/**
  * Process the "change password" submission.
  *
  * @param \VuFind\Db\Row\User     $user Logged in user
  * @param \VuFind\Db\Row\UserCard $card Library card
  *
  * @return object|bool Response object if redirect is needed, false if form
  * needs to be redisplayed.
  */
 protected function processPasswordChange($user, $card)
 {
     $post = $this->getRequest()->getPost();
     $userFromHash = isset($post->hash) ? $this->getTable('User')->getByVerifyHash($post->hash) : false;
     $oldPassword = $this->params()->fromPost('oldpwd', '');
     $password = $this->params()->fromPost('password', '');
     $password2 = $this->params()->fromPost('password2', '');
     // Validate new password
     try {
         $ilsAuth = $this->getServiceLocator()->get('VuFind\\AuthPluginManager')->get('ILS');
         $ilsAuth->validatePasswordInUpdate(['password' => $password, 'password2' => $password2]);
     } catch (AuthException $e) {
         $this->flashMessenger()->addMessage($e->getMessage(), 'error');
         return false;
     }
     // Missing or invalid hash
     if (false == $userFromHash) {
         $this->flashMessenger()->addMessage('recovery_user_not_found', 'error');
         return false;
     } elseif ($userFromHash->username !== $user->username) {
         $this->flashMessenger()->addMessage('authentication_error_invalid', 'error');
         return false;
     }
     // Connect to the ILS and check that the credentials are correct:
     $catalog = $this->getILS();
     $patron = $catalog->patronLogin($card->cat_username, $oldPassword);
     if (!$patron) {
         $this->flashMessenger()->addMessage('authentication_error_invalid', 'error');
         return false;
     }
     $result = $catalog->changePassword(['patron' => $patron, 'oldPassword' => $oldPassword, 'newPassword' => $password]);
     if (!$result['success'] && $result['status'] == 'authentication_error_invalid' && !empty($oldPassword)) {
         // Try again with empty old password just in case this was a user that
         // was logged in with the fallback login field
         $result = $catalog->changePassword(['patron' => $patron, 'oldPassword' => '', 'newPassword' => $password]);
     }
     if (!$result['success']) {
         $this->flashMessenger()->addMessage($result['status'], 'error');
         return false;
     }
     $user->saveLibraryCard($card->id, $card->card_name, $card->cat_username, $password);
     if ($user->cat_username === $card->cat_username) {
         $user->saveCredentials($card->cat_username, $password);
     }
     $user->updateHash();
     $this->flashMessenger()->addSuccessMessage('new_password_success');
     return $this->redirect()->toRoute('librarycards-home');
 }
 /**
  * Process the "edit library card" submission.
  *
  * @param \VuFind\Db\Row\User $user Logged in user
  *
  * @return object|bool        Response object if redirect is
  * needed, false if form needs to be redisplayed.
  */
 protected function processEditLibraryCard($user)
 {
     $cardName = $this->params()->fromPost('card_name', '');
     $target = $this->params()->fromPost('target', '');
     $username = $this->params()->fromPost('username', '');
     $password = $this->params()->fromPost('password', '');
     if (!$username || !$password) {
         $this->flashMessenger()->setNamespace('error')->addMessage('authentication_error_blank');
         return false;
     }
     if ($target) {
         $username = "******";
     }
     // Connect to the ILS and check that the credentials are correct:
     $catalog = $this->getILS();
     $patron = $catalog->patronLogin($username, $password);
     if (!$patron) {
         $this->flashMessenger()->setNamespace('error')->addMessage('authentication_error_invalid');
         return false;
     }
     $id = $this->params()->fromRoute('id', $this->params()->fromQuery('id'));
     try {
         $user->saveLibraryCard($id == 'NEW' ? null : $id, $cardName, $username, $password);
     } catch (\VuFind\Exception\LibraryCard $e) {
         $this->flashMessenger()->setNamespace('error')->addMessage($e->getMessage());
         return false;
     }
     return $this->redirect()->toRoute('librarycards-home');
 }
Ejemplo n.º 3
0
 /**
  * Process the "change password" submission.
  *
  * @param \VuFind\Db\Row\User     $user Logged in user
  * @param \VuFind\Db\Row\UserCard $card Library card
  *
  * @return object|bool Response object if redirect is needed, false if form
  * needs to be redisplayed.
  */
 protected function processPasswordChange($user, $card)
 {
     $post = $this->getRequest()->getPost();
     $userFromHash = isset($post->hash) ? $this->getTable('User')->getByVerifyHash($post->hash) : false;
     $oldPassword = $this->params()->fromPost('oldpwd', '');
     $password = $this->params()->fromPost('password', '');
     $password2 = $this->params()->fromPost('password2', '');
     if ($oldPassword === '' || $password === '' || $password2 === '') {
         $this->flashMessenger()->addMessage('authentication_error_blank', 'error');
         return false;
     }
     // Missing or invalid hash
     if (false == $userFromHash) {
         $this->flashMessenger()->addMessage('recovery_user_not_found', 'error');
         return false;
     } elseif ($userFromHash->username !== $user->username) {
         $this->flashMessenger()->addMessage('authentication_error_invalid', 'error');
         return false;
     }
     // Connect to the ILS and check that the credentials are correct:
     $catalog = $this->getILS();
     $patron = $catalog->patronLogin($card->cat_username, $oldPassword);
     if (!$patron) {
         $this->flashMessenger()->addMessage('authentication_error_invalid', 'error');
         return false;
     }
     if ($password !== $password2) {
         $this->flashMessenger()->addMessage('Passwords do not match', 'error');
         return false;
     }
     $result = $catalog->changePassword(['patron' => $patron, 'oldPassword' => $oldPassword, 'newPassword' => $password]);
     if (!$result['success']) {
         $this->flashMessenger()->addMessage($result['status'], 'error');
         return false;
     }
     $user->saveLibraryCard($card->id, $card->card_name, $card->cat_username, $password);
     if ($user->cat_username === $card->cat_username) {
         $user->saveCredentials($card->cat_username, $password);
     }
     $user->updateHash();
     $this->flashMessenger()->addMessage('new_password_success', 'info');
     return $this->redirect()->toRoute('librarycards-home');
 }