/**
* Process submitting of the mail form.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the thread with specified ID and token is
* not found.
*/
public function submitFormAction(Request $request)
{
$errors = array();
$thread_id = $request->attributes->get('thread_id');
$token = $request->attributes->get('token');
// Try to load the thread
$thread = Thread::load($thread_id, $token);
if (!$thread) {
throw new NotFoundException('The thread is not found.');
}
$email = $request->request->get('email');
$group = $thread->groupId ? group_by_id($thread->groupId) : null;
if (!$email) {
$errors[] = no_field('Your email');
} elseif (!MailUtils::isValidAddress($email)) {
$errors[] = wrong_field('Your email');
}
if (count($errors) > 0) {
$request->attributes->set('errors', $errors);
// Render the mail form again
return $this->showFormAction($request);
}
$history = '';
$last_id = -1;
$messages = $thread->getMessages(true, $last_id);
foreach ($messages as $msg) {
$history .= message_to_text($msg);
}
// Load mail templates and substitute placeholders there.
$mail_template = MailTemplate::loadByName('user_history', get_current_locale());
if ($mail_template) {
$this->sendMail(MailUtils::buildMessage($email, MIBEW_MAILBOX, $mail_template->buildSubject(), $mail_template->buildBody(array($thread->userName, $history, Settings::get('title'), Settings::get('hosturl')))));
} else {
trigger_error('Cannot send e-mail because "user_history" mail template cannot be loaded.', E_USER_WARNING);
}
$page = setup_logo($group);
$page['email'] = $email;
return $this->render('mailsent', $page);
}
}
if ($email != '' && !is_valid_email($email)) {
$errors[] = wrong_field("form.field.mail");
}
if ($jabber != '' && !is_valid_email($jabber)) {
$errors[] = wrong_field("form.field.jabber");
}
if ($jabbernotify && $jabber == '') {
if ($settings['enablejabber'] == "1") {
$errors[] = no_field("form.field.jabber");
} else {
$jabbernotify = false;
}
}
if (!$opId && !$password) {
$errors[] = no_field("form.field.password");
}
if ($password != $passwordConfirm) {
$errors[] = getlocal("my_settings.error.password_match");
}
$existing_operator = operator_by_login($login);
if (!$opId && $existing_operator || $opId && $existing_operator && $opId != $existing_operator['operatorid']) {
$errors[] = getlocal("page_agent.error.duplicate_login");
}
$canmodify = $opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator) || is_capable($can_administrate, $operator);
if (!$canmodify) {
$errors[] = getlocal('page_agent.cannot_modify');
}
if (count($errors) == 0) {
if (!$opId) {
$newop = create_operator($login, $email, $jabber, $password, $localname, $commonname, $jabbernotify ? 1 : 0, "");
require_once 'libs/common.php';
require_once 'libs/chat.php';
require_once 'libs/expand.php';
require_once 'libs/notify.php';
$errors = array();
$page = array();
$token = verifyparam("token", "/^\\d{1,8}\$/");
$threadid = verifyparam("thread", "/^\\d{1,8}\$/");
$thread = thread_by_id($threadid);
if (!$thread || !isset($thread['ltoken']) || $token != $thread['ltoken']) {
die("wrong thread");
}
$email = getparam('email');
$page['email'] = $email;
if (!$email) {
$errors[] = no_field("form.field.email");
} else {
if (!is_valid_email($email)) {
$errors[] = wrong_field("form.field.email");
}
}
if (count($errors) > 0) {
$page['formemail'] = $email;
$page['ct.chatThreadId'] = $thread['threadid'];
$page['ct.token'] = $thread['ltoken'];
$page['level'] = "";
setup_logo();
expand("styles", getchatstyle(), "mail.tpl");
exit;
}
$history = "";
if (!$message) {
$errors[] = getlocal("cannededit.no_such");
$stringid = "";
}
} else {
$message = "";
$page['locale'] = verifyparam("lang", "/^[\\w-]{2,5}\$/", "");
$page['groupid'] = "";
if ($settings['enablegroups'] == '1') {
$page['groupid'] = verifyparam("group", "/^\\d{0,10}\$/");
}
}
if (isset($_POST['message'])) {
$message = getparam('message');
if (!$message) {
$errors[] = no_field("form.field.message");
}
if (count($errors) == 0) {
if ($stringid) {
save_message($stringid, $message);
} else {
add_message($page['locale'], $page['groupid'], $message);
}
$page['saved'] = true;
prepare_menu($operator, false);
start_html_output();
require '../view/cannededit.php';
exit;
}
}
$page['saved'] = false;
/**
* Processes submitting of the forms which is generated in
* {@link \Mibew\Controller\CannedMessageController::showEditFormAction()}
* method.
