function update($vars, &$errors) { global $cfg; $rtoken = $_SESSION['_client']['reset-token']; if ($vars['passwd1'] || $vars['passwd2'] || $vars['cpasswd'] || $rtoken) { if (!$vars['passwd1']) { $errors['passwd1'] = __('New password is required'); } elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) { $errors['passwd1'] = __('Password must be at least 6 characters'); } elseif ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) { $errors['passwd2'] = __('Passwords do not match'); } if ($rtoken) { $_config = new Config('pwreset'); if ($_config->get($rtoken) != $this->getUserId()) { $errors['err'] = __('Invalid reset token. Logout and try again'); } elseif (!($ts = $_config->lastModified($rtoken)) && $cfg->getPwResetWindow() < time() - strtotime($ts)) { $errors['err'] = __('Invalid reset token. Logout and try again'); } } elseif ($this->get('passwd')) { if (!$vars['cpasswd']) { $errors['cpasswd'] = __('Current password is required'); } elseif (!$this->hasCurrentPassword($vars['cpasswd'])) { $errors['cpasswd'] = __('Invalid current password!'); } elseif (!strcasecmp($vars['passwd1'], $vars['cpasswd'])) { $errors['passwd1'] = __('New password MUST be different from the current password!'); } } } if (!$vars['timezone_id']) { $errors['timezone_id'] = __('Time zone selection is required'); } if ($errors) { return false; } $this->set('timezone_id', $vars['timezone_id']); $this->set('dst', isset($vars['dst']) ? 1 : 0); // Change language $this->set('lang', $vars['lang'] ?: null); $_SESSION['client:lang'] = null; TextDomain::configureForUser($this); if ($vars['backend']) { $this->set('backend', $vars['backend']); if ($vars['username']) { $this->set('username', $vars['username']); } } if ($vars['passwd1']) { $this->set('passwd', Passwd::hash($vars['passwd1'])); $info = array('password' => $vars['passwd1']); Signal::send('auth.pwchange', $this->getUser(), $info); $this->cancelResetTokens(); $this->clearStatus(UserAccountStatus::REQUIRE_PASSWD_RESET); } return $this->save(); }
function signOn($errors = array()) { global $ost; if (!isset($_POST['userid']) || !isset($_POST['token'])) { return false; } elseif (!($_config = new Config('pwreset'))) { return false; } elseif (!($acct = ClientAccount::lookupByUsername($_POST['userid'])) || !$acct->getId() || !($client = new ClientSession(new EndUser($acct->getUser())))) { $errors['msg'] = __('Invalid user-id given'); } elseif (!($id = $_config->get($_POST['token'])) || $id != $client->getId()) { $errors['msg'] = __('Invalid reset token'); } elseif (!($ts = $_config->lastModified($_POST['token'])) && $ost->getConfig()->getPwResetWindow() < time() - strtotime($ts)) { $errors['msg'] = __('Invalid reset token'); } elseif (!$acct->forcePasswdReset()) { $errors['msg'] = __('Unable to reset password'); } else { return $client; } }
function updateProfile($vars, &$errors) { global $cfg; $vars['firstname'] = Format::striptags($vars['firstname']); $vars['lastname'] = Format::striptags($vars['lastname']); if ($this->getId() != $vars['id']) { $errors['err'] = __('Internal error occurred'); } if (!$vars['firstname']) { $errors['firstname'] = __('First name is required'); } if (!$vars['lastname']) { $errors['lastname'] = __('Last name is required'); } if (!$vars['email'] || !Validator::is_valid_email($vars['email'])) { $errors['email'] = __('Valid email is required'); } elseif (Email::getIdByEmail($vars['email'])) { $errors['email'] = __('Already in-use as system email'); } elseif (($uid = Staff::getIdByEmail($vars['email'])) && $uid != $this->getId()) { $errors['email'] = __('Email already in-use by another agent'); } if ($vars['phone'] && !Validator::is_phone($vars['phone'])) { $errors['phone'] = __('Valid phone number is required'); } if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) { $errors['mobile'] = __('Valid phone number is required'); } if ($vars['passwd1'] || $vars['passwd2'] || $vars['cpasswd']) { if (!