/**
* Authorizes the user with his username and password. Initializes
* the user session if the user data are valid.
*
* @access protected
* @param \Zepi\Turbo\Framework $framework
* @param \Zepi\Turbo\Request\RequestAbstract $request
* @param \Zepi\Turbo\Response\Response $response
* @return string|boolean
*/
protected function generateNewPassword(Framework $framework, RequestAbstract $request, Response $response)
{
$uuid = $request->getRouteParam('uuid');
$token = $request->getRouteParam('token');
if ($uuid === false || !$this->userManager->hasUserForUuid($uuid) || $token === false) {
$response->redirectTo('/');
return;
}
// Load the user
$user = $this->userManager->getUserForUuid($uuid);
if ($user->getMetaData('passwordRequestToken') == '') {
return array('result' => false, 'message' => $this->translate('You haven\'t requested a new password.', '\\Zepi\\Web\\AccessControl'));
}
// If the validate function returned a string there was an error in the validation.
if ($user->getMetaData('passwordRequestToken') !== $token || $user->getMetaData('passwordRequestTokenLifetime') < time()) {
return array('result' => false, 'message' => $this->translate('The given token is invalid or expired. Please request a new password.', '\\Zepi\\Web\\AccessControl'));
}
// Generate a new password
$password = $this->generateRandomPassword();
// Save the new password
$user->setNewPassword($password);
// Reset the token
$user->setMetaData('passwordRequestToken', '');
$user->setMetaData('passwordRequestTokenLifetime', 0);
// Update the user
$this->userManager->updateUser($user);
// Send the request mail
$this->mailHelper->sendMail($user->getMetaData('email'), $this->translate('New password generated', '\\Zepi\\Web\\AccessControl'), $this->render('\\Zepi\\Web\\AccessControl\\Mail\\GenerateNewPassword', array('user' => $user, 'password' => $password)));
return array('result' => true, 'message' => $this->translate('Your new password is generated and saved. You will receive an email with the new password.', '\\Zepi\\Web\\AccessControl'));
}
/**
* Changes the password for the logged in user.
*
* @access protected
* @param \Zepi\Turbo\Request\WebRequest $request
* @param \Zepi\Web\AccessControl\Entity\User $user
*/
protected function saveUser(WebRequest $request, User $user)
{
$formValues = $this->layout->getFormValues();
// Set the username
$user->setName($formValues['required-data.username']);
// Set the password to a new user or if the user has changed the password
if ($user->isNew() || $formValues['required-data.password'] != '') {
$user->setNewPassword($formValues['required-data.password']);
}
// Set the optional data
$user->setMetaData('email', $formValues['optional-data.email']);
$user->setMetaData('location', $formValues['optional-data.location']);
$user->setMetaData('website', $formValues['optional-data.website']);
$user->setMetaData('twitter', $formValues['optional-data.twitter']);
$user->setMetaData('biography', $formValues['optional-data.biography']);
// Save the user
if ($user->isNew()) {
$user = $this->userManager->addUser($user);
} else {
$this->userManager->updateUser($user);
}
if ($user === false) {
return false;
}
// Save the access levels
$this->accessControlManager->updatePermissions($user, $formValues['access-levels'], $request->getSession()->getUser());
return true;
}
/**
* Changes the password for the logged in user.
*
* @access protected
* @param \Zepi\Web\UserInterface\Form\Form $form
* @param \Zepi\Turbo\Framework $framework
* @param \Zepi\Turbo\Request\WebRequest $request
* @param \Zepi\Turbo\Response\Response $response
*/
protected function changePassword(Form $form, Framework $framework, WebRequest $request, Response $response)
{
// Get the logged in user
$session = $request->getSession();
$user = $session->getUser();
// Get the password data
$oldPassword = trim($form->getField('change-password', 'old-password')->getValue());
$newPassword = trim($form->getField('change-password', 'new-password')->getValue());
$newPasswordConfirmed = trim($form->getField('change-password', 'new-password-confirmed')->getValue());
$result = $this->validateData($framework, $user, $oldPassword, $newPassword, $newPasswordConfirmed);
// If the validate function returned a string there was an error in the validation.
if ($result !== true) {
return $result;
}
// Change the password
$user->setNewPassword($newPassword);
// Get the UserManager to update the user
$result = $this->userManager->updateUser($user);
return $result;
}
/**
* Authorizes the user with his username and password. Initializes
* the user session if the user data are valid.
*
* @access protected
* @param \Zepi\Web\UserInterface\Form\Form $form
* @param \Zepi\Turbo\Framework $framework
* @param \Zepi\Turbo\Request\RequestAbstract $request
* @param \Zepi\Turbo\Response\Response $response
* @return string|boolean
*/
protected function sendRequest(Form $form, Framework $framework, RequestAbstract $request, Response $response)
{
$group = $form->searchPartByKeyAndType('user-data');
$username = trim($group->getPart('username')->getValue());
$result = $this->validateData($framework, $username);
// If the validate function returned a string there was an error in the validation.
if ($result !== true) {
return $result;
}
// Load the user
$user = $this->userManager->getUserForUsername($username);
// Generate an request token
$token = uniqid(md5($user->getMetaData('email')), true);
$user->setMetaData('passwordRequestToken', $token);
$user->setMetaData('passwordRequestTokenLifetime', time() + 3600);
$this->userManager->updateUser($user);
// Send the request mail
$requestLink = $request->getFullRoute('/generate-new-password/' . $user->getUuid() . '/' . $token . '/');
$this->mailHelper->sendMail($user->getMetaData('email'), $this->translate('New password requested', '\\Zepi\\Web\\AccessControl'), $this->render('\\Zepi\\Web\\AccessControl\\Mail\\RequestNewPassword', array('user' => $user, 'requestLink' => $requestLink)));
return true;
}
