/** * Authenticates the password. * This is the 'authenticate' validator as declared in rules(). */ public function reset() { $external = true; $user = ExternalUser::model()->findByAttributes(array('name_usr' => $this->username)); if ($user === NULL) { // check internal $user = InternalUser::model()->findByAttributes(array('email_uin' => $this->username)); if ($user === NULL) { // no user found } $external = false; } if ($external) { $user->email_code_usr = md5(date('Y-m-d H:i:s') . self::SALT); $user->save(); ExternalUserHistory::addLog('Requested password reset!', $user->id_usr); $md5 = $user->id_usr . 'e;' . $user->email_code_usr; $name = $user->name_usr; $email = $user->email_usr; } else { $md5 = $user->id_uin . 'i;' . md5($user->fname_uin . $user->password_uin); $name = $user->fname_uin; $email = $user->email_uin; } ResetpasswordForm::send_first_email($md5, $name, $email, $external); }
public function actionResetpassword($code = false) { if (!Yii::app()->user->isGuest) { if (Yii::app()->user->type == 'Internal') { $this->redirect(array('manage/index')); } else { $this->redirect(array('site/search_file')); } } $success = false; $step = 0; // ask for email if ($code) { $step = 1; } // send the new password $model = false; if ($step == 0) { $model = new ResetpasswordForm(); // if it is ajax validation request if (isset($_POST['ajax']) && $_POST['ajax'] === 'login-form') { echo CActiveForm::validate($model); Yii::app()->end(); } // collect user input data if (isset($_POST['ResetpasswordForm'])) { $model->attributes = $_POST['ResetpasswordForm']; // validate user input and redirect to the previous page if valid if ($model->validate()) { $success = true; $model->reset(); } } // display the login form } else { $c = explode(';', $code); $id = substr($c[0], 0, strlen($c[0]) - 1); $type = substr($c[0], -1); $code = $c[1]; unset($c); $success = false; if ($type == 'e') { $external = true; $user = ExternalUser::model()->findByPk($id); if ($user) { if ($code == $user->email_code_usr) { $success = true; $name = $user->name_usr; $password = substr(md5(date('Y-m-d H:i:s')), 0, 8); $user->password_usr = $user->passwordHash($password); ExternalUserHistory::addLog('Password reseted!', $user->id_usr); $user->save(); $email = $user->email_usr; } } } elseif ($type == 'i') { $external = false; $user = InternalUser::model()->findByPk($id); if ($user) { if ($code == md5($user->fname_uin . $user->password_uin)) { $success = true; $name = $user->fname_uin; $password = substr(md5(date('Y-m-d H:i:s')), 0, 8); $user->password_uin = $user->passwordHash($password); $user->save(); $email = $user->email_uin; } } } if ($success) { ResetpasswordForm::send_second_email($name, $password, $email, $external); } } $this->render('resetpassword', array('step' => $step, 'model' => $model, 'success' => $success)); }