public function get_recovery_data($username) { // Build the query, and grab the data $query = 'SELECT `id`, `email`, `_account_recovery` FROM `pcms_accounts` WHERE `username`=?'; $info = $this->DB->query($query, array($username))->fetchRow(); // See if the recovery data is NULL if ($info === FALSE || $info['_account_recovery'] == NULL) { return $info === FALSE ? FALSE : NULL; } // Unserialize and decode out recoery data $data = unserialize(base64_decode($info['_account_recovery'])); $questions = get_secret_questions('array', TRUE); return array('id' => $info['id'], 'email' => $info['email'], 'question' => $questions[$data['id']], 'answer' => $data['answer'], 'registration_email' => $data['email']); }
public function recover($mode = NULL) { // Check to see if we have a mode! if ($mode != NULL) { switch ($mode) { case "set": // Shouldnt be here if we arent logged in! if ($this->user['logged_in'] == FALSE) { goto Step1; } // Make sure Users QA isnt set.. If it is then he shouldnt be here! if ($this->user['_account_recovery'] == TRUE) { redirect('account'); } // Check for posted data if (isset($_POST['action'])) { goto Process; } // Get our questions and load the page $data['secret_questions'] = get_secret_questions(); $this->load->view('secret_questions', $data); break; default: if ($this->user['logged_in'] == FALSE) { goto Step1; } redirect('account'); } return; } else { // If the user is logged in, we dont need to be here if ($this->user['logged_in']) { redirect('account'); } // Do we have login information? if (isset($_POST['action'])) { goto Process; } } // Recovery Form, Step 1 Step1: $this->load->view('recover'); return; // Recovery Form, Step 2 Step2: $data = array('question' => $r_data['question'], 'username' => $username); $this->load->view('recover_step2', $data); return; // Our process post processing Process: if (!isset($_POST['action'])) { goto Step1; } // Load the account Model $this->load->model('account_model', 'account'); switch ($_POST['action']) { case "set": // Load the input class and use the XSS filter on these! $this->Input = load_class('Input'); $sq = $this->Input->post('question', TRUE); $sa = $this->Input->post('answer', TRUE); // Fetch account data from the realm $Account = $this->realm->fetchAccount($this->user['id']); // Secret question / answer processing if ($sq != NULL && $sa != NULL) { // Set recovery data $set = $this->account->set_recovery_data($Account->getUsername(), $sq, $sa); // Process the result if ($set == TRUE) { // Get our banned / active / locked status if ($this->realm->accountBanned($this->user['id'])) { $status = '<font color="red">Banned</font>'; } elseif ($Account->isLocked()) { $status = '<font color="red">Locked</font>'; } else { $status = '<font color="green">Active</font>'; } // Add out custom data $data = array('status' => $status, 'joindate' => date('F j, Y', strtotime($this->user['registered']))); // Load the account dashboard, and we are done :) output_message('success', 'account_recovery_set_success'); $this->load->view('index', $data); return; } else { // No recovery data means we cant do anything here output_message('error', 'account_recovery_set_failed'); $this->load->view('blank'); return; } } else { // Back to step 1 because fields were not filled correctly output_message('error', 'submit_failed_fields_empty'); goto Step1; } break; case "recover": // Get our current step if (!isset($_POST['step'])) { goto Step1; } // Porcess our step switch ($_POST['step']) { case 1: // Load the validation script and set our rules $this->load->library('validation'); $this->validation->set(array('username' => 'required|pattern[(^[A-Za-z0-9_-]{3,24}$)]', 'email' => 'required|email')); // Check to make sure we pass validation if ($this->validation->validate() == TRUE) { // load the input class $this->Input = load_class('Input'); $username = $this->Input->post('username', TRUE); $email = $this->Input->post('email', TRUE); // Load recovery data $r_data = $this->account->get_recovery_data($username); if (!is_array($r_data)) { // If false, User doesnt exists, else recovery data not set if ($r_data === FALSE) { output_message('error', 'username_doesnt_exist'); goto Step1; } else { output_message('error', 'account_recover_failed_not_set'); $this->load->view('blank'); } } // Make sure the emails match! Else, back to step 1 if ($r_data['registration_email'] != $email) { output_message('error', 'account_recover_invalid_email'); goto Step1; } // Good to go to step 2 goto Step2; } else { // Form validation failed, back to step 1 output_message('error', 'form_validation_failed'); goto Step1; } break; case 2: // Make sure we have post data if (!isset($_POST['answer'])) { goto Step1; } // load the input class $this->Input = load_class('Input'); $username = $this->Input->post('username', TRUE); $answer = $this->Input->post('answer', TRUE); // Load recovery data $r_data = $this->account->get_recovery_data($username); if (!is_array($r_data)) { // If false, User doesnt exists, else recovery data not set if ($r_data === FALSE) { output_message('error', 'username_doesnt_exist'); goto Step1; } else { output_message('error', 'account_recover_failed_not_set'); $this->load->view('blank'); } } // Check that the secret answer was correct if (trim(strtolower($answer)) == trim(strtolower($r_data['answer']))) { // Load the account model as it holds the code to change the password etc $result = $this->account->process_recovery($r_data['id'], $username, $r_data['email']); // Output our message if ($result !== false) { output_message('success', 'account_recover_pass_success', array($result)); load_class('Events')->trigger('account_recovered', array($r_data['id'])); } else { output_message('error', 'account_recover_pass_failed'); } // The message will be there if we whether we failed or succeded $this->load->view('blank'); return; } else { // Answer was incorrect, so back to step 2 output_message('error', 'account_recover_failed_wrong_answer'); goto Step2; } break; default: goto Step1; break; } break; default: goto Step1; break; } }