$vars['passwd1']) { $errors['passwd1'] = __('New password is required'); } elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) { $errors['passwd1'] = __('Password must be at least 6 characters'); } elseif ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) { $errors['passwd2'] = __('Passwords do not match'); } if ($rtoken = $_SESSION['_staff']['reset-token']) { $_config = new Config('pwreset'); if ($_config->get($rtoken) != $this->getId()) { $errors['err'] = __('Invalid reset token. Logout and try again'); } elseif (!($ts = $_config->lastModified($rtoken)) && $cfg->getPwResetWindow() < time() - strtotime($ts)) { $errors['err'] = __('Invalid reset token. Logout and try again'); } } elseif (!$vars['cpasswd']) { $errors['cpasswd'] = __('Current password is required'); } elseif (!$this->cmp_passwd($vars['cpasswd'])) { $errors['cpasswd'] = __('Invalid current password!'); } elseif (!strcasecmp($vars['passwd1'], $vars['cpasswd'])) { $errors['passwd1'] = __('New password MUST be different from the current password!'); } } if (!$vars['timezone_id']) { $errors['timezone_id'] = __('Time zone selection is required'); } if ($vars['default_signature_type'] == 'mine' && !$vars['signature']) { $errors['default_signature_type'] = __("You don't have a signature"); } if ($errors) { return false; } $this->config->set('lang', $vars['lang']); $_SESSION['staff:lang'] = null; TextDomain::configureForUser($this); $sql = 'UPDATE ' . STAFF_TABLE . ' SET updated=NOW() ' . ' ,firstname=' . db_input($vars['firstname']) . ' ,lastname=' . db_input($vars['lastname']) . ' ,email=' . db_input($vars['email']) . ' ,phone="' . db_input(Format::phone($vars['phone']), false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext']) . ' ,mobile="' . db_input(Format::phone($vars['mobile']), false) . '"' . ' ,signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,timezone_id=' . db_input($vars['timezone_id']) . ' ,daylight_saving=' . db_input(isset($vars['daylight_saving']) ? 1 : 0) . ' ,show_assigned_tickets=' . db_input(isset($vars['show_assigned_tickets']) ? 1 : 0) . ' ,max_page_size=' . db_input($vars['max_page_size']) . ' ,auto_refresh_rate=' . db_input($vars['auto_refresh_rate']) . ' ,default_signature_type=' . db_input($vars['default_signature_type']) . ' ,default_paper_size=' . db_input($vars['default_paper_size']); if ($vars['passwd1']) { $sql .= ' ,change_passwd=0, passwdreset=NOW(), passwd=' . db_input(Passwd::hash($vars['passwd1'])); $info = array('password' => $vars['passwd1']); Signal::send('auth.pwchange', $this, $info); $this->cancelResetTokens(); } $sql .= ' WHERE staff_id=' . db_input($this->getId()); //echo $sql; return db_query($sql); }
if (!$staff->sendResetEmail()) { $tpl = 'pwreset.sent.php'; } } else { $msg = 'Unable to verify username ' . Format::htmlchars($_POST['userid']); } break; case 'newpasswd': // TODO: Compare passwords $tpl = 'pwreset.login.php'; $_config = new Config('pwreset'); if (($staff = new StaffSession($_POST['userid'])) && !$staff->getId()) { $msg = 'Invalid user-id given'; } elseif (!($id = $_config->get($_POST['token'])) || $id != $staff->getId()) { $msg = 'Invalid reset token'; } elseif (!($ts = $_config->lastModified($_POST['token'])) && $ost->getConfig()->getPwResetWindow() < time() - strtotime($ts)) { $msg = 'Invalid reset token'; } elseif (!$staff->forcePasswdRest()) { $msg = 'Unable to reset password'; } else { $info = array('page' => 'index.php'); Signal::send('auth.pwreset.login', $staff, $info); Staff::_do_login($staff, $_POST['userid']); $_SESSION['_staff']['reset-token'] = $_POST['token']; header('Location: ' . $info['page']); exit; } break; } } elseif ($_GET['token']) { $msg = 'Re-enter your username or email';