Esempio n. 1
0
 protected function _authenticateValidateResult($resultIdentity)
 {
     $hash = new Application_Plugin_Phpass();
     $check = false;
     // auto-login
     if ($this->_credentialTreatment == 'autologin') {
         $check = true;
     }
     // again, try with md5
     if (is_string($this->_credential) && md5($this->_credential) == $resultIdentity['password']) {
         $check = true;
     }
     // Check that hash value is correct
     if (is_string($this->_credential) && $hash->CheckPassword($this->_credential, $resultIdentity['password'])) {
         $check = true;
     }
     if (!$check) {
         $this->_authenticateResultInfo['code'] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
         $this->_authenticateResultInfo['messages'][] = 'Supplied credential is invalid.';
         return $this->_authenticateCreateAuthResult();
     }
     $this->_resultRow = $resultIdentity;
     $this->_authenticateResultInfo['code'] = Zend_Auth_Result::SUCCESS;
     $this->_authenticateResultInfo['messages'][] = 'Authentication successful.';
     return $this->_authenticateCreateAuthResult();
 }
 /**
  * Change password
  */
 public function changepasswordAction()
 {
     $request = $this->getRequest();
     $Profiles = new Application_Model_Profiles();
     if (Zend_Auth::getInstance()->hasIdentity()) {
         $profile = $Profiles->getProfileByField('id', Zend_Auth::getInstance()->getIdentity()->id);
     }
     // Redirect if bad or no user
     if (!isset($profile) || !$profile) {
         $this->redirect('');
     }
     $this->buildMenu();
     $changepassword_form = new Application_Form_ChangePassword();
     $this->view->changepassword_form = $changepassword_form;
     // Form Submitted...
     if ($request->isPost() && $changepassword_form->isValid($_POST)) {
         Application_Plugin_Common::redirectOnDemoAccount();
         // if regular pw update check for old pw
         $hash = new Application_Plugin_Phpass();
         $old_password = $changepassword_form->getValue('passwordold');
         // old password checks
         $check = false;
         // pass when old password is blank (user from facebook registration)
         if ($profile->password == '') {
             $check = true;
         }
         // try with md5
         if (is_string($old_password) && md5($old_password) == $profile->password) {
             $check = true;
         }
         // Check that hash value is correct
         if (is_string($old_password) && $hash->CheckPassword($old_password, $profile->password)) {
             $check = true;
         }
         if (!$check) {
             $changepassword_form->getElement('passwordold')->setErrors(array(Zend_Registry::get('Zend_Translate')->translate('Enter your password')));
             return;
         }
         // old password is ok, proceed...
         $newpassword = $changepassword_form->getValue('password2');
         $hash = new Application_Plugin_Phpass();
         $hashed_password = $hash->HashPassword($newpassword);
         $Profiles->updateField($profile->name, 'password', $hashed_password);
         Application_Plugin_Alerts::success($this->view->translate('Password updated'));
         // prepare phtml email template
         $mail_template_path = APPLICATION_PATH . '/views/emails/';
         $view = new Zend_View();
         $view->setScriptPath($mail_template_path);
         $body = $view->render('passwordnotice.phtml');
         // send email as a security measure
         $ret = Application_Plugin_Common::sendEmail($profile->email, $this->view->translate('Password updated'), $body, true);
     }
 }