public function addAction() { // set page title $this->view->pageTitle = 'Add User'; // breadcrumb $this->pageBreadcrumbs[] = 'Add User'; $this->view->setVar('pageBreadcrumbs', $this->pageBreadcrumbs); // get groups $this->view->groups = Groups::find(array('name <> "admin"', 'order' => 'name')); // create group list $groupList = array(); foreach ($this->view->groups as $group) { $groupList[$group->id] = $group->label; } $this->view->groupId = null; $this->view->firstName = null; $this->view->lastName = null; $this->view->username = null; $this->view->newPassword = null; $this->view->confirmPassword = null; $this->view->status = null; // process post if ($this->request->isPost()) { // Receiving the variables sent by POST $this->view->groupId = $this->request->getPost('group_id', 'int'); $this->view->firstName = $this->filter->sanitize($this->request->getPost('first_name', 'string'), "trim"); $this->view->lastName = $this->filter->sanitize($this->request->getPost('last_name', 'string'), "trim"); $this->view->username = $this->filter->sanitize($this->request->getPost('username', 'email'), "trim"); $this->view->newPassword = $this->filter->sanitize($this->request->getPost('new_password'), "trim"); $this->view->confirmPassword = $this->filter->sanitize($this->request->getPost('confirm_new_password'), "trim"); $this->view->status = $this->request->getPost('status', 'string'); // make sure email does not exists // find user in the database $user = Users::findFirst(array("username = :email:", "bind" => array('email' => $this->view->username))); if (!empty($user)) { $this->getFlashSession('error', 'Email already exists for another user.', true); return true; } else { // match the two passwords if ($this->view->newPassword != $this->view->confirmPassword) { $this->getFlashSession('error', 'Both passwords should match.', true); return; } elseif (!in_array($this->view->groupId, array_keys($groupList))) { $this->getFlashSession('error', 'Invalid user type selection.', true); return; } else { $user = new Users(); $user->group_id = $this->view->groupId; $user->first_name = $this->view->firstName; $user->last_name = $this->view->lastName; $user->username = $this->view->username; $user->password = hash('sha256', $this->config->application['securitySalt'] . $this->view->newPassword); $user->status = $this->view->status == 'on' ? 'active' : 'inactive'; $user->created = date('Y-m-d H:i:s'); $user->modified = date('Y-m-d H:i:s'); $user->modified_by = $this->userSession['email']; if ($user->create() == false) { $this->logger->log("Failed to save user", \Phalcon\Logger::ERROR); foreach ($user->getMessages() as $message) { $this->logger->log($message, \Phalcon\Logger::ERROR); } $this->getFlashSession('error', 'Sorry, we could not create a new user. Please try again.', true); } else { // email user Basics::sendEmail(array('type' => 'newUser', 'toName' => $user->first_name . " " . $user->last_name, 'toEmail' => $user->username, 'tempPassword' => $this->view->newPassword, 'welcomeUrl' => $this->config->application['baseUrl'])); $this->getFlashSession('success', 'New user is created.', true); // Forward to index return $this->response->redirect("/user"); } } } } // post }
/** * Reset Password */ public function resetPasswordAction() { // set page title $this->view->pageTitle = 'Reset Password'; $resetHashToken = $this->dispatcher->getParam("token"); if (empty($resetHashToken)) { $this->getFlashSession('error', 'Invalid reset link', false); // Forward to signin return $this->dispatcher->forward(array('controller' => 'access', 'action' => 'signin')); } else { // verify hash token exists in database // find user in the database $user = Users::findFirst(array("hashtoken_reset = :token: AND status = :status: AND hashtoken_expire IS NOT NULL AND hashtoken_expire > NOW()", "bind" => array('token' => $resetHashToken, 'status' => 'active'))); if (empty($user)) { $this->getFlashSession('error', 'Your password reset link has expired. Try send the reset request again.', false); // Forward to signin return $this->dispatcher->forward(array('controller' => 'access', 'action' => 'signin')); } $this->view->resetHashToken = $resetHashToken; } // process post if ($this->request->isPost()) { // Receiving the variables sent by POST $newPassword = $this->filter->sanitize($this->request->getPost('new_password'), "trim"); $confirmPassword = $this->filter->sanitize($this->request->getPost('confirm_password'), "trim"); if (!empty($newPassword) && !empty($confirmPassword)) { // match the two passwords if ($newPassword == $confirmPassword) { // update password $password = hash('sha256', $this->config->application['securitySalt'] . $newPassword); $user->password = $password; $user->hashtoken_reset = null; $user->hashtoken_expire = null; if ($user->update() == false) { $this->logger->log("Failed to reset user's password", \Phalcon\Logger::ERROR); foreach ($user->getMessages() as $message) { $this->logger->log($message, \Phalcon\Logger::ERROR); } $this->getFlashSession('error', 'Sorry, we could not reset your password. Please try again.', false); } else { // email user Basics::sendEmail(array('type' => 'resetConfirm', 'toName' => $user->first_name . " " . $user->last_name, 'toEmail' => $user->username)); $this->getFlashSession('success', 'Your password has been changed. You can now sign in with your new password.', false); // Forward to signin return $this->dispatcher->forward(array('controller' => 'access', 'action' => 'signin')); } } else { $this->getFlashSession('error', 'Both passwords should match.', false); } } else { $this->getFlashSession('error', 'Please enter both passwords.', false); } } }