public function passwordpost()
{
$f3 = \Base::instance();
$this->_requireLogin();
$user = $f3->get('user');
$user_obj = $f3->get('user_obj');
$user_org = $f3->get('user_org');
$user_org_links = $f3->get('user_org_links');
// Check that the old password matches
$security = \Helpers\Security::instance();
if ($security->hash($f3->get("POST.oldPass"), $user_obj->salt ?: "") == $user_obj->password) {
// Okep, update
$newPass = $f3->get("POST.newPass");
if (strlen($newPass) > 6) {
extract($security->hash($newPass));
$user_obj->password = $hash;
$user_obj->salt = $salt;
$user_obj->save();
new Notification('Password updated !', 'success', true);
$f3->reroute('/account');
} else {
$f3->set('error', 'New password must be at least 7 characters long.');
}
} else {
// LOLNO
$f3->set('error', "Password doesn't match your actual one." . '');
}
$f3->set('target', 'account/password.html');
$this->_render('base.html');
}
/**
* Call the parent construct
*/
public function __construct()
{
parent::__construct();
$this->_pages = new \Models\Pages();
$this->_users = new \Models\Users();
$this->_welcomes = new \Models\Welcomes();
\Helpers\Security::require_login();
}
public function invitepost()
{
$f3 = \Base::instance();
$this->_requireLogin();
$db = $f3->get('db.instance');
$user = $f3->get('user');
$user_obj = $f3->get('user_obj');
$user_org = $f3->get('user_org');
$user_org_links = $f3->get('user_org_links');
$orgId = (int) $f3->get('PARAMS.id');
// Check if user is part of the organisation
$result = $db->exec('SELECT * FROM organisation_members WHERE orgId = :orgId AND memberId = :memberId', array('orgId' => $orgId, 'memberId' => $user['id']));
if (empty($result)) {
// Not member
new Notification('You are not member of this organisation', 'danger', true);
$f3->reroute('/organisations');
return;
} else {
$orgMap = new Organisation();
$orgMap->load($orgId);
$f3->set('user_org_selected', $orgMap->cast());
if ($f3->exists('POST.name') and !empty($f3->get('POST.name'))) {
$invitedUser = new User();
$invitedUser->load(array('(email = :email OR username = :email) AND deleted_date IS NULL', 'email' => $f3->get('POST.name')));
if (!$invitedUser->loaded()) {
// No user with this email or username
$f3->set('error', 'No user with this email or password');
} else {
// Generate new invitation entry
$security = new Security();
$accept_key = sha1($security->rand_bytes(32));
$db->exec('INSERT INTO organisations_invites(targetId, fromId, orgId, create_time, accept_key) VALUES(:targetId, :fromId, :orgId, :createTime, :acceptKey)', array('targetId' => $invitedUser->id, 'fromId' => $user['id'], 'orgId' => $orgId, 'createTime' => date("Y-m-d H:i:s"), 'acceptKey' => $accept_key));
new Notification("Invited <b>{$invitedUser->name}</b> to join this organisation", 'success', true);
$f3->reroute($f3->get('PATH'));
}
}
$f3->set('target', 'dashboard/organisations/invite.html');
}
$this->_render('base.html');
}
public function details()
{
$f3 = \Base::instance();
$this->_requireLogin();
$this->_requireRank('support');
$user = $f3->get('user');
$user_obj = $f3->get('user_obj');
$user_org_links = $f3->get('user_org_links');
$db = $f3->get('db.instance');
// Target user
$tuser_id = $f3->get('PARAMS.id');
$tuser = new User();
$tuser->load($tuser_id);
$f3->set('tuser', $tuser->cast());
if ($f3->get('GET.action') == 'resetpassword') {
if ($tuser->rank > $user['rank']) {
new Notification("You cannot reset this user's password (he's higher ranked then you)", 'danger', true);
$f3->reroute($f3->get('PATH'));
} else {
$security = Security::instance();
$randpswd = $security->salt();
extract($security->hash($randpswd));
$tuser->password = $hash;
$tuser->salt = $salt;
$tuser->save();
new Notification("The user's password has been reset, his new password is <b>{$randpswd}</b>", 'danger', true);
SendingAPI::send(['from' => '*****@*****.**', 'to' => $tuser->email, 'subject' => 'Password reset', 'content' => "Hello, your password has been reset, here is your new one: <b>{$randpswd}</b>. Don't forget to change it !"]);
$f3->reroute($f3->get('PATH'));
}
}
// If the target user is a higher level user, you are not allowed to change his info
if ($tuser->rank > $user['rank']) {
new Notification("This user is higher ranked then you, you can't change his information.", 'danger', true);
}
$f3->set('target', 'dashboard/admin/users/details.html');
$this->_render('base.html');
}
/**
* Verifies the validity of a user's password
*
* @param $identifier mixed Can be username, email or id
* @param $password
* @return bool
*/
public static function verifyUserPassword($identifier, $password)
{
// Load the user by it's $identifier type
$user = new \Models\User();
if (is_int($identifier)) {
// ID
$user->load(array("id=?", $identifier));
} elseif (strpos($identifier, "@")) {
// Email
$user->load(array("email=?", $identifier));
} elseif (is_string($identifier)) {
// Username
$user->load(array("username=?", $identifier));
}
// Failed loading
if (!$user->id) {
return false;
}
// Verify password
$security = \Helpers\Security::instance();
if ($security->hash($password, $user->salt ?: "") == $user->password) {
return true;
}
return false;
}
