function Handle($Request)
{
try {
$userSession = new phpsec\Session();
$sessionID = $userSession->existingSession();
if ($sessionID != FALSE) {
if (isset($_POST['submit'])) {
$userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
if (isset($_POST['_x_oldpass']) && $_POST['_x_oldpass'] != "" && isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['repass']) && $_POST['repass'] != "") {
$config = (require_once __DIR__ . "/../../config/config.php");
if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
$this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
if ($config['PASSWORD_SUGGESTION'] === "ON") {
$this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
}
if ($_POST['pass'] !== $_POST['repass']) {
$this->error .= "Your Password and Re-Type Password fields do not match. Please enter the same password twice." . "<BR>";
return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
}
try {
$userObj = phpsec\UserManagement::logIn($userID, $_POST['_x_oldpass']);
$userObj->resetPassword($_POST['_x_oldpass'], $_POST['pass']);
$this->info .= "Your password have been changed successfully." . "<BR>";
} catch (phpsec\WrongPasswordException $e) {
if ($config['BRUTE_FORCE_DETECTION'] === "ON") {
try {
new phpsec\AdvancedPasswordManagement($userID, $_POST['pass'], TRUE);
} catch (phpsec\BruteForceAttackDetectedException $ex) {
\phpsec\User::lockAccount($userID);
$this->error .= "Brute Force Attack detected on this account. This account has now been locked. If its not your fault, then please contact the administrator." . "<BR>";
}
}
$this->error .= "Your old password does not seems correct. Please enter your old password for verification." . "<BR>";
}
} else {
$this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
}
}
} else {
$this->error .= "You are not logged-in. Please login to complete the operation." . "<BR>";
$newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/login";
header("Location: {$newLocation}");
}
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
}
function Handle($Request)
{
try {
$userSession = new phpsec\Session();
$sessionID = $userSession->existingSession();
if ($sessionID != FALSE) {
if (isset($_POST['submit'])) {
if (isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['repass']) && $_POST['repass'] != "") {
$config = (require_once __DIR__ . "/../../config/config.php");
if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
$this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
if ($config['PASSWORD_SUGGESTION'] === "ON") {
$this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/newpassword.php";
}
if ($_POST['pass'] !== $_POST['repass']) {
$this->error .= "Your Password and Re-Type Password fields do not match. Please enter the same password twice." . "<BR>";
return require_once __DIR__ . "/../../view/default/user/newpassword.php";
}
$userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
if ($userID !== FALSE) {
$userObj = phpsec\UserManagement::forceLogIn($userID);
if ($userObj->forceResetPassword($_POST['pass'])) {
$this->info .= "Your Password has been changed successfully." . "<BR>";
} else {
$this->error .= "We encountered an error. Please re-try later!" . "<BR>";
}
} else {
$userSession->destroySession();
$this->error .= "Your session seems to be invalid. Cannot proceed!!" . "<BR>";
}
} else {
$this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
}
}
} else {
$this->error .= "Seems you should not be accessing this page!" . "<BR>";
$newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/login";
header("Location: {$newLocation}");
}
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/newpassword.php";
}
function Handle($Request)
{
try {
if (isset($_POST['submit'])) {
if (isset($_POST['user']) && isset($_POST['email']) && isset($_POST['pass']) && isset($_POST['repass'])) {
$config = (require_once __DIR__ . "/../../config/config.php");
if (phpsec\UserManagement::userExists($_POST['user'])) {
$this->error .= "ERROR: This username is not available. Please select a different one." . "<BR>";
if ($config['USERNAME_SUGGESTION'] === "ON") {
do {
$suggestedUsername = \phpsec\BasicPasswordManagement::generate(0.1);
} while (phpsec\UserManagement::userExists($suggestedUsername));
$this->info .= "This username is available: " . $suggestedUsername . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/signup.php";
}
if (!preg_match('/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,63})$/', $_POST['email'])) {
$this->error .= "Invalid email address." . "<BR>";
return require_once __DIR__ . "/../../view/default/user/signup.php";
}
if ($_POST['pass'] !== $_POST['repass']) {
$this->error .= "ERROR: Password fields do not match!" . "<BR>";
return require_once __DIR__ . "/../../view/default/user/signup.php";
}
if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
$this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
if ($config['PASSWORD_SUGGESTION'] === "ON") {
$this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/signup.php";
}
phpsec\UserManagement::createUser($_POST['user'], $_POST['pass'], $_POST['email']);
$nextLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=activation" . "&email=" . $_POST['email'];
header("Location: {$nextLocation}");
} else {
$this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
return require_once __DIR__ . "/../../view/default/user/signup.php";
}
}
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
return require_once __DIR__ . "/../../view/default/user/signup.php";
}
return require_once __DIR__ . "/../../view/default/user/signup.php";
}
