Handles all the stuff that is related to the password-reset process
PasswordResetModel Class Documentation
Ejemplo n.º 1
0
 /**
  * Set the new password
  * Please note that this happens while the user is not logged in. The user identifies via the data provided by the
  * password reset link from the email, automatically filled into the <form> fields. See verifyPasswordReset()
  * for more. Then (regardless of result) route user to index page (user will get success/error via feedback message)
  * POST request !
  * TODO this is an _action
  */
 public function setNewPassword()
 {
     PasswordResetModel::setNewPassword(Request::post('user_name'), Request::post('user_password_reset_hash'), Request::post('user_password_new'), Request::post('user_password_repeat'));
     Redirect::to('login/index');
 }
Ejemplo n.º 2
0
 /**
  * Writes the new password to the database
  *
  * @param string $user_name username
  * @param string $user_password_hash
  * @param string $user_password_reset_hash
  *
  * @return bool
  */
 public static function saveNewUserPassword($user_name, $user_password_hash, $user_password_reset_hash)
 {
     if (self::$saveNewPasswordQuery === null) {
         self::$saveNewPasswordQuery = DatabaseFactory::getFactory()->getConnection()->prepare("UPDATE users SET user_password_hash = :user_password_hash, user_password_reset_hash = NULL,\n                       user_password_reset_timestamp = NULL\n                 WHERE user_name = :user_name AND user_password_reset_hash = :user_password_reset_hash\n                       AND user_provider_type = :user_provider_type LIMIT 1");
     }
     self::$saveNewPasswordQuery->execute(array(':user_password_hash' => $user_password_hash, ':user_name' => $user_name, ':user_password_reset_hash' => $user_password_reset_hash, ':user_provider_type' => 'DEFAULT'));
     // if one result exists, return true, else false. Could be written even shorter btw.
     return self::$saveNewPasswordQuery->rowCount() == 1 ? true : false;
 }
Ejemplo n.º 3
0
 /**
  * Set the new password (for DEFAULT user, FACEBOOK-users don't have a password)
  * Please note: At this point the user has already pre-verified via verifyPasswordReset() (within one hour),
  * so we don't need to check again for the 60min-limit here. In this method we authenticate
  * via username & password-reset-hash from (hidden) form fields.
  *
  * @param string $user_name
  * @param string $user_password_reset_hash
  * @param string $user_password_new
  * @param string $user_password_repeat
  *
  * @return bool success state of the password reset
  */
 public static function setNewPassword($user_name, $user_password_reset_hash, $user_password_new, $user_password_repeat)
 {
     // validate the password
     if (!self::validateNewPassword($user_name, $user_password_reset_hash, $user_password_new, $user_password_repeat)) {
         return false;
     }
     // crypt the password (with the PHP 5.5+'s password_hash() function, result is a 60 character hash string)
     $user_password_hash = password_hash($user_password_new, PASSWORD_DEFAULT);
     // write the password to database (as hashed and salted string), reset user_password_reset_hash
     if (PasswordResetModel::saveNewUserPassword($user_name, $user_password_hash, $user_password_reset_hash)) {
         Session::add('feedback_positive', Text::get('FEEDBACK_PASSWORD_CHANGE_SUCCESSFUL'));
         return true;
     } else {
         Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_CHANGE_FAILED'));
         return false;
     }
 }
Ejemplo n.º 4
0
 /**
  * Password Change Action
  * Submit form, if retured positive redirect to index, otherwise show the changePassword page again
  */
 public function changePassword_action()
 {
     $result = PasswordResetModel::changePassword(Session::get('user_name'), Request::post('user_password_current'), Request::post('user_password_new'), Request::post('user_password_repeat'));
     if ($result) {
         Redirect::to('login/index');
     } else {
         Redirect::to('login/changePassword');
     }
 }
Ejemplo n.º 5
0
require_once __DIR__ . '/../classes/SessionWrapper.php';
Tools::startSession();
$email1 = Request::get('email');
$code1 = Request::get('code');
if (empty($email1) || empty($code1)) {
    // redirect to the home page
    header("HTTP/1.0 301 Moved Permanently");
    header("Location: " . Tools::getBaseUrl());
    exit;
}
SessionWrapper::clearFeedback();
$verified = PasswordResetModel::verifyPasswordReset($email1, $code1);
if ($verified) {
    SessionWrapper::clearFeedback();
    if (!empty($_POST)) {
        $reset = PasswordResetModel::setNewPassword($email1, $code1, $_POST['user_password_new'], $_POST['user_password_repeat']);
    }
}
$headerMeta = array('es' => array('title' => 'Reestablecer contraseña'), 'en' => array('title' => 'Reset password'));
$headerResources = '
  <link href="' . Tools::getBaseUrl() . '/css/style-registro.css" rel="stylesheet" />';
require_once '../header.php';
?>

      <main class="text-center">
        <?php 
if ($verified) {
    if (!$reset) {
        ?>
            <form id="register_form" method="post">
              <h1><?php