public function lostPassAction()
{
if (BTAuth::logged_in()) {
header('location: /overview');
BTApp::end();
}
if (isset($_POST['cancel']) && $_POST['cancel']) {
header("Location: /login");
BTApp::end();
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$mysql['user_name'] = $_POST['user_name'];
$mysql['email'] = $_POST['email'];
$user_row = UserModel::model()->getRow(array('conditions' => array('email' => $_POST['email'])));
if ($user_row && $user_row->get('user_name') != $_POST['user_name']) {
$user_row = null;
}
if (!$user_row) {
$error['user'] = '******';
}
//i there isn't any error, give this user, a new password, and email it to them!
if (!$error) {
$mysql['user_id'] = $user_row->id();
//generate random key
$pass_key = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$pass_key = substr(str_shuffle($pass_key), 0, 40) . time();
$mysql['pass_key'] = $pass_key;
//set the user pass time
$mysql['pass_time'] = time();
//insert this verification key into the database, and the timestamp of inserting it
$user_row->pass_key = $mysql['pass_key'];
$user_row->pass_time = $mysql['pass_time'];
$user_row->save();
//now email the user the script to reset their email
$to = $_POST['email'];
$subject = "Ballistic Tracking Password Reset";
$message = "\n\t\t<p>Someone has asked to reset the password for the following username.</p>\n\t\t\t\t\n\t\t<p>Username: "******"</p>\n\t\t\n\t\t<p>To reset your password visit the following address, otherwise just ignore this email and nothing will happen.</p>\n\t\t\n\t\t<p><a href=\"" . getBTUrl() . "/login/passReset?key={$pass_key}\">" . getBTUrl() . "/login/passReset?key={$pass_key}</a></p>";
$from = "ballistictracking@" . $_SERVER['SERVER_NAME'];
$header = "From: Ballistic Tracking<" . $from . "> \r\n";
$header .= "Reply-To: " . $from . " \r\n";
$header .= "To: " . $to . " \r\n";
$header .= "Content-Type: text/html; charset=\"iso-8859-1\" \r\n";
$header .= "Content-Transfer-Encoding: 8bit \r\n";
$header .= "MIME-Version: 1.0 \r\n";
mail($to, $subject, $message, $header);
$success = true;
}
$html['user_name'] = BTHtml::encode($_POST['user_name']);
$html['email'] = BTHtml::encode($_POST['email']);
}
$this->setVar("title", "Reset Your Password");
$this->loadTemplate("public_header");
$this->setVar("success", $success);
$this->setVar("html", $html);
$this->setVar("error", $error);
$this->loadView("login/lostpass");
$this->loadTemplate("public_footer");
}
public static function require_user()
{
if (BTAuth::logged_in() == false) {
if (IS_AJAX) {
//is datatables request
if (isset($_GET['sEcho'])) {
$sEcho = $_GET['sEcho'];
$cols = $_GET['iColumns'];
$data = array('sEcho' => (int) $sEcho, 'iTotalRecords' => 1, 'iTotalDisplayRecords' => 1, 'aaData' => array());
$arr = array('Your session has timed out. Please log back in.');
for ($i = 1; $i < $cols; $i++) {
//ensures we return correct # of cols. No super important since datatables is forgiving in this respect.
$arr[] = '';
}
$data['aaData'][] = $arr;
echo json_encode($data);
BTApp::end();
} else {
echo "Your session has timed out. Please log back in.";
BTApp::end();
}
return false;
} else {
header("Location: /logout");
BTApp::end();
}
}
if (!self::$user) {
$user = UserModel::model()->getRowFromPk(self::$_authUserId, true);
if (!$user) {
header("Location: /");
BTApp::end();
//what else are we gonna do? Call the ghostbusters?
}
//this is always the authed user
self::$_authUser = $user;
if ($user->isAdmin()) {
if (isset($_COOKIE['user_inject'])) {
$id = $_COOKIE['user_inject'];
$tmpuser = UserModel::model()->getRowFromPk($id, true);
if ($user->isAdmin()) {
//always allow admin
self::$user = $tmpuser;
}
}
}
if (!self::$user) {
//this is the auth user or a subuser (if authed user is admin)
self::$user = $user;
}
}
date_default_timezone_set(self::$user->get('timezone'));
return true;
}
