/** * Process the "change password" submission. * * @param \VuFind\Db\Row\User $user Logged in user * @param \VuFind\Db\Row\UserCard $card Library card * * @return object|bool Response object if redirect is needed, false if form * needs to be redisplayed. */ protected function processPasswordChange($user, $card) { $post = $this->getRequest()->getPost(); $userFromHash = isset($post->hash) ? $this->getTable('User')->getByVerifyHash($post->hash) : false; $oldPassword = $this->params()->fromPost('oldpwd', ''); $password = $this->params()->fromPost('password', ''); $password2 = $this->params()->fromPost('password2', ''); // Validate new password try { $ilsAuth = $this->getServiceLocator()->get('VuFind\\AuthPluginManager')->get('ILS'); $ilsAuth->validatePasswordInUpdate(['password' => $password, 'password2' => $password2]); } catch (AuthException $e) { $this->flashMessenger()->addMessage($e->getMessage(), 'error'); return false; } // Missing or invalid hash if (false == $userFromHash) { $this->flashMessenger()->addMessage('recovery_user_not_found', 'error'); return false; } elseif ($userFromHash->username !== $user->username) { $this->flashMessenger()->addMessage('authentication_error_invalid', 'error'); return false; } // Connect to the ILS and check that the credentials are correct: $catalog = $this->getILS(); $patron = $catalog->patronLogin($card->cat_username, $oldPassword); if (!$patron) { $this->flashMessenger()->addMessage('authentication_error_invalid', 'error'); return false; } $result = $catalog->changePassword(['patron' => $patron, 'oldPassword' => $oldPassword, 'newPassword' => $password]); if (!$result['success'] && $result['status'] == 'authentication_error_invalid' && !empty($oldPassword)) { // Try again with empty old password just in case this was a user that // was logged in with the fallback login field $result = $catalog->changePassword(['patron' => $patron, 'oldPassword' => '', 'newPassword' => $password]); } if (!$result['success']) { $this->flashMessenger()->addMessage($result['status'], 'error'); return false; } $user->saveLibraryCard($card->id, $card->card_name, $card->cat_username, $password); if ($user->cat_username === $card->cat_username) { $user->saveCredentials($card->cat_username, $password); } $user->updateHash(); $this->flashMessenger()->addSuccessMessage('new_password_success'); return $this->redirect()->toRoute('librarycards-home'); }
/** * Helper function for recoverAction * * @param \VuFind\Db\Row\User $user User object we're recovering * @param \VuFind\Config $config Configuration object * * @return void (sends email or adds error message) */ protected function sendRecoveryEmail($user, $config) { // If we can't find a user if (null == $user) { $this->flashMessenger()->setNamespace('error')->addMessage('recovery_user_not_found'); } else { // Make sure we've waiting long enough $hashtime = $this->getHashAge($user->verify_hash); $recoveryInterval = isset($config->Authentication->recover_interval) ? $config->Authentication->recover_interval : 60; if (time() - $hashtime < $recoveryInterval) { $this->flashMessenger()->setNamespace('error')->addMessage('recovery_too_soon'); } else { // Attempt to send the email try { // Create a fresh hash $user->updateHash(); $config = $this->getConfig(); $renderer = $this->getViewRenderer(); $method = $this->getAuthManager()->getAuthMethod(); // Custom template for emails (text-only) $message = $renderer->render('Email/recover-password.phtml', ['library' => $config->Site->title, 'url' => $this->getServerUrl('myresearch-verify') . '?hash=' . $user->verify_hash . '&auth_method=' . $method]); $this->getServiceLocator()->get('VuFind\\Mailer')->send($user->email, $config->Site->email, $this->translate('recovery_email_subject'), $message); $this->flashMessenger()->setNamespace('info')->addMessage('recovery_email_sent'); } catch (MailException $e) { $this->flashMessenger()->setNamespace('error')->addMessage($e->getMessage()); } } } }
/** * Process the "change password" submission. * * @param \VuFind\Db\Row\User $user Logged in user * @param \VuFind\Db\Row\UserCard $card Library card * * @return object|bool Response object if redirect is needed, false if form * needs to be redisplayed. */ protected function processPasswordChange($user, $card) { $post = $this->getRequest()->getPost(); $userFromHash = isset($post->hash) ? $this->getTable('User')->getByVerifyHash($post->hash) : false; $oldPassword = $this->params()->fromPost('oldpwd', ''); $password = $this->params()->fromPost('password', ''); $password2 = $this->params()->fromPost('password2', ''); if ($oldPassword === '' || $password === '' || $password2 === '') { $this->flashMessenger()->addMessage('authentication_error_blank', 'error'); return false; } // Missing or invalid hash if (false == $userFromHash) { $this->flashMessenger()->addMessage('recovery_user_not_found', 'error'); return false; } elseif ($userFromHash->username !== $user->username) { $this->flashMessenger()->addMessage('authentication_error_invalid', 'error'); return false; } // Connect to the ILS and check that the credentials are correct: $catalog = $this->getILS(); $patron = $catalog->patronLogin($card->cat_username, $oldPassword); if (!$patron) { $this->flashMessenger()->addMessage('authentication_error_invalid', 'error'); return false; } if ($password !== $password2) { $this->flashMessenger()->addMessage('Passwords do not match', 'error'); return false; } $result = $catalog->changePassword(['patron' => $patron, 'oldPassword' => $oldPassword, 'newPassword' => $password]); if (!$result['success']) { $this->flashMessenger()->addMessage($result['status'], 'error'); return false; } $user->saveLibraryCard($card->id, $card->card_name, $card->cat_username, $password); if ($user->cat_username === $card->cat_username) { $user->saveCredentials($card->cat_username, $password); } $user->updateHash(); $this->flashMessenger()->addMessage('new_password_success', 'info'); return $this->redirect()->toRoute('librarycards-home'); }