/**
* checkDefaultPassword function that checks if the currently logged in user is using a default password. Sets a session message which is displayed when the user is redirected to the index page, which suggests the user to change their password.
* @author Prayas Bhattarai
* @return boolean
*/
function checkDefaultPassword()
{
$userProfile = retrieveCurrentUserProfile();
$currentPass = $userProfile->get_password();
if (getUserAccessLevel() == 1) {
//use functions for social workers
$fname = $userProfile->get_swFirstName();
$phone = $userProfile->get_swphone();
} else {
if (getUserAccessLevel() > 1) {
//use functions for rmh staff
$fname = $userProfile->get_rmhStaffFirstName();
$phone = $userProfile->get_rmhStaffPhone();
} else {
return false;
}
}
$defaultPass = trim(strtolower($fname)) . trim(substr($phone, -4));
$defaultPass = getHashValue($defaultPass);
if ($defaultPass != $currentPass) {
return true;
} else {
setSessionMessage(array('default_pass' => 'You are using the default password for your account. It is advised that you change your password immediately by clicking on the "Manage Account" section.'));
}
}
$fname = $data['fname'];
$lname = $data['lname'];
$phone = $data['phone'];
$email = $data['email'];
//data for social worker, extra info that rmh staff don't have
if (isset($userType) && $userType == 'socialworker') {
$hospital = $data['hospital'];
$notify = $data['notify'];
} else {
$hospital = '';
$notify = '';
}
//proceed with creating and storing the new user
//create a default password based on: User's firstname and last 4 digits of their phone number
$password = trim(strtolower($fname)) . trim(substr($phone, -4));
$password = getHashValue($password);
$newUserProfile = new UserProfile($userCategories[$userType], 0, $username, $email, $password, 0, $title, $fname, $lname, $phone, 0, $title, $fname, $lname, $hospital, $phone, $notify);
//insert user profile
$insertProfile = insert_UserProfile($newUserProfile);
//if user profile insertion is successful, then the corresponding user profile tables need to be updated as well
if ($insertProfile) {
//get the userprofile id for the newly inserted user
//can this be done more efficiently, instead of retrieving all the info? using last_insert_id maybe?
$retrievedUser = retrieve_UserByAuth($username);
if ($retrievedUser) {
//if a user is retrieved, store the detailed information in the corresponding profile table
$newUserProfile->set_userProfileId($retrievedUser['UserProfileID']);
if ($retrievedUser['UserCategory'] == $userCategories['socialworker']) {
//if the user is a social worker, insert the detail info in the social worker table
$insertDetailProfile = insert_SocialWorkerProfile($newUserProfile);
} else {
include_once ROOT_DIR . '/core/class/FormHelper.php';
include_once ROOT_DIR . '/core/class/DataValidator.php';
$errors = array();
$messages = array();
$data = array();
if (isset($_POST['form_token'])) {
try {
//form validation rules
$accountSettingsRules = array('title' => array('alpha', 'allow' => array('.')), 'old_pass' => array('password'), 'new_pass' => array('password'), 'verify_pass' => array('password', 'notempty'), 'submit' => array('ignore'));
$validator = new DataValidator($_POST, $accountSettingsRules);
$data = $validator->getData();
if ($validator->isValid()) {
//validation successful
$newPass = getHashValue($data['new_pass']);
$verifyPass = getHashValue($data['verify_pass']);
$oldPass = getHashValue($data['old_pass']);
$title = $data['title'];
$username = getCurrentUser();
//TODO we could add this check in the validator?
if ($newPass === $verifyPass) {
if (retrieve_UserByAuth($username, $oldPass)) {
//verify password and new password match AND the user with the old password exists
//retrieve user profile:
$userProfile = retrieveCurrentUserProfile();
if ($userProfile) {
//change the password
$userProfile->set_password($newPass);
//TODO set the user title too. But isn't that included in profile change?
//update the user profile table
if (update_UserProfile($userProfile)) {
//set session message
