public function actionSetDefaultPass() { if (isset($_GET['user_ids'])) { $user_ids = explode(",", $_GET['user_ids']); foreach ($user_ids as $user_id) { $userPasswordModel = new UserPassword(); $userPasswordModel->user_id = 1; $userPasswordModel->setPassword("password"); if ($userPasswordModel->save()) { echo "Saved... <br />"; } } } else { echo "<p>?user_ids=user_id,user_id to reset the password of users to 'password'</p>"; } }
/** * Sends this user a new password by E-Mail * */ public function recoverPassword() { $user = User::model()->findByAttributes(array('email' => $this->email)); // Switch to users language Yii::app()->language = Yii::app()->user->language; // Set New Password $userPassword = new UserPassword(); $userPassword->user_id = $user->id; $newPassword = $userPassword->setRandomPassword(); $userPassword->save(); $message = new HMailMessage(); $message->view = "application.modules_core.user.views.mails.RecoverPassword"; $message->addFrom(HSetting::Get('systemEmailAddress', 'mailing'), HSetting::Get('systemEmailName', 'mailing')); $message->addTo($this->email); $message->subject = Yii::t('UserModule.forms_AccountRecoverPasswordForm', 'Password Recovery'); $message->setBody(array('user' => $user, 'newPassword' => $newPassword), 'text/html'); Yii::app()->mail->send($message); }
/** * Before Delete of a User * */ public function beforeDelete() { // We don't allow deletion of users who owns a space - validate that foreach (SpaceMembership::GetUserSpaces($this->id) as $workspace) { if ($workspace->isSpaceOwner($this->id)) { throw new Exception("Tried to delete a user which is owner of a space!"); } } UserSetting::model()->deleteAllByAttributes(array('user_id' => $this->id)); // Disable all enabled modules foreach ($this->getAvailableModules() as $moduleId => $module) { if ($this->isModuleEnabled($moduleId)) { $this->disableModule($moduleId); } } HSearch::getInstance()->deleteModel($this); // Delete Profile Image $this->getProfileImage()->delete(); // Delete all pending invites UserInvite::model()->deleteAllByAttributes(array('user_originator_id' => $this->id)); Follow::model()->deleteAllByAttributes(array('user_id' => $this->id)); Follow::model()->deleteAllByAttributes(array('object_model' => 'User', 'object_id' => $this->id)); // Delete all group admin assignments GroupAdmin::model()->deleteAllByAttributes(array('user_id' => $this->id)); // Delete wall entries WallEntry::model()->deleteAllByAttributes(array('wall_id' => $this->wall_id)); // Deletes all content created by this user foreach (Content::model()->findAllByAttributes(array('user_id' => $this->id)) as $content) { $content->delete(); } foreach (Content::model()->findAllByAttributes(array('created_by' => $this->id)) as $content) { $content->delete(); } // Delete all passwords foreach (UserPassword::model()->findAllByAttributes(array('user_id' => $this->id)) as $password) { $password->delete(); } return parent::beforeDelete(); }
/** * Change users current password */ public function actionChangePassword() { if (Yii::app()->user->authMode != User::AUTH_MODE_LOCAL) { throw new CHttpException(500, Yii::t('UserModule.controllers_AccountController', 'You cannot change your password here.')); } $userPassword = new UserPassword('changePassword'); if (isset($_POST['UserPassword'])) { $userPassword->attributes = $_POST['UserPassword']; if ($userPassword->validate()) { $userPassword->user_id = Yii::app()->user->id; $userPassword->setPassword($userPassword->newPassword); $userPassword->save(); return $this->render('changePassword_success'); } } $this->render('changePassword', array('model' => $userPassword)); }
