public function get_recovery_data($username)
{
// Build the query, and grab the data
$query = 'SELECT `id`, `email`, `_account_recovery` FROM `pcms_accounts` WHERE `username`=?';
$info = $this->DB->query($query, array($username))->fetchRow();
// See if the recovery data is NULL
if ($info === FALSE || $info['_account_recovery'] == NULL) {
return $info === FALSE ? FALSE : NULL;
}
// Unserialize and decode out recoery data
$data = unserialize(base64_decode($info['_account_recovery']));
$questions = get_secret_questions('array', TRUE);
return array('id' => $info['id'], 'email' => $info['email'], 'question' => $questions[$data['id']], 'answer' => $data['answer'], 'registration_email' => $data['email']);
}
public function recover($mode = NULL)
{
// Check to see if we have a mode!
if ($mode != NULL) {
switch ($mode) {
case "set":
// Shouldnt be here if we arent logged in!
if ($this->user['logged_in'] == FALSE) {
goto Step1;
}
// Make sure Users QA isnt set.. If it is then he shouldnt be here!
if ($this->user['_account_recovery'] == TRUE) {
redirect('account');
}
// Check for posted data
if (isset($_POST['action'])) {
goto Process;
}
// Get our questions and load the page
$data['secret_questions'] = get_secret_questions();
$this->load->view('secret_questions', $data);
break;
default:
if ($this->user['logged_in'] == FALSE) {
goto Step1;
}
redirect('account');
}
return;
} else {
// If the user is logged in, we dont need to be here
if ($this->user['logged_in']) {
redirect('account');
}
// Do we have login information?
if (isset($_POST['action'])) {
goto Process;
}
}
// Recovery Form, Step 1
Step1:
$this->load->view('recover');
return;
// Recovery Form, Step 2
Step2:
$data = array('question' => $r_data['question'], 'username' => $username);
$this->load->view('recover_step2', $data);
return;
// Our process post processing
Process:
if (!isset($_POST['action'])) {
goto Step1;
}
// Load the account Model
$this->load->model('account_model', 'account');
switch ($_POST['action']) {
case "set":
// Load the input class and use the XSS filter on these!
$this->Input = load_class('Input');
$sq = $this->Input->post('question', TRUE);
$sa = $this->Input->post('answer', TRUE);
// Fetch account data from the realm
$Account = $this->realm->fetchAccount($this->user['id']);
// Secret question / answer processing
if ($sq != NULL && $sa != NULL) {
// Set recovery data
$set = $this->account->set_recovery_data($Account->getUsername(), $sq, $sa);
// Process the result
if ($set == TRUE) {
// Get our banned / active / locked status
if ($this->realm->accountBanned($this->user['id'])) {
$status = '<font color="red">Banned</font>';
} elseif ($Account->isLocked()) {
$status = '<font color="red">Locked</font>';
} else {
$status = '<font color="green">Active</font>';
}
// Add out custom data
$data = array('status' => $status, 'joindate' => date('F j, Y', strtotime($this->user['registered'])));
// Load the account dashboard, and we are done :)
output_message('success', 'account_recovery_set_success');
$this->load->view('index', $data);
return;
} else {
// No recovery data means we cant do anything here
output_message('error', 'account_recovery_set_failed');
$this->load->view('blank');
return;
}
} else {
// Back to step 1 because fields were not filled correctly
output_message('error', 'submit_failed_fields_empty');
goto Step1;
}
break;
case "recover":
// Get our current step
if (!isset($_POST['step'])) {
goto Step1;
}
// Porcess our step
switch ($_POST['step']) {
case 1:
// Load the validation script and set our rules
$this->load->library('validation');
$this->validation->set(array('username' => 'required|pattern[(^[A-Za-z0-9_-]{3,24}$)]', 'email' => 'required|email'));
// Check to make sure we pass validation
if ($this->validation->validate() == TRUE) {
// load the input class
$this->Input = load_class('Input');
$username = $this->Input->post('username', TRUE);
$email = $this->Input->post('email', TRUE);
// Load recovery data
$r_data = $this->account->get_recovery_data($username);
if (!is_array($r_data)) {
// If false, User doesnt exists, else recovery data not set
if ($r_data === FALSE) {
output_message('error', 'username_doesnt_exist');
goto Step1;
} else {
output_message('error', 'account_recover_failed_not_set');
$this->load->view('blank');
}
}
// Make sure the emails match! Else, back to step 1
if ($r_data['registration_email'] != $email) {
output_message('error', 'account_recover_invalid_email');
goto Step1;
}
// Good to go to step 2
goto Step2;
} else {
// Form validation failed, back to step 1
output_message('error', 'form_validation_failed');
goto Step1;
}
break;
case 2:
// Make sure we have post data
if (!isset($_POST['answer'])) {
goto Step1;
}
// load the input class
$this->Input = load_class('Input');
$username = $this->Input->post('username', TRUE);
$answer = $this->Input->post('answer', TRUE);
// Load recovery data
$r_data = $this->account->get_recovery_data($username);
if (!is_array($r_data)) {
// If false, User doesnt exists, else recovery data not set
if ($r_data === FALSE) {
output_message('error', 'username_doesnt_exist');
goto Step1;
} else {
output_message('error', 'account_recover_failed_not_set');
$this->load->view('blank');
}
}
// Check that the secret answer was correct
if (trim(strtolower($answer)) == trim(strtolower($r_data['answer']))) {
// Load the account model as it holds the code to change the password etc
$result = $this->account->process_recovery($r_data['id'], $username, $r_data['email']);
// Output our message
if ($result !== false) {
output_message('success', 'account_recover_pass_success', array($result));
load_class('Events')->trigger('account_recovered', array($r_data['id']));
} else {
output_message('error', 'account_recover_pass_failed');
}
// The message will be there if we whether we failed or succeded
$this->load->view('blank');
return;
} else {
// Answer was incorrect, so back to step 2
output_message('error', 'account_recover_failed_wrong_answer');
goto Step2;
}
break;
default:
goto Step1;
break;
}
break;
default:
goto Step1;
break;
}
}
