/** * Password recovery for user accounts using email or username. * Password reset string is sent to users email. * * @param array $tag_params * @param array $children */ public function recoverPasswordByEmail($tag_params, $children) { $result = array('error' => true, 'message' => ''); // make sure contact form module is enabled if (!class_exists('contact_form')) { if (_AJAX_REQUEST) { $result['message'] = $this->parent->getLanguageConstant('message_no_contact_form'); print json_encode($result); return; } else { $template = $this->parent->loadTemplate($tag_params, 'message.xml'); $result['message'] = $this->parent->getLanguageConstant('message_no_contact_form'); $template->restoreXML(); $template->setLocalParams($result); $template->parse(); return; } } if (!class_exists('captcha')) { if (_AJAX_REQUEST) { $result['message'] = $this->parent->getLanguageConstant('message_no_captcha'); print json_encode($result); return; } else { $template = $this->parent->loadTemplate($tag_params, 'message.xml'); $result['message'] = $this->parent->getLanguageConstant('message_no_captcha'); $template->restoreXML(); $template->setLocalParams($result); $template->parse(); return; } } // get required module instances $manager = UserManager::getInstance(); $verification_manager = UserVerificationManager::getInstance(); $contact_form = contact_form::getInstance(); $captcha_module = captcha::getInstance(); $username = null; $email = null; $captcha = null; $conditions = array(); // get username if (array_key_exists('username', $tag_params)) { $username = fix_chars($tag_params['username']); } if (is_null($username) && array_key_exists('username', $_REQUEST)) { $username = fix_chars($_REQUEST['username']); } // get email if (array_key_exists('email', $tag_params)) { $email = fix_chars($tag_params['email']); } if (is_null($email) && array_key_exists('email', $_REQUEST)) { $email = fix_chars($_REQUEST['email']); } // get captcha value if (array_key_exists('captcha', $tag_params)) { $captcha = fix_chars($tag_params['captcha']); } if (is_null($captcha) && array_key_exists('captcha', $_REQUEST)) { $captcha = fix_chars($_REQUEST['captcha']); } // get user from the database if (!is_null($username)) { $conditions['username'] = $username; } if (!is_null($email)) { $conditions['email'] = $email; } $user = $manager->getSingleItem($manager->getFieldNames(), $conditions); $captcha_valid = $captcha_module->isCaptchaValid($captcha); // send email if (is_object($user) && $captcha_valid) { $code = $contact_form->generateVerificationCode($user->username, $user->email); // insert verification code $verification_data = array('user' => $user->id, 'code' => $code); $verification_manager->insertData($verification_data); // prepare email $fields = array('fullname' => $user->fullname, 'username' => $user->username, 'email' => $user->email, 'code' => $code); $mailer = $contact_form->getMailer(); $sender = $contact_form->getSender(); $recipients = $contact_form->getRecipients(); $template = $contact_form->getTemplate($this->parent->settings['template_recovery']); // start creating message $mailer->start_message(); $mailer->set_subject($template['subject']); $mailer->set_sender($sender['address'], $sender['name']); foreach ($recipients as $recipient) { $mailer->add_recipient($recipient['address'], $recipient['name']); } $mailer->set_body($template['plain_body'], $template['html_body']); $mailer->set_variables($fields); // send email $result['error'] = !$mailer->send(); if (!$result['error']) { $result['message'] = $this->parent->getLanguageConstant('message_password_recovery_email_sent'); } else { $result['message'] = $this->parent->getLanguageConstant('message_password_reocvery_email_error'); } } elseif (is_object($user) && !$captcha_valid) { $result['message'] = $this->parent->getLanguageConstant('message_users_error_captcha'); } else { $result['message'] = $this->parent->getLanguageConstant('message_no_user'); } // show response if (_AJAX_REQUEST) { print json_encode($result); } else { $template = $this->parent->loadTemplate($tag_params, 'message.xml'); $template->restoreXML(); $template->setLocalParams($result); $template->parse(); } return !$result['error']; }
/** * Perform AJAX login */ private function json_Login() { $captcha_ok = false; $username = fix_chars($_REQUEST['username']); $password = fix_chars($_REQUEST['password']); $captcha = isset($_REQUEST['captcha']) ? fix_chars($_REQUEST['captcha']) : ''; $lasting_session = isset($_REQUEST['lasting']) && ($_REQUEST['lasting'] == 'on' || $_REQUEST['lasting'] == '1') ? true : false; $result = array('logged_in' => false, 'show_captcha' => false, 'message' => ''); $manager = UserManager::getInstance(); $retry_manager = LoginRetryManager::getInstance(); // prepare hashed password $test_user = $manager->getSingleItem(array('salt'), array('username' => $username)); if (is_object($test_user) && !empty($test_user->salt)) { // hash password using stored salt $hashed_password = hash_hmac('sha256', $password, $test_user->salt); } else { // old salting method $hashed_password = hash_hmac('sha256', $password, UserManager::SALT); } // get user based with password $user = $manager->getSingleItem($manager->getFieldNames(), array('username' => $username, 'password' => array($password, $hashed_password))); $retry_count = $retry_manager->getRetryCount(); // check captcha if ($retry_count > 3) { // on purpose we make a separate condition, if captcha // module is not loaded, block IP address for one day if (class_exists('captcha')) { $captcha_module = captcha::getInstance(); $captcha_ok = $captcha_module->isCaptchaValid($captcha); $captcha_module->resetCaptcha(); } } else { $captcha_ok = true; } // check user data if (is_object($user) && $captcha_ok && $user->verified) { // remove login retries $retry_manager->clearAddress(); // change session type if ($lasting_session) { Session::change_type(Session::TYPE_EXTENDED); } // set session variables $_SESSION['uid'] = $user->id; $_SESSION['logged'] = true; $_SESSION['level'] = $user->level; $_SESSION['username'] = $user->username; $_SESSION['fullname'] = $user->fullname; $result['logged_in'] = true; } elseif (is_object($user) && $captcha_ok && !$user->verified) { // user is logged but account is not verified $result['message'] = $this->parent->getLanguageConstant('message_users_account_not_verified'); } else { // user is not logged in properly, increase fail // counter and present login window with message $count = $retry_manager->increaseCount(); $result['message'] = $this->parent->getLanguageConstant('message_login_error'); $result['show_captcha'] = $count > 3; } print json_encode($result); }