/** * Before saving an new record, cleanup all old user passwords */ public function afterSave() { UserPassword::model()->deleteAllByAttributes(array('user_id' => $this->user_id), 'id != :id ', array(':id' => $this->id)); return parent::afterSave(); }
/** * Metoda zwraca ostanie n haseł dla użytkownika * @param type $changeOffset - ilość haseł (domyślnie 10). * W przypadku braku haseł dla użytkownika zwracane jest FALSE * @return boolean * @throws Exception */ public function getOldPasswords($changeOffset = 10) { $userPassword = new UserPassword(); $id = Zend_Auth::getInstance()->getIdentity()->id; if (is_null($id)) { throw new Exception('Pole id jest puste'); } $select = $userPassword->select()->from($userPassword->getName(), array('password'))->where('id_user = ?', $id)->order('id DESC')->limit(intval($changeOffset))->setIntegrityCheck(false); $passArray = $userPassword->getAdapter()->fetchCol($select); if ($passArray && count($passArray) > 0) { return $passArray; } return FALSE; }
/** * Resets users password based on given token */ public function actionResetPassword() { $user = User::model()->findByAttributes(array('guid' => Yii::app()->request->getQuery('guid'))); if ($user === null || !$this->checkPasswordResetToken($user, Yii::app()->request->getQuery('token'))) { throw new CHttpException('500', 'It looks like you clicked on an invalid password reset link. Please try again.'); } $model = new UserPassword('newPassword'); if (isset($_POST['UserPassword'])) { $model->attributes = $_POST['UserPassword']; if ($model->validate()) { // Clear password reset token $user->setSetting('passwordRecoveryToken', '', 'user'); $model->user_id = $user->id; $model->setPassword($model->newPassword); $model->save(); return $this->render('resetPassword_success'); } } $this->render('resetPassword', array('model' => $model)); }
/** * Return number of days of current user password * * @access public * @param UserPassword $user_password * @return integer */ static function getUserPasswordDays($user_password) { $uts['now'] = strtotime(DateTimeValueLib::now()->toMySQL()); $uts['passDate'] = strtotime($user_password->getPasswordDate()->toMySQL()); if ($uts['now'] !== -1 && $uts['passDate'] !== -1) { if ($uts['now'] >= $uts['passDate']) { $diff = $uts['now'] - $uts['passDate']; if ($days = intval(floor($diff / 86400))) { return $days; } } } return 0; }
public function action_update($inputData) { $hidden_user_id = $inputData['textHiddenID']; $hidden_permission_id = $inputData['textHiddenPermissionID']; $hidden_password = $inputData['textHiddenPassword']; $id = $inputData['textID']; $group_id = intval($inputData['radioGroup']); $position_id = intval($inputData['optPosition']); $password = $inputData['textPassword']; $name = $inputData['textName']; $telphone = $inputData['textTelphone']; $mobile = $inputData['textMobile']; $email = $inputData['textEmail']; $location = $inputData['textLocation']; $portArray = $inputData['multiOptPort']; $onboard_date = $inputData['textOnboardDate']; $onboard = intval($inputData['optOnboard']); $data_enable = $inputData['cboxPermissionData'] == "on" ? 1 : 0; $verify_enable = $inputData['cboxPermissionVerify'] == "on" ? 1 : 0; $sys_enable = $inputData['cboxPermissionSys'] == "on" ? 1 : 0; $statistic_enable = $inputData['cboxPermissionStatistics'] == "on" ? 1 : 0; $compare_enable = $inputData['cboxPermissionCompare'] == "on" ? 