public static function getInstance() { if (null === self::$instance) { self::$instance = new self(); } return self::$instance; }
if ($isLocked === NULL) { echo 'Invalid E-Mail Address or Password.'; echo "<a href='../View/index.php'>Click here to go back to the HomePage</a>"; } else { if (is_string($isLocked)) { //if the user has been locked and the locked_until is returned. echo 'You have been locked until ' . $isLocked . '!<br>'; echo "<a href='../View/index.php'>Click here to go back to the HomePage</a>"; } else { $user = Account::login($email, $password); if (is_string($user)) { echo 'Invalid E-Mail Address or Password.'; echo "<a href='../View/index.php'>Click here to go back to the HomePage</a>"; PWDSecHandler::incFailedAtmp($email); } else { PWDSecHandler::clearLock($email); $_SESSION['email'] = $user->email; $_SESSION['firstname'] = $user->firstName; $_SESSION['lastname'] = $user->lastName; if ($user instanceof Customer) { $_SESSION['isEmployee'] = false; $_SESSION['iban'] = $user->IBAN; $_SESSION['balance'] = $user->balance; header("Location:../View/account.php"); } else { $_SESSION['isEmployee'] = true; header("Location:../View/administration.php"); } } } }
$param = explode("/", $uri); //step 1. get user email and send token if (isset($_POST['email'])) { $email = htmlentities(strip_tags($_POST['email'])); $urlprefix = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; if (PWDSecHandler::handlePWDRecovery($email, $urlprefix)) { echo 'Token has been successfully sent to your email address, please check it.'; echo "<a href='../View/index.php'>Click here to go back to the HomePage</a>"; } else { echo 'Failed to handle the password recovery'; } } //step 2. check the token and redirect to the reset page if (sizeof($param) > 3) { if (PWDSecHandler::authenticateToken($param[3], $param[4])) { //if the user is authenticated $_SESSION['resetpwd_user'] = $param[3]; //echo 'userid: '.$param[3]." token ".$param[4]; header("Location:../../../View/pwdreset.php"); } else { $_SESSION['resetpwd_result'] = 'Fail to recover the password!!'; header("Location:../../../View/index.php"); } } //step 3. reset the password if (isset($_POST['newpwd'])) { $newpwd = $_POST['newpwd']; PWDSecHandler::resetPwd($_POST['uid'], $newpwd); echo 'password has been updated successfully!'; echo "<a href='../View/index.php'>Click here to go back to the HomePage</a>"; }