*
* @param Request $request
* @return string Rendered page content
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$operator = $this->getOperator();
$message_id = $request->attributes->getInt('message_id');
$errors = array();
$title = $request->request->get('title');
if (!$title) {
$errors[] = no_field("Title");
}
$message = $request->request->get('message');
if (!$message) {
$errors[] = no_field("Message");
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showEditFormAction($request);
}
if ($message_id) {
save_canned_message($message_id, $title, $message);
} else {
$locale = $this->extractLocale($request);
$group_id = $this->extractGroupId($request);
add_canned_message($locale, $group_id, $title, $message);
}
$page['saved'] = true;
$page = array_merge($page, prepare_menu($operator, false));
return $this->render('canned_message_edit', $page);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\GroupController::showEditFormAction()} method.
*
* @param Request $request incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$group_id = $request->attributes->get('group_id', false);
$parent_group = $request->request->get('parentgroup');
if (!$parent_group || !preg_match("/^\\d{1,10}\$/", $parent_group)) {
$parent_group = null;
}
$name = $request->request->get('name');
$description = $request->request->get('description');
$common_name = $request->request->get('commonname');
$common_description = $request->request->get('commondescription');
$email = $request->request->get('email');
$weight = $request->request->get('weight');
$title = $request->request->get('title');
$chat_title = $request->request->get('chattitle');
$host_url = $request->request->get('hosturl');
$logo = $request->request->get('logo');
if (!$name) {
$errors[] = no_field("Name");
}
if ($email != '' && !MailUtils::isValidAddress($email)) {
$errors[] = wrong_field("E-mail");
}
if (!preg_match("/^(\\d{1,10})?\$/", $weight)) {
$errors[] = wrong_field("Weight");
}
if (!$weight) {
$weight = 0;
}
$existing_group = group_by_name($name);
$duplicate_name = !$group_id && $existing_group || $group_id && $existing_group && $group_id != $existing_group['groupid'];
if ($duplicate_name) {
$errors[] = getlocal("Please choose another name because a group with that name already exists.");
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
if (!$group_id) {
// Greate new group
$new_dep = create_group(array('vclocalname' => $name, 'vclocaldescription' => $description, 'vccommonname' => $common_name, 'vccommondescription' => $common_description, 'vcemail' => $email, 'iweight' => $weight, 'parent' => $parent_group, 'vctitle' => $title, 'vcchattitle' => $chat_title, 'vchosturl' => $host_url, 'vclogo' => $logo));
// Redirect an operator to group's member page.
$redirect_to = $this->generateUrl('group_members', array('group_id' => (int) $new_dep['groupid']));
} else {
// Update exisitng group
update_group(array('groupid' => $group_id, 'vclocalname' => $name, 'vclocaldescription' => $description, 'vccommonname' => $common_name, 'vccommondescription' => $common_description, 'vcemail' => $email, 'iweight' => $weight, 'parent' => $parent_group, 'vctitle' => $title, 'vcchattitle' => $chat_title, 'vchosturl' => $host_url, 'vclogo' => $logo));
// Redirect an operator to group's page.
$redirect_to = $this->generateUrl('group_edit', array('group_id' => $group_id));
}
return $this->redirect($redirect_to);
}
/**
* Processes submitting of password form.
