function Handle($Request)
 {
     try {
         $userSession = new phpsec\Session();
         $sessionID = $userSession->existingSession();
         if ($sessionID != FALSE) {
             if (isset($_POST['submit'])) {
                 $userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
                 if (isset($_POST['_x_oldpass']) && $_POST['_x_oldpass'] != "" && isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['repass']) && $_POST['repass'] != "") {
                     $config = (require_once __DIR__ . "/../../config/config.php");
                     if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
                         $this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
                         if ($config['PASSWORD_SUGGESTION'] === "ON") {
                             $this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
                         }
                         return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
                     }
                     if ($_POST['pass'] !== $_POST['repass']) {
                         $this->error .= "Your Password and Re-Type Password fields do not match. Please enter the same password twice." . "<BR>";
                         return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
                     }
                     try {
                         $userObj = phpsec\UserManagement::logIn($userID, $_POST['_x_oldpass']);
                         $userObj->resetPassword($_POST['_x_oldpass'], $_POST['pass']);
                         $this->info .= "Your password have been changed successfully." . "<BR>";
                     } catch (phpsec\WrongPasswordException $e) {
                         if ($config['BRUTE_FORCE_DETECTION'] === "ON") {
                             try {
                                 new phpsec\AdvancedPasswordManagement($userID, $_POST['pass'], TRUE);
                             } catch (phpsec\BruteForceAttackDetectedException $ex) {
                                 \phpsec\User::lockAccount($userID);
                                 $this->error .= "Brute Force Attack detected on this account. This account has now been locked. If its not your fault, then please contact the administrator." . "<BR>";
                             }
                         }
                         $this->error .= "Your old password does not seems correct. Please enter your old password for verification." . "<BR>";
                     }
                 } else {
                     $this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
                 }
             }
         } else {
             $this->error .= "You are not logged-in. Please login to complete the operation." . "<BR>";
             $newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/login";
             header("Location: {$newLocation}");
         }
     } catch (Exception $e) {
         $this->error .= $e->getMessage() . "<BR>";
     }
     return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
 }
 function Handle($Request)
 {
     try {
         $userSession = new phpsec\Session();
         $sessionID = $userSession->existingSession();
         if ($sessionID != FALSE) {
             if (isset($_POST['submit'])) {
                 if (isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['repass']) && $_POST['repass'] != "") {
                     $config = (require_once __DIR__ . "/../../config/config.php");
                     if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
                         $this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
                         if ($config['PASSWORD_SUGGESTION'] === "ON") {
                             $this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
                         }
                         return require_once __DIR__ . "/../../view/default/user/newpassword.php";
                     }
                     if ($_POST['pass'] !== $_POST['repass']) {
                         $this->error .= "Your Password and Re-Type Password fields do not match. Please enter the same password twice." . "<BR>";
                         return require_once __DIR__ . "/../../view/default/user/newpassword.php";
                     }
                     $userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
                     if ($userID !== FALSE) {
                         $userObj = phpsec\UserManagement::forceLogIn($userID);
                         if ($userObj->forceResetPassword($_POST['pass'])) {
                             $this->info .= "Your Password has been changed successfully." . "<BR>";
                         } else {
                             $this->error .= "We encountered an error. Please re-try later!" . "<BR>";
                         }
                     } else {
                         $userSession->destroySession();
                         $this->error .= "Your session seems to be invalid. Cannot proceed!!" . "<BR>";
                     }
                 } else {
                     $this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
                 }
             }
         } else {
             $this->error .= "Seems you should not be accessing this page!" . "<BR>";
             $newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/login";
             header("Location: {$newLocation}");
         }
     } catch (Exception $e) {
         $this->error .= $e->getMessage() . "<BR>";
     }
     return require_once __DIR__ . "/../../view/default/user/newpassword.php";
 }
Ejemplo n.º 3
0
 function Handle($Request)
 {
     try {
         if (isset($_POST['submit'])) {
             if (isset($_POST['user']) && isset($_POST['email']) && isset($_POST['pass']) && isset($_POST['repass'])) {
                 $config = (require_once __DIR__ . "/../../config/config.php");
                 if (phpsec\UserManagement::userExists($_POST['user'])) {
                     $this->error .= "ERROR: This username is not available. Please select a different one." . "<BR>";
                     if ($config['USERNAME_SUGGESTION'] === "ON") {
                         do {
                             $suggestedUsername = \phpsec\BasicPasswordManagement::generate(0.1);
                         } while (phpsec\UserManagement::userExists($suggestedUsername));
                         $this->info .= "This username is available: " . $suggestedUsername . "<BR>";
                     }
                     return require_once __DIR__ . "/../../view/default/user/signup.php";
                 }
                 if (!preg_match('/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,63})$/', $_POST['email'])) {
                     $this->error .= "Invalid email address." . "<BR>";
                     return require_once __DIR__ . "/../../view/default/user/signup.php";
                 }
                 if ($_POST['pass'] !== $_POST['repass']) {
                     $this->error .= "ERROR: Password fields do not match!" . "<BR>";
                     return require_once __DIR__ . "/../../view/default/user/signup.php";
                 }
                 if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
                     $this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
                     if ($config['PASSWORD_SUGGESTION'] === "ON") {
                         $this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
                     }
                     return require_once __DIR__ . "/../../view/default/user/signup.php";
                 }
                 phpsec\UserManagement::createUser($_POST['user'], $_POST['pass'], $_POST['email']);
                 $nextLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=activation" . "&email=" . $_POST['email'];
                 header("Location: {$nextLocation}");
             } else {
                 $this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
                 return require_once __DIR__ . "/../../view/default/user/signup.php";
             }
         }
     } catch (Exception $e) {
         $this->error .= $e->getMessage() . "<BR>";
         return require_once __DIR__ . "/../../view/default/user/signup.php";
     }
     return require_once __DIR__ . "/../../view/default/user/signup.php";
 }