/**
* This activity either verifies the recover email and sets up the
* appropriate data for a change password form or it verifies the
* change password form data and changes the password. If verifications
* error messages are set up
*
* @return array form data to be used by recover or signin views
*/
function recoverComplete()
{
$data = array();
$data['REFRESH'] = "signin";
$user_model = $this->model("user");
$visitor_model = $this->model("visitor");
$fields = array("user", "hash", "time");
if (isset($_REQUEST['finish_hash'])) {
$fields = array("user", "finish_hash", "time", "password", "repassword");
}
$recover_fail = "doMessage('<h1 class=\"red\" >" . tl('register_controller_account_recover_fail') . "</h1>');";
foreach ($fields as $field) {
if (isset($_REQUEST[$field])) {
$data[$field] = $this->clean($_REQUEST[$field], "string");
} else {
$data['SCRIPT'] = $recover_fail;
return $data;
}
}
$user = $user_model->getUser($data["user"]);
if (!$user) {
$data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_account_recover_fail') . "</h1>');";
return $data;
}
$user_session = $user_model->getUserSession($user["USER_ID"]);
if (isset($data['finish_hash'])) {
$finish_hash = urlencode(crawlCrypt($user['HASH'] . $data["time"] . $user['CREATION_TIME'] . AUTH_KEY, urldecode($data['finish_hash'])));
if ($finish_hash != $data['finish_hash'] || !$this->checkRecoveryQuestions($user)) {
$visitor_model->updateVisitor($_SERVER['REMOTE_ADDR'], "captcha_time_out");
$data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_account_recover_fail') . "</h1>');";
return $data;
}
if ($data["password"] == $data["repassword"]) {
if (isset($user_session['LAST_RECOVERY_TIME']) && $user_session['LAST_RECOVERY_TIME'] > $data["time"]) {
$data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_recovered_already') . "</h1>');";
return $data;
} else {
if (time() - $data["time"] > ONE_DAY) {
$data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_recovery_expired') . "</h1>');";
return $data;
} else {
$user["PASSWORD"] = $data["password"];
$user_model->updateUser($user);
$data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_password_changed') . "</h1>');";
$user_session['LAST_RECOVERY_TIME'] = time();
$user_model->setUserSession($user["USER_ID"], $user_session);
return $data;
}
}
} else {
$data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_passwords_dont_match') . "</h1>');";
}
} else {
$hash = crawlCrypt($user['HASH'] . $data["time"] . $user['USER_NAME'] . AUTH_KEY, $data['hash']);
if ($hash != $data['hash']) {
$visitor_model->updateVisitor($_SERVER['REMOTE_ADDR'], "captcha_time_out");
$data['SCRIPT'] = $recover_fail;
return $data;
} else {
if (isset($user_session['LAST_RECOVERY_TIME']) && $user_session['LAST_RECOVERY_TIME'] > $data["time"]) {
$data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_recovered_already') . "</h1>');";
return $data;
} else {
if (time() - $data["time"] > ONE_DAY) {
$data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_recovery_expired') . "</h1>');";
return $data;
}
}
}
}
if (!isset($user_session['RECOVERY']) || !isset($user_session['RECOVERY_ANSWERS'])) {
$data['SCRIPT'] = $recover_fail;
return $data;
}
$data['PASSWORD'] = "";
$data['REPASSWORD'] = "";
for ($i = 0; $i < self::NUM_RECOVERY_QUESTIONS; $i++) {
$data["question_{$i}"] = "";
}
$data["RECOVERY"] = $user_session['RECOVERY'];
$data["REFRESH"] = "recover";
$data["RECOVER_COMPLETE"] = true;
$data['finish_hash'] = urlencode(crawlCrypt($user['HASH'] . $data["time"] . $user['CREATION_TIME'] . AUTH_KEY));
return $data;
}
/**
* Used to update the fields stored in a USERS row according to
* an array holding new values
*
* @param array $user updated values for a USERS row
*/
function updateUser($user)
{
$user_id = $user['USER_ID'];
if (isset($user['IMAGE_STRING'])) {
$folder = $this->getUserIconFolder($user_id);
$image = @imagecreatefromstring($user['IMAGE_STRING']);
$thumb_string = ImageProcessor::createThumb($image);
file_put_contents($folder . "/user_icon.jpg", $thumb_string);
clearstatcache($folder . "/user_icon.jpg");
}
unset($user['USER_ID']);
unset($user['USER_NAME']);
unset($user['IMAGE_STRING']);
unset($user['USER_ICON']);
$sql = "UPDATE USERS SET ";
$comma = "";
$params = array();
if ($user == array()) {
return;
}
foreach ($user as $field => $value) {
$sql .= "{$comma} {$field}=? ";
$comma = ",";
if ($field == "PASSWORD") {
$params[] = crawlCrypt($value);
} else {
$params[] = $value;
}
}
$sql .= " WHERE USER_ID=?";
$params[] = $user_id;
$this->db->execute($sql, $params);
}
/**
* Changes the password of a given user
*
* @param string $username username of user to change password of
* @param string $password new password for user
* @return bool update successful or not.
*/
function changePassword($username, $password)
{
$sql = "UPDATE USERS SET PASSWORD=? WHERE USER_NAME = ? ";
$result = $this->db->execute($sql, array(crawlCrypt($password), $username));
return $result != false;
}