1 : 0; $verify_level = intval($inputData['radioPermissionVerify']); // 1, 2, 3 $activate = intval($inputData['radioActivate']); $comment = $inputData['textComment']; $passwdObj = new UserPassword(); if ($password) { $encrypt_passowrd = $passwdObj->encrypt_password($password); } else { if ($hidden_password) { $encrypt_passowrd = $hidden_password; } else { $encrypt_passowrd = $passwdObj->get_encrypt_default_password(); } } /* start database transaction */ $this->m_dbObj->BeginTransaction(); if ($hidden_user_id == $id) { // update data here $sqlUpdateUserCmd = "UPDATE user_mgt_table SET name='{$name}', password='******', telphone='{$telphone}', mobile='{$mobile}', email='{$email}', location='{$location}', group_id='{$group_id}', position_id='{$position_id}', onboard_date='{$onboard_date}', onboard='{$onboard}', activate='{$activate}', comment='{$comment}' WHERE id='{$id}'"; if (!$this->m_dbObj->Execute($sqlUpdateUserCmd)) { $errorMsg = "編輯失敗\n" . $this->m_dbObj->GetLastError(); $this->m_dbObj->Rollback(); $this->m_utilsObj->m_jsObj->popup_alert_message_and_redirect($errorMsg, 'sys_user.php'); return; } $sqlUpdatePermissionCmd = "UPDATE user_permission_table SET data='{$data_enable}', verify='{$verify_enable}', verify_level='{$verify_level}', sys='{$sys_enable}', statistic='{$statistic_enable}', compare='{$compare_enable}' WHERE id='{$id}'"; if (!$this->m_dbObj->Execute($sqlUpdatePermissionCmd)) { $errorMsg = "編輯失敗\n" . $this->m_dbObj->GetLastError(); $this->m_dbObj->Rollback(); $this->m_utilsObj->m_jsObj->popup_alert_message_and_redirect($errorMsg, 'sys_user.php'); return; } $sqlDeleteUserPorts = "DELETE FROM user_port_mapping_table WHERE user_id='{$id}'"; if (!$this->m_dbObj->Execute($sqlDeleteUserPorts)) { $errorMsg = "編輯失敗\n" . $this->m_dbObj->GetLastError(); $this->m_dbObj->Rollback(); $this->m_utilsObj->m_jsObj->popup_alert_message_and_redirect($errorMsg, 'sys_user.php'); return; } foreach ($portArray as $value) { $sqlAddPortCmd = "INSERT INTo user_port_mapping_table VALUES('{$id}', '{$value}')"; if (!$this->m_dbObj->Execute($sqlAddPortCmd)) { $errorMsg = "編輯失敗\n" . $this->m_dbObj->GetLastError(); $this->m_dbObj->Rollback(); $this->m_utilsObj->m_jsObj->popup_alert_message_and_redirect($errorMsg, 'sys_user.php'); return; } } } else { // user id is updated, we need to insert new data and remove old one $sqlAddUserCmd = "INSERT INTO user_mgt_table VALUES('{$id}', '{$name}', '{$encrypt_passowrd}', '{$telphone}', '{$mobile}', '{$email}', '{$location}', '{$group_id}', '{$position_id}', '{$onboard_date}', '{$onboard}', '{$activate}', '{$comment}')"; if (!$this->m_dbObj->Execute($sqlAddUserCmd)) { $errorMsg = "編輯失敗\n" . $this->m_dbObj->GetLastError(); $this->m_dbObj->Rollback(); $this->m_utilsObj->m_jsObj->popup_alert_message_and_redirect($errorMsg, 'sys_user.php'); return; } /* permission */ $sqlAddPermissionCmd = "INSERT INTO user_permission_table VALUES ('{$id}', '{$data_enable}', '{$verify_enable}', '{$verify_level}', '{$sys_enable}', '{$statistic_enable}', '{$compare_enable}');"; if (!$this->m_dbObj->Execute($sqlAddPermissionCmd)) { $errorMsg = "編輯失敗\n" . $this->m_dbObj->GetLastError(); $this->m_dbObj->Rollback(); $this->m_utilsObj->m_jsObj->popup_alert_message_and_redirect($errorMsg, 'sys_user.php'); return; } /* port mapping */ foreach ($portArray as $value) { if ($value != "請選擇") { $sqlAddPortCmd = "INSERT INTo user_port_mapping_table VALUES('{$id}', '{$value}')"; if (!$this->m_dbObj->Execute($sqlAddPortCmd)) { $errorMsg = "編輯失敗\n" . $this->m_dbObj->GetLastError(); $this->m_dbObj->Rollback(); $this->m_utilsObj->m_jsObj->popup_alert_message_and_redirect($errorMsg, 'sys_user.php'); return; } } } /* delete old user data */ $sqlDeleteUserCmd = "DELETE FROM user_mgt_table WHERE id='{$hidden_user_id}'"; $sqlDeletePermissionCmd = "DELETE FROM user_permission_table WHERE id='{$hidden_user_id}'"; $sqlDeletePortCmd = "DELETE FROM user_port_mapping_table WHERE user_id='{$hidden_user_id}'"; if (!