*
* @param Request $request Incoming request.
* @return Response
*/
public function submitPasswordFormAction(Request $request)
{
// Check if the user can run this step
if ($this->getCurrentStep() != self::STEP_SET_PASSWORD) {
$this->redirect($this->generateStepUrl(self::STEP_SET_PASSWORD));
}
$password = $request->request->get('password');
$password_confirm = $request->request->get('password_confirm');
$errors = array();
// Validate passwords
if (!$password) {
$errors[] = no_field('Password');
}
if (!$password_confirm) {
$errors[] = no_field('Confirmation');
}
if ($password !== $password_confirm) {
$errors[] = getlocal('Passwords do not match.');
}
if (!empty($errors)) {
// Something went wrong we should rerender the form.
$request->attributes->set('errors', $errors);
return $this->showPasswordFormAction($request);
}
$installer = $this->getInstaller();
if (!$installer->setPassword($password)) {
return $this->renderStep('install_step', array('errors' => $installer->getErrors()));
}
$this->setLog(self::STEP_SET_PASSWORD, array(getlocal('Password is set.')));
$this->setCurrentStep(self::STEP_IMPORT_LOCALES);
return $this->renderStep('install_step', array('nextstep' => getlocal('Import locales')));
}
if (!isset($messages[$source])) {
load_messages($source);
}
$lang1 = $messages[$source];
if (!isset($messages[$target])) {
load_messages($target);
}
$lang2 = $messages[$target];
$errors = array();
$page = array('lang1' => $source, 'lang2' => $target, 'title1' => isset($lang1["localeid"]) ? $lang1["localeid"] : $source, 'title2' => isset($lang2["localeid"]) ? $lang2["localeid"] : $target);
if ($stringid) {
$translation = isset($lang2[$stringid]) ? $lang2[$stringid] : "";
if (isset($_POST['translation'])) {
$translation = getparam('translation');
if (!$translation) {
$errors[] = no_field("form.field.translation");
}
if (count($errors) == 0) {
save_message($target, $stringid, $translation);
$page['saved'] = true;
prepare_menu($operator, false);
start_html_output();
require '../view/translate.php';
exit;
}
}
$page['saved'] = false;
$page['key'] = $stringid;
$page['target'] = $target;
$page['formoriginal'] = isset($lang1[$stringid]) ? $lang1[$stringid] : "<b><unknown></b>";
$page['formtranslation'] = $translation;
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\BanController::showEditFormAction()} method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the ban with specified ID is not found in
* the system.
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$operator = $this->getOperator();
$errors = array();
$page = array('banId' => '', 'saved' => false);
// Get form fields and validate them
$ban_id = $request->attributes->getInt('ban_id');
$address = $request->request->get('address');
$days = $request->request->get('days');
$comment = $request->request->get('comment');
if (!$address) {
$errors[] = no_field('Visitor\'s Address');
}
if (!preg_match("/^\\d+\$/", $days)) {
$errors[] = wrong_field('Days');
}
if (!$comment) {
$errors[] = no_field('Comment');
}
// Check if the ban already exists in the database
$existing_ban = Ban::loadByAddress($address);
$ban_duplicate = !$ban_id && $existing_ban || $ban_id && $existing_ban && $ban_id != $existing_ban->id;
if ($ban_duplicate) {
$ban_url = $this->generateUrl('ban_edit', array('ban_id' => $existing_ban->id));
$errors[] = getlocal('The specified address is already in use. Click <a href="{1}">here</a> if you want to edit it.', array($address, $ban_url));
