/** * Prevents Association of not owned resource. * * @param \Core\Modules\Router\Request $request Request object. * * @return void */ private function preventAssociationOfNotOwnedResource(Request $request) { foreach ($this->attributes as $attribute => $options) { if ($request->post($attribute)) { $association = $this->resource->getAssociationMetaDataByKey($attribute); if (!$association && isset($this->resource->hasAndBelongsToMany[$attribute])) { $association = $this->resource->hasAndBelongsToMany[$attribute]; } if ($association && $this->user->owns($association['class_name'])) { if (!Helpers\Ownership::checkIds($request->post($attribute), $association['class_name'])) { $this->resource->setError($attribute, 'not_exists'); } } } } }
/** * Reset access action. * * @param Request $request Current router request. * * @return void */ public function renew(Request $request) { $user = Models\CMSUser::find()->where('DATE_ADD(updated_on, INTERVAL 60 MINUTE) > UTC_TIMESTAMP() AND SHA1(CONCAT(password, ?, email)) = ?', array(Core\Config()->USER_AUTH['cookie_salt'], $request->get('id')))->first(); if ($user) { $new_password = Core\Utils::generatePassword(10); if ($user->save(array('password' => $new_password), true)) { $this->new_password = $new_password; } } else { $request->redirectTo(array('controller' => 'authentication')); } }