_date;
$today = date('Y-m-d');
if (!$expdate) {
$expdate = $today;
if ($is_valid['vsecans'] == trim($answer)) {
$data['forgtid'] = $frget_id;
$data['show_new_input'] = true;
} else {
$_SESSION['error'] = 'Invalid Answer. Please try again.';
header('Location: ' . $url . '/wml_password.php');
exit;
}
} else {
$_SESSION['error'] = 'Answer is required. Please try again.';
header('Location: ' . $url . '/wml_password.php');
exit;
}
break;
case '3':
$frget_id = isset($_POST['forgtid']) ? $_POST['forgtid'] : null;
$password = isset($_POST['su_password']) ? $_POST['su_password'] : null;
if ($frget_id > 0 && strlen($password) > 5) {
$is_changed = $user->reset_password($frget_id, $password);
$user->sendPasswordEmail($frget_id, $password);
$_SESSION['message'] = 'Your password is changed successfully. Now you can login.';
header('Location: ' . $url . '/wml_login.php');
exit;
}
break;
default:
break;
}
$data['step'] = $step;
// echo "<pre>"; print_r($data);exit;
layout('password', $data);
/** Instantiators **/
static function new_user($user, $rights)
{
$r = User::$db->exec("INSERT INTO users (email,rights) VALUES (:user,:rights)", array(':user' => $user, ':rights' => $rights));
User::reset_password($user);
}
});
$f3->route('POST /admin/users', function ($f3) {
admin_check();
if ($_SESSION['rights'] != "admin") {
$f3->reroute("/admin");
}
$user = $_POST['user'];
switch ($_POST['what']) {
case 'update_notify':
$notify = isset($_POST['notify']) ? true : false;
if (!User::set_notify($user, $notify)) {
$f3->error(500);
}
break;
case 'reset_password':
User::reset_password($user);
break;
case 'update_rights':
User::set_rights($user, $_POST['rights']);
break;
case 'new_user':
User::new_user($user, $_POST['rights']);
break;
default:
echo "Error";
}
$f3->reroute("/admin/users");
});
$f3->route('GET /p/@key', function ($f3) {
$key = $f3->get('PARAMS.key');
$user = User::find_pwreset($key);
die;
}
if ($_POST['session'] != $_SESSION['getpwd'] || empty($_SESSION['getpwd'])) {
redirect('/error/');
die;
} else {
unset($_SESSION['getpwd']);
}
if (strlen($_POST['password']) > 20) {
alert('密码过长!请重新输入!');
redirect($_SERVER['HTTP_REFERER']);
die;
}
if (strlen($_POST['password']) < 4) {
alert('密码过长!请重新输入!');
redirect($_SERVER['HTTP_REFERER']);
die;
}
if (preg_match("/^[\\w.!@#\$%^&*]+\$/", $_POST['password']) == 0) {
alert('用户名包含特殊字符!请重新输入!');
redirect($_SERVER['HTTP_REFERER']);
die;
}
$uid = intval($_POST['uid']);
$user = new User();
$user->id = $uid;
$user->reset_password($_POST['password'], '', 1);
$db = get_db();
$db->execute("update eb_get_pwd set end_time=now() where user_id={$uid}");
alert('修改成功!');
redirect('/login');