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showEditFormAction($request);
}
// Save ban into the database
if (!$ban_id) {
$ban = new Ban();
$ban->created = time();
} else {
$ban = Ban::load($ban_id);
if (!$ban) {
throw new NotFoundException('The ban is not found.');
}
}
$ban->till = time() + $days * 24 * 60 * 60;
$ban->address = $address;
$ban->comment = $comment;
$ban->save();
// Rerender the form page
$page['saved'] = true;
$page['address'] = $address;
$page['title'] = getlocal('Block address');
$page = array_merge($page, prepare_menu($operator, false));
return $this->render('ban', $page);
}
$page['threadid'] = '';
$errors = array();
if (isset($_POST['address'])) {
$banId = verifyparam("banId", "/^(\\d{1,10})?\$/", "");
$address = getparam("address");
$days = getparam("days");
$comment = getparam('comment');
$threadid = isset($_POST['threadid']) ? getparam('threadid') : "";
if (!$address) {
$errors[] = no_field("form.field.address");
}
if (!preg_match("/^\\d+\$/", $days)) {
$errors[] = wrong_field("form.field.ban_days");
}
if (!$comment) {
$errors[] = no_field("form.field.ban_comment");
}
$link = connect();
$existing_ban = ban_for_addr_($address, $link);
mysql_close($link);
if (!$banId && $existing_ban || $banId && $existing_ban && $banId != $existing_ban['banid']) {
$errors[] = getlocal2("ban.error.duplicate", array(safe_htmlspecialchars($address), safe_htmlspecialchars($existing_ban['banid'])));
}
if (count($errors) == 0) {
$link = connect();
$utime = time() + $days * 24 * 60 * 60;
if (!$banId) {
$query = sprintf("insert into {$mysqlprefix}chatban (dtmcreated,dtmtill,address,comment) values (CURRENT_TIMESTAMP,%s,'%s','%s')", "FROM_UNIXTIME(" . intval($utime) . ")", mysql_real_escape_string($address, $link), mysql_real_escape_string($comment, $link));
perform_query($query, $link);
} else {
$query = sprintf("update {$mysqlprefix}chatban set dtmtill = %s,address = '%s',comment = '%s' where banid = %s", "FROM_UNIXTIME(" . intval($utime) . ")", mysql_real_escape_string($address, $link), mysql_real_escape_string($comment, $link), intval($banId));
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Localization\LocaleController::showEditFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the locale with specified code is not found
* in the system.
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$locale = $request->attributes->get('locale');
$time_locale = $request->request->get('timelocale');
$date_format_full = $request->request->get('dateformatfull');
$date_format_date = $request->request->get('dateformatdate');
$date_format_time = $request->request->get('dateformattime');
if (!$locale) {
throw new NotFoundException();
}
if (!$time_locale) {
$errors[] = no_field('Time locale');
}
if (!$date_format_full) {
$errors[] = no_field('Date format (full)');
}
if (!$date_format_date) {
$errors[] = no_field('Date format (date)');
}
if (!$date_format_time) {
$errors[] = no_field('Date format (time)');
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showEditFormAction($request);
}
$locale_info = get_locale_info($locale);
$locale_info['time_locale'] = $time_locale;
$locale_info['date_format'] = array('full' => $date_format_full, 'date' => $date_format_date, 'time' => $date_format_time);
// Save the locale
set_locale_info($locale, $locale_info);
// Redirect the user to edit page again to use GET method instead of
// POST.
