public function passwordpost() { $f3 = \Base::instance(); $this->_requireLogin(); $user = $f3->get('user'); $user_obj = $f3->get('user_obj'); $user_org = $f3->get('user_org'); $user_org_links = $f3->get('user_org_links'); // Check that the old password matches $security = \Helpers\Security::instance(); if ($security->hash($f3->get("POST.oldPass"), $user_obj->salt ?: "") == $user_obj->password) { // Okep, update $newPass = $f3->get("POST.newPass"); if (strlen($newPass) > 6) { extract($security->hash($newPass)); $user_obj->password = $hash; $user_obj->salt = $salt; $user_obj->save(); new Notification('Password updated !', 'success', true); $f3->reroute('/account'); } else { $f3->set('error', 'New password must be at least 7 characters long.'); } } else { // LOLNO $f3->set('error', "Password doesn't match your actual one." . ''); } $f3->set('target', 'account/password.html'); $this->_render('base.html'); }
/** * Call the parent construct */ public function __construct() { parent::__construct(); $this->_pages = new \Models\Pages(); $this->_users = new \Models\Users(); $this->_welcomes = new \Models\Welcomes(); \Helpers\Security::require_login(); }
public function invitepost() { $f3 = \Base::instance(); $this->_requireLogin(); $db = $f3->get('db.instance'); $user = $f3->get('user'); $user_obj = $f3->get('user_obj'); $user_org = $f3->get('user_org'); $user_org_links = $f3->get('user_org_links'); $orgId = (int) $f3->get('PARAMS.id'); // Check if user is part of the organisation $result = $db->exec('SELECT * FROM organisation_members WHERE orgId = :orgId AND memberId = :memberId', array('orgId' => $orgId, 'memberId' => $user['id'])); if (empty($result)) { // Not member new Notification('You are not member of this organisation', 'danger', true); $f3->reroute('/organisations'); return; } else { $orgMap = new Organisation(); $orgMap->load($orgId); $f3->set('user_org_selected', $orgMap->cast()); if ($f3->exists('POST.name') and !empty($f3->get('POST.name'))) { $invitedUser = new User(); $invitedUser->load(array('(email = :email OR username = :email) AND deleted_date IS NULL', 'email' => $f3->get('POST.name'))); if (!$invitedUser->loaded()) { // No user with this email or username $f3->set('error', 'No user with this email or password'); } else { // Generate new invitation entry $security = new Security(); $accept_key = sha1($security->rand_bytes(32)); $db->exec('INSERT INTO organisations_invites(targetId, fromId, orgId, create_time, accept_key) VALUES(:targetId, :fromId, :orgId, :createTime, :acceptKey)', array('targetId' => $invitedUser->id, 'fromId' => $user['id'], 'orgId' => $orgId, 'createTime' => date("Y-m-d H:i:s"), 'acceptKey' => $accept_key)); new Notification("Invited <b>{$invitedUser->name}</b> to join this organisation", 'success', true); $f3->reroute($f3->get('PATH')); } } $f3->set('target', 'dashboard/organisations/invite.html'); } $this->_render('base.html'); }
public function details() { $f3 = \Base::instance(); $this->_requireLogin(); $this->_requireRank('support'); $user = $f3->get('user'); $user_obj = $f3->get('user_obj'); $user_org_links = $f3->get('user_org_links'); $db = $f3->get('db.instance'); // Target user $tuser_id = $f3->get('PARAMS.id'); $tuser = new User(); $tuser->load($tuser_id); $f3->set('tuser', $tuser->cast()); if ($f3->get('GET.action') == 'resetpassword') { if ($tuser->rank > $user['rank']) { new Notification("You cannot reset this user's password (he's higher ranked then you)", 'danger', true); $f3->reroute($f3->get('PATH')); } else { $security = Security::instance(); $randpswd = $security->salt(); extract($security->hash($randpswd)); $tuser->password = $hash; $tuser->salt = $salt; $tuser->save(); new Notification("The user's password has been reset, his new password is <b>{$randpswd}</b>", 'danger', true); SendingAPI::send(['from' => '*****@*****.**', 'to' => $tuser->email, 'subject' => 'Password reset', 'content' => "Hello, your password has been reset, here is your new one: <b>{$randpswd}</b>. Don't forget to change it !"]); $f3->reroute($f3->get('PATH')); } } // If the target user is a higher level user, you are not allowed to change his info if ($tuser->rank > $user['rank']) { new Notification("This user is higher ranked then you, you can't change his information.", 'danger', true); } $f3->set('target', 'dashboard/admin/users/details.html'); $this->_render('base.html'); }
/** * Verifies the validity of a user's password * * @param $identifier mixed Can be username, email or id * @param $password * @return bool */ public static function verifyUserPassword($identifier, $password) { // Load the user by it's $identifier type $user = new \Models\User(); if (is_int($identifier)) { // ID $user->load(array("id=?", $identifier)); } elseif (strpos($identifier, "@")) { // Email $user->load(array("email=?", $identifier)); } elseif (is_string($identifier)) { // Username $user->load(array("username=?", $identifier)); } // Failed loading if (!$user->id) { return false; } // Verify password $security = \Helpers\Security::instance(); if ($security->hash($password, $user->salt ?: "") == $user->password) { return true; } return false; }