/** * Process the "change password" submission. * * @param \VuFind\Db\Row\User $user Logged in user * @param \VuFind\Db\Row\UserCard $card Library card * * @return object|bool Response object if redirect is needed, false if form * needs to be redisplayed. */ protected function processPasswordChange($user, $card) { $post = $this->getRequest()->getPost(); $userFromHash = isset($post->hash) ? $this->getTable('User')->getByVerifyHash($post->hash) : false; $oldPassword = $this->params()->fromPost('oldpwd', ''); $password = $this->params()->fromPost('password', ''); $password2 = $this->params()->fromPost('password2', ''); // Validate new password try { $ilsAuth = $this->getServiceLocator()->get('VuFind\\AuthPluginManager')->get('ILS'); $ilsAuth->validatePasswordInUpdate(['password' => $password, 'password2' => $password2]); } catch (AuthException $e) { $this->flashMessenger()->addMessage($e->getMessage(), 'error'); return false; } // Missing or invalid hash if (false == $userFromHash) { $this->flashMessenger()->addMessage('recovery_user_not_found', 'error'); return false; } elseif ($userFromHash->username !== $user->username) { $this->flashMessenger()->addMessage('authentication_error_invalid', 'error'); return false; } // Connect to the ILS and check that the credentials are correct: $catalog = $this->getILS(); $patron = $catalog->patronLogin($card->cat_username, $oldPassword); if (!$patron) { $this->flashMessenger()->addMessage('authentication_error_invalid', 'error'); return false; } $result = $catalog->changePassword(['patron' => $patron, 'oldPassword' => $oldPassword, 'newPassword' => $password]); if (!$result['success'] && $result['status'] == 'authentication_error_invalid' && !empty($oldPassword)) { // Try again with empty old password just in case this was a user that // was logged in with the fallback login field $result = $catalog->changePassword(['patron' => $patron, 'oldPassword' => '', 'newPassword' => $password]); } if (!$result['success']) { $this->flashMessenger()->addMessage($result['status'], 'error'); return false; } $user->saveLibraryCard($card->id, $card->card_name, $card->cat_username, $password); if ($user->cat_username === $card->cat_username) { $user->saveCredentials($card->cat_username, $password); } $user->updateHash(); $this->flashMessenger()->addSuccessMessage('new_password_success'); return $this->redirect()->toRoute('librarycards-home'); }
/** * Process the "change password" submission. * * @param \VuFind\Db\Row\User $user Logged in user * @param \VuFind\Db\Row\UserCard $card Library card * * @return object|bool Response object if redirect is needed, false if form * needs to be redisplayed. */ protected function processPasswordChange($user, $card) { $post = $this->getRequest()->getPost(); $userFromHash = isset($post->hash) ? $this->getTable('User')->getByVerifyHash($post->hash) : false; $oldPassword = $this->params()->fromPost('oldpwd', ''); $password = $this->params()->fromPost('password', ''); $password2 = $this->params()->fromPost('password2', ''); if ($oldPassword === '' || $password === '' || $password2 === '') { $this->flashMessenger()->addMessage('authentication_error_blank', 'error'); return false; } // Missing or invalid hash if (false == $userFromHash) { $this->flashMessenger()->addMessage('recovery_user_not_found', 'error'); return false; } elseif ($userFromHash->username !== $user->username) { $this->flashMessenger()->addMessage('authentication_error_invalid', 'error'); return false; } // Connect to the ILS and check that the credentials are correct: $catalog = $this->getILS(); $patron = $catalog->patronLogin($card->cat_username, $oldPassword); if (!$patron) { $this->flashMessenger()->addMessage('authentication_error_invalid', 'error'); return false; } if ($password !== $password2) { $this->flashMessenger()->addMessage('Passwords do not match', 'error'); return false; } $result = $catalog->changePassword(['patron' => $patron, 'oldPassword' => $oldPassword, 'newPassword' => $password]); if (!$result['success']) { $this->flashMessenger()->addMessage($result['status'], 'error'); return false; } $user->saveLibraryCard($card->id, $card->card_name, $card->cat_username, $password); if ($user->cat_username === $card->cat_username) { $user->saveCredentials($card->cat_username, $password); } $user->updateHash(); $this->flashMessenger()->addMessage('new_password_success', 'info'); return $this->redirect()->toRoute('librarycards-home'); }