function admin_reset_password() { $this->set('uid', $this->passedArgs['uid']); $this->set('uname', $this->passedArgs['uname']); if (!empty($this->data)) { $changedPass = $this->data['User']['password']; if ($this->User->reset_password($this->passedArgs['uid'], $this->data)) { $this->Session->setFlash('Password changed successfully!'); $this->set('changedPass', $changedPass); $this->MyEmail->sendEmail(); $this->redirect(array('action' => 'admin_show_all_users', 'admin' => true)); } else { $this->Session->setFlash('Password change error!'); } } }
if they have not posted uname/pass show warning, but allow. if they posted uname/pass, "logout", clear cookies, then login as usual LOSTPASS: when UUID = 0 - ok, reset. when UUID <> 0 and they posted lostpass, so, it's weird but let them do it. */ $result = true; $redir = false; $mesg = ''; $redirurl = '2; URL=index.php'; if (isset($_POST['lostpass']) && $_POST['lostpass']) { // reset password try { $db = db_clients(); $user = new User($db, 0, $_POST['lostpass']); $user->reset_password($db); $mesg = 'New password was sent to registered email address'; } catch (Exception $e) { $result = false; $mesg = 'Request failed: ' . $e->getMessage() . ' (' . $e->getCode() . ')'; } } elseif (isset($_POST['username'], $_POST['password']) && $_POST['username'] && $_POST['password'] != '') { // login requested try { $db = db_clients(); $user = new User($db, 0, $_POST['username']); $olduser = $UUID; $expdate = $user->exp_date; $today = date('Y-m-d'); if (!$expdate) { $expdate = $today;
if ($is_valid['vsecans'] == trim($answer)) { $data['forgtid'] = $frget_id; $data['show_new_input'] = true; } else { $_SESSION['error'] = 'Invalid Answer. Please try again.'; header('Location: ' . $url . '/wml_password.php'); exit; } } else { $_SESSION['error'] = 'Answer is required. Please try again.'; header('Location: ' . $url . '/wml_password.php'); exit; } break; case '3': $frget_id = isset($_POST['forgtid']) ? $_POST['forgtid'] : null; $password = isset($_POST['su_password']) ? $_POST['su_password'] : null; if ($frget_id > 0 && strlen($password) > 5) { $is_changed = $user->reset_password($frget_id, $password); $user->sendPasswordEmail($frget_id, $password); $_SESSION['message'] = 'Your password is changed successfully. Now you can login.'; header('Location: ' . $url . '/wml_login.php'); exit; } break; default: break; } $data['step'] = $step; // echo "<pre>"; print_r($data);exit; layout('password', $data);
/** Instantiators **/ static function new_user($user, $rights) { $r = User::$db->exec("INSERT INTO users (email,rights) VALUES (:user,:rights)", array(':user' => $user, ':rights' => $rights)); User::reset_password($user); }
}); $f3->route('POST /admin/users', function ($f3) { admin_check(); if ($_SESSION['rights'] != "admin") { $f3->reroute("/admin"); } $user = $_POST['user']; switch ($_POST['what']) { case 'update_notify': $notify = isset($_POST['notify']) ? true : false; if (!User::set_notify($user, $notify)) { $f3->error(500); } break; case 'reset_password': User::reset_password($user); break; case 'update_rights': User::set_rights($user, $_POST['rights']); break; case 'new_user': User::new_user($user, $_POST['rights']); break; default: echo "Error"; } $f3->reroute("/admin/users"); }); $f3->route('GET /p/@key', function ($f3) { $key = $f3->get('PARAMS.key'); $user = User::find_pwreset($key);
die; } if ($_POST['session'] != $_SESSION['getpwd'] || empty($_SESSION['getpwd'])) { redirect('/error/'); die; } else { unset($_SESSION['getpwd']); } if (strlen($_POST['password']) > 20) { alert('密码过长!请重新输入!'); redirect($_SERVER['HTTP_REFERER']); die; } if (strlen($_POST['password']) < 4) { alert('密码过长!请重新输入!'); redirect($_SERVER['HTTP_REFERER']); die; } if (preg_match("/^[\\w.!@#\$%^&*]+\$/", $_POST['password']) == 0) { alert('用户名包含特殊字符!请重新输入!'); redirect($_SERVER['HTTP_REFERER']); die; } $uid = intval($_POST['uid']); $user = new User(); $user->id = $uid; $user->reset_password($_POST['password'], '', 1); $db = get_db(); $db->execute("update eb_get_pwd set end_time=now() where user_id={$uid}"); alert('修改成功!'); redirect('/login');