$redirect_to = $this->generateUrl('locale_edit', array('locale' => $locale, 'stored' => true));
return $this->redirect($redirect_to);
}
{
global $mysqlprefix;
$link = connect();
$query = sprintf("update {$mysqlprefix}chatgroup set vclocalname = '%s', vclocaldescription = '%s', vccommonname = '%s', vccommondescription = '%s', vcemail = '%s' where groupid = %s", mysql_real_escape_string($name), mysql_real_escape_string($descr), mysql_real_escape_string($commonname), mysql_real_escape_string($commondescr), mysql_real_escape_string($email), $groupid);
perform_query($query, $link);
mysql_close($link);
}
if (isset($_POST['name'])) {
$groupid = verifyparam("gid", "/^(\\d{1,9})?\$/", "");
$name = getparam('name');
$description = getparam('description');
$commonname = getparam('commonname');
$commondescription = getparam('commondescription');
$email = getparam('email');
if (!$name) {
$errors[] = no_field("form.field.groupname");
}
if ($email != '' && !is_valid_email($email)) {
$errors[] = wrong_field("form.field.mail");
}
$existing_group = group_by_name($name);
if (!$groupid && $existing_group || $groupid && $existing_group && $groupid != $existing_group['groupid']) {
$errors[] = getlocal("page.group.duplicate_name");
}
if (count($errors) == 0) {
if (!$groupid) {
$newdep = create_group($name, $description, $commonname, $commondescription, $email);
header("Location: {$webimroot}/operator/groupmembers.php?gid=" . $newdep['groupid']);
exit;
} else {
update_group($groupid, $name, $description, $commonname, $commondescription, $email);
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\TranslateController::showEditFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$operator = $this->getOperator();
$errors = array();
$string_id = $request->attributes->get('string_id');
$string = $this->loadString($string_id);
if (!$string) {
throw new NotFoundException('The string is not found.');
}
$target = $string['locale'];
$translation = $request->request->get('translation');
if (!$translation) {
$errors[] = no_field("Translation");
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showEditFormAction($request);
}
save_message($target, $string['source'], $translation);
// Remove cached client side translations.
$this->getCache()->getItem('translation/js/' . $target)->clear();
$page['saved'] = true;
$page['title'] = getlocal("Translations");
$page = array_merge($page, prepare_menu($operator, false));
return $this->render('translation_edit', $page);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\OperatorController::showEditFormAction()} method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$operator = $this->getOperator();
$op_id = $request->attributes->getInt('operator_id');
$login = $request->request->get('login');
$email = $request->request->get('email');
$password = $request->request->get('password');
$password_confirm = $request->request->get('passwordConfirm');
$local_name = $request->request->get('name');
$common_name = $request->request->get('commonname');
$code = $request->request->get('code');
if (!$local_name) {
$errors[] = no_field('Name');
}
if (!$common_name) {
$errors[] = no_field('International name (Latin)');
}
// The login is needed only for new operators. If login is changed for
// existing operator the stored password hash becomes invalid.
if (!$op_id) {
if (!$login) {
$errors[] = no_field('Login');
} elseif (!preg_match("/^[\\w_\\.]+\$/", $login)) {
$errors[] = getlocal('Login should contain only latin characters, numbers and underscore symbol.');
}
}
if (!$email || !MailUtils::isValidAddress($email)) {
$errors[] = wrong_field('E-mail');
}
if ($code && !preg_match("/^[A-Za-z0-9_]+\$/", $code)) {
$errors[] = getlocal('Code should contain only latin characters, numbers and underscore symbol.');
}
if (!$op_id && !$password) {
$errors[] = no_field('Password');
}
if ($password != $password_confirm) {
$errors[] = getlocal('Entered passwords do not match');
}
$existing_operator = operator_by_login($login);
$duplicate_login = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
if ($duplicate_login) {
$errors[] = getlocal('Please choose another login because an operator with that login is already registered in the system.');
}
// Check if operator with specified email already exists in the database.
$existing_operator = operator_by_email($email);
$duplicate_email = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
if ($duplicate_email) {
$errors[] = getlocal('Please choose another email because an operator with that email is already registered in the system.');
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
if (!$op_id) {
// Create new operator and redirect the current operator to avatar
// page.
$new_operator = create_operator($login, $email, $password, $local_name, $common_name, '', $code);
$redirect_to = $this->generateUrl('operator_avatar', array('operator_id' => $new_operator['operatorid']));
return $this->redirect($redirect_to);
}
// Mix old operator's fields with updated values
$target_operator = array('vcemail' => $email, 'vclocalename' => $local_name, 'vccommonname' => $common_name, 'code' => $code) + operator_by_id($op_id);
// Set the password only if it's not an empty string.
if ($password !== '') {
$target_operator['vcpassword'] = calculate_password_hash($target_operator['vclogin'], $password);
}
// Update operator's fields in the database.
update_operator($target_operator);
// Operator's data are cached in the authentication manager, thus we need
// to manually update them.
if ($target_operator['operatorid'] == $operator['operatorid']) {
// Check if the admin has set his password for the first time.
