function perform() { // fetch the data $this->_userName = $this->_request->getValue("userName"); $this->_userEmail = $this->_request->getValue("userEmail"); // try to see if there is a user who has this username and uses the // given mailbox as the email address $users = new Users(); $userInfo = $users->getUserInfoFromUsername($this->_userName); // if the user doesn't exist, quit if (!$userInfo) { $this->_view = new SummaryView("resetpassword"); $this->_form->setFieldValidationStatus("userName", false); $this->setCommonData(true); return false; } // if the user exists but this is not his/her mailbox, then quit too if ($userInfo->getEmail() != $this->_userEmail) { $this->_view = new SummaryView("resetpassword"); $this->_form->setFieldValidationStatus("userEmail", false); $this->setCommonData(true); return false; } // if everything's fine, then send out the email message with a request to // reset the password $requestHash = SummaryTools::calculatePasswordResetHash($userInfo); $config =& Config::getConfig(); $baseUrl = $config->getValue("base_url"); $resetUrl = $baseUrl . "/summary.php?op=setNewPassword&a={$requestHash}&b=" . md5($userInfo->getUsername()); SummaryTools::sendResetEmail($userInfo, $resetUrl); $this->_view = new SummaryMessageView($this->_locale->tr("password_reset_message_sent_ok")); $this->setCommonData(); return true; }
function perform() { $this->_userNameHash = $this->_request->getValue("b"); $this->_requestHash = $this->_request->getValue("a"); $this->_newPassword = $this->_request->getValue("newPassword"); $this->_retypeNewPassword = $this->_request->getValue("retypePassword"); $this->_userId = $this->_request->getValue("userId"); // check if the passwords are correct and are the same if ($this->_newPassword != $this->_retypeNewPassword) { $this->_view = new SummaryView("changepassword"); $this->_view->setErrorMessage($this->_locale->tr("error_passwords_do_not_match")); $this->setCommonData(true); return false; } $userInfo = SummaryTools::verifyRequest($this->_userNameHash, $this->_requestHash); if (!$userInfo) { $this->_view = new SummaryView("summaryerror"); $this->_view->setErrorMessage($this->_locale->tr("error_incorrect_request")); $this->setCommonData(true); return false; } // so if everything went fine, we can *FINALLY* change the password! $users = new Users(); $userInfo->setPassword($this->_newPassword); $users->updateUser($userInfo); $this->_view = new SummaryView("message"); $this->_view->setSuccessMessage($this->_locale->tr("password_updated_ok")); return true; }
function perform() { // make sure that the request is correct $userInfo = SummaryTools::verifyRequest($this->_userNameHash, $this->_requestHash); if (!$userInfo) { $this->_view = new SummaryView("summaryerror"); $this->_view->setErrorMessage($this->_locale->tr("error_incorrect_request")); return false; } // so if everything went fine, we can now show a form to allow the user to finally // set a new password... $this->_view = new SummaryView("changepassword"); $this->_view->setValue("a", $this->_requestHash); $this->_view->setValue("b", $this->_userNameHash); $this->_view->setValue("userId", $userInfo->getId()); $this->setCommonData(); return true; }
function verifyRequest($userNameHash, $requestHash) { // make sure that the request is correct $users = new Users(); // it's not a good idea to do this but it makes things a bit easier... $prefix = $users->getPrefix(); $query = "SELECT u.id AS id, u.user AS user, u.password AS password, u.email AS email, \n\t\t\t u.about AS about, u.full_name AS full_name, u.properties AS properties, \n\t\t\t\t\t IF(p.permission_id = 1, 1, 0 ) AS site_admin, u.resource_picture_id AS resource_picture_id,\n\t\t\t\t\t u.status AS status\n\t\t\t\t\t FROM {$prefix}users u LEFT JOIN {$prefix}users_permissions p ON u.id = p.user_id \n\t\t\t\t\t WHERE MD5(u.user) = '" . Db::qstr($userNameHash) . "'"; $userInfo = $users->_getUserInfoFromQuery($query); // try to see if we can load the user... if (!$userInfo) { return false; } // and if so, validate the hash $originalRequestHash = SummaryTools::calculatePasswordResetHash($userInfo); if ($requestHash != $originalRequestHash) { return false; } return $userInfo; }