Exemple #1
0
/**
 * Updates the password of the currently logged in user.
 * @param (mixed) $new_password The new password for the user.
 * @param (mixed) $new_password_again Confirmation of the new password for the user.
 * @return (array) An array with indices `status`, `message`, and `reasons`
 *                 containing the status code and description of the result of the operation,
 *                 and an array of reasons for that status.
 */
function update_current_user_password($new_password, $new_password_again)
{
    try {
        $cif_user = new CifUser($_SERVER['REDIRECT_WEBAUTH_USER']);
        if ($new_password !== $new_password_again) {
            throw new Exception("The passwords you entered didn't match.");
        }
        // Validate the password
        $errors = is_secure_password($new_password, 'Sorry, but your password needs');
        if ($errors) {
            throw new Exception($errors);
        }
        // Change the user's password
        $cif_user->change_password($new_password);
        return array('status' => STATUS_OK, 'message' => "Your password was changed.", 'reasons' => $errors);
    } catch (Exception $e) {
        $error_message = $e->getMessage();
    }
    // If execution reaches this point, something went wrong
    // If the password was valid, log the results of this failed operation
    if (isset($errors) && !$errors) {
        file_put_contents(LOG_DIR . $cifid, $log, FILE_APPEND);
    }
    return array('status' => STATUS_ERROR, 'message' => $error_message, 'reasons' => $errors);
}
Exemple #2
0
 /**
  * Updates the database password for the specified user.
  * If they do not currently have a database, one will be created.
  * @param (string) $cifid The cifID of the user to update the database password for.
  * @param (mixed) $new_password The new database password for the user.
  * @param (mixed) $new_password_again Confirmation of the new database password for the user.
  * @return (array) An array with indices `status`, `message`, and `reasons`
  *                 containing the status code and description of the result of the operation,
  *                 and an array of reasons for that status.
  */
 public function update_password_for($cifid, $new_password, $new_password_again)
 {
     $new_password = strval($new_password);
     $new_password_again = strval($new_password_again);
     $db_exists = $this->database_exists($cifid);
     $errors = array();
     try {
         if ($new_password !== $new_password_again) {
             $this->log_and_except("The passwords you entered didn't match.");
         } else {
             $errors = is_secure_password($new_password, 'it needs');
             if ($errors) {
                 if ($db_exists) {
                     $this->log_and_except("We couldn't change your password because {$errors}");
                 } else {
                     $this->log_and_except("We couldn't set your password because {$errors}");
                 }
             } else {
                 if (!$db_exists) {
                     $this->create_database_for($cifid);
                 }
                 if (!$this->user_exists($cifid)) {
                     $this->create_user($cifid, $new_password);
                 } else {
                     // Update the user's password
                     $this->mysqli->autocommit(false);
                     // This query can't be prepared so we're running it directly
                     $safe_cifid = $this->mysqli->real_escape_string($cifid);
                     $safe_password = $this->mysqli->real_escape_string($new_password);
                     $this->mysqli->query('SET PASSWORD FOR \'' . $safe_cifid . '\'@\'%\' = PASSWORD(\'' . $safe_password . '\')');
                 }
                 if (!$db_exists) {
                     return array('status' => STATUS_OK, 'message' => 'Created your database. Have at it!', 'reasons' => array());
                 } else {
                     return array('status' => STATUS_OK, 'message' => 'Changed your database password.', 'reasons' => array());
                 }
             }
         }
     } catch (Exception $e) {
         return array('status' => STATUS_ERROR, 'message' => $e->getMessage(), 'reasons' => $errors);
     }
 }