$this->m_dbObj->Execute($sqlDeleteUserCmd)) { $errorMsg = "編輯失敗\n" . $this->m_dbObj->GetLastError(); $this->m_dbObj->Rollback(); $this->m_utilsObj->m_jsObj->popup_alert_message_and_redirect($errorMsg, 'sys_user.php'); return; } if (!$this->m_dbObj->Execute($sqlDeletePermissionCmd)) { $errorMsg = "編輯失敗\n" . $this->m_dbObj->GetLastError(); $this->m_dbObj->Rollback(); $this->m_utilsObj->m_jsObj->popup_alert_message_and_redirect($errorMsg, 'sys_user.php'); return; } if (!$this->m_dbObj->Execute($sqlDeletePortCmd)) { $errorMsg = "編輯失敗\n" . $this->m_dbObj->GetLastError(); $this->m_dbObj->Rollback(); $this->m_utilsObj->m_jsObj->popup_alert_message_and_redirect($errorMsg, 'sys_user.php'); return; } } $this->m_dbObj->Commit(); $this->m_utilsObj->m_jsObj->popup_alert_message_and_redirect("編輯成功", "sys_user.php"); }
function create_user($user_data, $permissionsString) { $user = new User(); $user->setUsername(array_var($user_data, 'username')); $user->setDisplayName(array_var($user_data, 'display_name')); $user->setEmail(array_var($user_data, 'email')); $user->setCompanyId(array_var($user_data, 'company_id')); $user->setType(array_var($user_data, 'type')); $user->setTimezone(array_var($user_data, 'timezone')); if (!logged_user() instanceof User || can_manage_security(logged_user())) { $user->setCanEditCompanyData(array_var($user_data, 'can_edit_company_data')); $user->setCanManageSecurity(array_var($user_data, 'can_manage_security')); $user->setCanManageWorkspaces(array_var($user_data, 'can_manage_workspaces')); $user->setCanManageConfiguration(array_var($user_data, 'can_manage_configuration')); $user->setCanManageContacts(array_var($user_data, 'can_manage_contacts')); $user->setCanManageTemplates(array_var($user_data, 'can_manage_templates')); $user->setCanManageReports(array_var($user_data, 'can_manage_reports')); $user->setCanManageTime(array_var($user_data, 'can_manage_time')); $user->setCanAddMailAccounts(array_var($user_data, 'can_add_mail_accounts')); $other_permissions = array(); Hook::fire('add_user_permissions', $user, $other_permissions); foreach ($other_permissions as $k => $v) { $user->setColumnValue($k, array_var($user_data, $k)); } } if (array_var($user_data, 'password_generator', 'random') == 'random') { // Generate random password $password = UserPasswords::generateRandomPassword(); } else { // Validate input $password = array_var($user_data, 'password'); if (trim($password) == '') { throw new Error(lang('password value required')); } // if if ($password != array_var($user_data, 'password_a')) { throw new Error(lang('passwords dont match')); } // if } // if $user->setPassword($password); $user->save(); $user_password = new UserPassword(); $user_password->setUserId($user->getId()); $user_password->setPasswordDate(DateTimeValueLib::now()); $user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp())); $user_password->password_temp = $password; $user_password->save(); if (array_var($user_data, 'autodetect_time_zone', 1) == 1) { set_user_config_option('autodetect_time_zone', 1, $user->getId()); } if ($user->getType() == 'admin') { if ($user->getCompanyId() != owner_company()->getId() || logged_user() instanceof User && !can_manage_security(logged_user())) { // external users can't be admins or logged user has no rights to create admins => set as Normal $user->setType('normal'); } else { $user->setAsAdministrator(true); } } /* create contact for this user*/ if (array_var($user_data, 'create_contact', 1)) { // if contact with same email exists take it, else create new $contact = Contacts::getByEmail($user->getEmail(), true); if (!