/** * Authorizes the user with his username and password. Initializes * the user session if the user data are valid. * * @access protected * @param \Zepi\Web\UserInterface\Form\Form $form * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\RequestAbstract $request * @param \Zepi\Turbo\Response\Response $response * @return string|boolean */ protected function sendRequest(Form $form, Framework $framework, RequestAbstract $request, Response $response) { $group = $form->searchPartByKeyAndType('user-data'); $username = trim($group->getPart('username')->getValue()); $result = $this->validateData($framework, $username); // If the validate function returned a string there was an error in the validation. if ($result !== true) { return $result; } // Load the user $user = $this->userManager->getUserForUsername($username); // Generate an request token $token = uniqid(md5($user->getMetaData('email')), true); $user->setMetaData('passwordRequestToken', $token); $user->setMetaData('passwordRequestTokenLifetime', time() + 3600); $this->userManager->updateUser($user); // Send the request mail $requestLink = $request->getFullRoute('/generate-new-password/' . $user->getUuid() . '/' . $token . '/'); $this->mailHelper->sendMail($user->getMetaData('email'), $this->translate('New password requested', '\\Zepi\\Web\\AccessControl'), $this->render('\\Zepi\\Web\\AccessControl\\Mail\\RequestNewPassword', array('user' => $user, 'requestLink' => $requestLink))); return true; }
/** * Validates the input user data * * @param \Zepi\Turbo\Framework $framework * @param string $username * @param string $password * @return boolean|\Zepi\Web\AccessControl\Entity\User */ protected function validateUserData(Framework $framework, $username, $password) { // If the password isn't at least 8 characters long if (strlen($password) < 8) { return false; } // If the given username doesn't exists if (!$this->userManager->hasUserForUsername($username)) { return false; } $user = $this->userManager->getUserForUsername($username); // If the user not is usable if ($user === false) { return false; } // If the inserted password not is correct if (!$user->comparePasswords($password)) { return false; } // Everything is okey return $user; }
/** * Returns true if the username is in use and not is the edited user. * * @param string $username * @param \Zepi\Web\AccessControl\Entity\User $user * @return boolean */ protected function isUsernameInUse($username, User $user) { return $this->userManager->hasUserForUsername($username) && $this->userManager->getUserForUsername($username)->getUuid() != $user->getUuid(); }