public static function handleRecoverPasswordRequest()
{
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$userClass = User::getStaticDefaultClass();
if (empty($_REQUEST['username'])) {
$error = 'Please provide either your username or email address to reset your password.';
} elseif (!($User = $userClass::getByUsername($_REQUEST['username'])) && !($User = $userClass::getByEmail($_REQUEST['username']))) {
$error = 'No account is currently registered for that username or email address.';
} elseif (!$User->Email) {
$error = 'Unforunately, there is no email address on file for this account. Please contact an administrator.';
} else {
$Token = PasswordToken::create(array('CreatorID' => $User->ID), true);
$Token->sendEmail($User->Email);
return static::respond('recoverPasswordComplete', array('success' => true));
}
}
return static::respond('recoverPassword', array('success' => empty($error), 'error' => isset($error) ? $error : false));
}
public static function handleShareRequest(Key $Key)
{
$GLOBALS['Session']->requireAuthentication();
if (!$GLOBALS['Session']->hasAccountLevel('Staff') && !KeyUser::getByWhere(['PersonID' => $GLOBALS['Session']->PersonID, 'KeyID' => $Key->ID, 'Role' => 'owner'])) {
return static::throwUnauthorizedError('Only staff or the key owner may share this key');
}
$responseData = ['data' => $Key];
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (empty($_POST['Email'])) {
$responseData['success'] = false;
$responseData['message'] = 'Email address for registered user required';
} elseif (!($User = User::getByUsername($_POST['Email']))) {
$responseData['success'] = false;
$responseData['message'] = 'No registered user found for provided email address';
} else {
try {
KeyUser::create(['Key' => $Key, 'Person' => $User], true);
return static::respond('shared', ['success' => true, 'data' => $Key]);
} catch (\DuplicateKeyException $e) {
$responseData['success'] = false;
$responseData['message'] = 'Requested user already has access to this key';
}
}
}
return static::respond('share', $responseData);
}
public static function handleChangeMaintainerRequest(Project $Project)
{
$GLOBALS['Session']->requireAuthentication();
if (empty($_REQUEST['username'])) {
return static::throwError('Parameter "username" required');
}
if (!($Project->Maintainer = User::getByUsername($_REQUEST['username']))) {
return static::throwError('User not found');
}
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
return static::respond('confirm', ['question' => sprintf(_('Are you sure you want to make %s the maintainer of %s?'), htmlspecialchars($Project->Maintainer->FullName), htmlspecialchars($Project->Title))]);
}
$Project->save();
return static::respond('maintainerChanged', ['data' => $Project]);
}