$contact instanceof Contact) { $contact = new Contact(); $contact->setEmail($user->getEmail()); } else { if ($contact->isTrashed()) { $contact->untrash(); } } $contact->setFirstname($user->getDisplayName()); $contact->setUserId($user->getId()); $contact->setTimezone($user->getTimezone()); $contact->setCompanyId($user->getCompanyId()); $contact->save(); } else { $contact_id = array_var($user_data, 'contact_id'); $contact = Contacts::findById($contact_id); if ($contact instanceof Contact) { // user created from a contact $contact->setUserId($user->getId()); $contact->save(); } else { // if contact with same email exists use it as user's contact, without changing it $contact = Contacts::getByEmail($user->getEmail(), true); if ($contact instanceof Contact) { $contact->setUserId($user->getId()); if ($contact->isTrashed()) { $contact->untrash(); } $contact->save(); } } } $contact = $user->getContact(); if ($contact instanceof Contact) { // update contact data with data entered for this user $contact->setCompanyId($user->getCompanyId()); if ($contact->getEmail() != $user->getEmail()) { // make user's email the contact's main email address if ($contact->getEmail2() == $user->getEmail()) { $contact->setEmail2($contact->getEmail()); } else { if ($contact->getEmail3() == $user->getEmail()) { $contact->setEmail3($contact->getEmail()); } else { if ($contact->getEmail2() == "") { $contact->setEmail2($contact->getEmail()); } else { $contact->setEmail3($contact->getEmail()); } } } } $contact->setEmail($user->getEmail()); $contact->save(); } if (!$user->isGuest()) { /* create personal project or assing the selected*/ //if recived a personal project assing this //project as personal project for this user $new_project = null; $personalProjectId = array_var($user_data, 'personal_project', 0); $project = Projects::findById($personalProjectId); if (!$project instanceof Project) { $project = new Project(); $wname = new_personal_project_name($user->getUsername()); $project->setName($wname); $wdesc = Localization::instance()->lang(lang('personal workspace description')); if (!is_null($wdesc)) { $project->setDescription($wdesc); } $project->setCreatedById($user->getId()); $project->save(); //Save to set an ID number $project->setP1($project->getId()); //Set ID number to the first project $project->save(); $new_project = $project; } $user->setPersonalProjectId($project->getId()); $project_user = new ProjectUser(); $project_user->setProjectId($project->getId()); $project_user->setUserId($user->getId()); $project_user->setCreatedById($user->getId()); $project_user->setAllPermissions(true); $project_user->save(); /* end personal project */ } $user->save(); ApplicationLogs::createLog($user, null, ApplicationLogs::ACTION_ADD); //TODO - Make batch update of these permissions if ($permissionsString && $permissionsString != '') { $permissions = json_decode($permissionsString); } else { $permissions = null; } if (is_array($permissions) && (!logged_user() instanceof User || can_manage_security(logged_user()))) { foreach ($permissions as $perm) { if (ProjectUser::hasAnyPermissions($perm->pr, $perm->pc)) { if (!$personalProjectId || $personalProjectId != $perm->wsid) { $relation = new ProjectUser(); $relation->setProjectId($perm->wsid); $relation->setUserId($user->getId()); $relation->setCheckboxPermissions($perm->pc, $user->isGuest() ? false : true); $relation->setRadioPermissions($perm->pr, $user->isGuest() ? false : true); $relation->save(); } } } } // if if ($new_project instanceof Project && logged_user() instanceof User && logged_user()->isProjectUser($new_project)) { evt_add("workspace added", array("id" => $new_project->getId(), "name" => $new_project->getName(), "color" => $new_project->getColor())); } // Send notification... try { if (array_var($user_data, 'send_email_notification')) { Notifier::newUserAccount($user, $password); } // if } catch (Exception $e) { } // try return $user; }