$to_dashboard = check_password_hash($operator['vclogin'], '', $operator['vcpassword']) && $password != '';
// Update operator's fields.
$this->getAuthenticationManager()->setOperator($target_operator);
// Redirect the admin to the home page if needed.
if ($to_dashboard) {
return $this->redirect($this->generateUrl('home_operator'));
}
}
// Redirect the operator to edit page again to use GET method instead of
// POST.
$redirect_to = $this->generateUrl('operator_edit', array('operator_id' => $op_id, 'stored' => true));
return $this->redirect($redirect_to);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\MailTemplateController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$name = $request->attributes->get('name');
$lang = $this->extractLocale($request);
$errors = array();
$subject = $request->request->get('subject');
if (!$subject) {
$errors[] = no_field('Mail subject');
}
$body = $request->request->get('body');
if (!$body) {
$errors[] = no_field('Mail body');
}
if (count($errors) != 0) {
// On or more errors took place. We cannot continue the saving
// process. Just attach errors to the request and rerender the edit
// form.
$request->attributes->set('errors', $errors);
return $this->showEditFormAction($request);
}
// Get the instance of mail template that should be modified.
$template = MailTemplate::loadByName($name, $lang, true);
if (!$template) {
// The template cannot be loaded. Create a new one.
$template = new MailTemplate($name, $lang);
}
$template->subject = $subject;
$template->body = $body;
$template->save();
$redirect_to = $this->generateUrl('mail_templates', array('lang' => $lang, 'stored' => true));
return $this->redirect($redirect_to);
}
/**
* Resets operators password and provides an ability to set the new one.
*
* @param Request $request
* @return string Rendered page content
*/
public function resetAction(Request $request)
{
$page = array('version' => MIBEW_VERSION, 'showform' => true, 'title' => getlocal('Change your password'), 'headertitle' => getlocal('Mibew Messenger'), 'show_small_login' => true, 'fixedwrap' => true, 'errors' => array());
if ($request->isMethod('POST')) {
// When HTTP GET method is used the form is just rendered but the
// user does not pass any data. Thus we need to prevent CSRF attacks
// only for POST requests
csrf_check_token($request);
}
// Make sure user id is specified and its format is correct.
$op_id = $request->isMethod('GET') ? $request->query->get('id') : $request->request->get('id');
if (!preg_match("/^\\d{1,9}\$/", $op_id)) {
throw new BadRequestException();
}
// Make sure token is specified and its format is correct.
$token = $request->isMethod('GET') ? $request->query->get('token') : $request->request->get('token');
if (!preg_match("/^[\\dabcdef]+\$/", $token)) {
throw new BadRequestException();
}
$operator = operator_by_id($op_id);
if (!$operator) {
$page['errors'][] = 'No such operator';
$page['showform'] = false;
} elseif ($token != $operator['vcrestoretoken']) {
$page['errors'][] = 'Wrong token';
$page['showform'] = false;
}
if (count($page['errors']) == 0 && $request->isMethod('POST') && $request->request->has('password')) {
$password = $request->request->get('password');
$password_confirm = $request->request->get('passwordConfirm');
if (!$password) {
$page['errors'][] = no_field('Password');
}
if ($password != $password_confirm) {
$page['errors'][] = getlocal('Entered passwords do not match');
}
if (count($page['errors']) == 0) {
$page['isdone'] = true;
// Update the operator
$operator['vcrestoretoken'] = '';
$operator['vcpassword'] = calculate_password_hash($operator['vclogin'], $password);
update_operator($operator);
$page['loginname'] = $operator['vclogin'];
return $this->render('password_recovery_reset', $page);
}
}
$page['id'] = $op_id;
$page['token'] = $token;
$page['isdone'] = false;
return $this->render('password_recovery_reset', $page);
}