/** * Edit logged user password * * @access public * @param void * @return null */ function edit_password() { $user = Users::findById(get_id()); if (!$user instanceof User) { flash_error(lang('user dnx')); ajx_current("empty"); return; } // if if (!$user->canUpdateProfile(logged_user())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } // if $redirect_to = array_var($_GET, 'redirect_to'); if (trim($redirect_to) == '' || !is_valid_url($redirect_to)) { $redirect_to = $user->getCardUrl(); } // if tpl_assign('redirect_to', null); $password_data = array_var($_POST, 'password'); tpl_assign('user', $user); if (is_array($password_data)) { $old_password = array_var($password_data, 'old_password'); $new_password = array_var($password_data, 'new_password'); $new_password_again = array_var($password_data, 'new_password_again'); try { if (!logged_user()->isAdministrator()) { if (trim($old_password) == '') { throw new Error(lang('old password required')); } // if if (!$user->isValidPassword($old_password)) { throw new Error(lang('invalid old password')); } // if } // if if (trim($new_password) == '') { throw new Error(lang('password value required')); } // if if ($new_password != $new_password_again) { throw new Error(lang('passwords dont match')); } // if $user_password = new UserPassword(); $user_password->setUserId(get_id()); $user_password->password_temp = $new_password; $user_password->setPasswordDate(DateTimeValueLib::now()); $user_password->setPassword(cp_encrypt($new_password, $user_password->getPasswordDate()->getTimestamp())); $user_password->save(); $user->setPassword($new_password); $user->setUpdatedOn(DateTimeValueLib::now()); $user->save(); if ($user->getId() == logged_user()->getId()) { CompanyWebsite::instance()->logUserIn($user, Cookie::getValue("remember", 0)); } ApplicationLogs::createLog($user, null, ApplicationLogs::ACTION_EDIT); flash_success(lang('success edit user', $user->getUsername())); ajx_current("back"); } catch (Exception $e) { DB::rollback(); ajx_current("empty"); flash_error($e->getMessage()); } // try } // if }
public function createUserImport($form, $sendEmail = true) { $values = $form->getValues(); $pass = Base_PasswordGenerator::generate(); $values['password'] = $pass['hashed']; if ($values['symbol'] != '') { /** * 1. odnalezenia brancha o podanym symbolu (pole "symbol") w polu profil w danych z csv. * 2. dopisanie do profile "id_branch", "id_user", "landing" zawsze na /contact * 3. dopisanie uprawnien dla usera do grupy uprawnien "logowanie" * 4. dopisanie uprawnien dla usera do konkretnej roli szukanej po nazwie podanej w danych z csv z userami w polu "rola". */ $branchModel = new Branch(); $branch = $branchModel->getBranchBySymbol($values['symbol']); if (isset($branch['id'])) { $valuesProfile['id_branch'] = $branch['id']; $valuesProfile['landing'] = '/contact'; } if ($values['rola'] != '') { $roleModel = new Role(); $rola = $roleModel->getRoleByName($values['rola']); if (isset($rola['id'])) { $valuesRole['id_role'] = $rola['id']; $valuesRole['id_profile'] = ''; // po dodaniu profilu wstawiamy jego id. } } } if (isset($values['symbol'])) { unset($values['symbol']); } if (isset($values['rola'])) { unset($values['rola']); } $user = new User(); $row = $user->createRow($values); $id_user = $row->save(); if (is_array($valuesProfile)) { $valuesProfile['id_user'] = $id_user; $profile = new Profile(); $rowProfile = $profile->createRow($valuesProfile); $id_profile = $rowProfile->save(); if (isset($id_profile) && isset($valuesRole['id_role'])) { $valuesRole['id_profile'] = $id_profile; $role = new ProfileRole(); $rowRole = $role->createRow($valuesRole); $id_role = $rowRole->save(); $valuesProfileGroup['id_profile'] = $id_profile; $valuesProfileGroup['id_group'] = 5; $profileGroup = new ProfileGroup(); $rowProfileGroup = $profileGroup->createRow($valuesProfileGroup); $id_profile_group = $rowProfileGroup->save(); } } $passwordData['id_user'] = $id_user; $passwordData['password'] = $pass['hashed']; $userPassword = new UserPassword(); $rowPassword = $userPassword->createRow($passwordData); $rowPassword->save(); /* if($sendEmail == true) { $mailer = new Logic_Mailer(Zend_Controller_Front::getInstance()->getParam('bootstrap')->getResource('view'), $translate); $user_row = $user->findOne($id_user); $mailer->userPass($pass['clean'], $user_row); } */ }
/** * Add a password to the given account. * @throws UserSignupException if the user could not be signed up, with a reason * @throws UserAlreadyExistsException if the password already exists in the database */ static function addPassword(\Db\Connection $db, User $user, $password) { if (!$user) { throw new \InvalidArgumentException("No user provided."); } // does such a password already exist? $q = $db->prepare("SELECT * FROM user_passwords WHERE user_id=? LIMIT 1"); $q->execute(array($user->getId())); if ($q->fetch()) { throw new UserAlreadyExistsException("That account already has a password."); } // does the user have an email? required $email = $user->getEmail(); if (!$email) { throw new UserSignupException("That account requires an email address to add a password."); } else { if (!is_valid_email($email)) { throw new UserSignupException("That is not a valid email."); } } // create a new password $q = $db->prepare("INSERT INTO user_passwords SET user_id=?, password_hash=?"); $q->execute(array($user->getId(), UserPassword::hash($password))); return true; }
function reset_password() { $tok = array_var($_GET, 't'); $uid = array_var($_GET, 'uid'); if (!$tok || !$uid) { flash_error(lang('invalid parameters')); $this->redirectTo('access', 'login'); } $user = Users::findById($uid); if (!$user instanceof User) { flash_error(lang('user dnx')); $this->redirectTo('access', 'login'); } $stok = user_config_option('reset_password', null, $user->getId()); if (!$stok) { flash_error(lang('reset password expired', lang('forgot password'))); $this->redirectTo('access', 'login'); } $split = explode(";", $stok); if (count($split) < 2) { flash_error(lang('reset password expired', lang('forgot password'))); $this->redirectTo('access', 'login'); } $token = $split[0]; $timestamp = $split[1]; if ($timestamp < time()) { set_user_config_option('reset_password', '', $user->getId()); flash_error(lang('reset password expired', lang('forgot password'))); $this->redirectTo('access', 'login'); } if ($token != $tok) { flash_error(lang('reset password expired', lang('forgot password'))); $this->redirectTo('access', 'login'); } tpl_assign('token', $token); tpl_assign('user', $user); $new_password = array_var($_POST, 'new_password'); if ($new_password) { $repeat_password = array_var($_POST, 'repeat_password'); if ($new_password != $repeat_password) { flash_error(lang('passwords dont match')); return; } $user_password = new UserPassword(); $user_password->setUserId($user->getId()); $user_password->password_temp = $new_password; $user_password->setPasswordDate(DateTimeValueLib::now()); $user_password->setPassword(cp_encrypt($new_password, $user_password->getPasswordDate()->getTimestamp())); $user_password->save(); $user->setPassword($new_password); $user->setUpdatedOn(DateTimeValueLib::now()); $user->save(); set_user_config_option('reset_password', '', $user->getId()); flash_success(lang('success reset password')); $this->redirectTo('access', 'login'); } }