/**
* Send a link to reset the password to user's email
* @access public
* @param int id
* @return void
*/
public function sendPassword($id)
{
$session = Zend_Registry::get('session');
$seoOption = Zend_Registry::get('seo');
$value = $this->getUserBy('id', $id);
if (!empty($value)) {
$dotEmail = new Dot_Email();
$dotEmail->addTo($value['email']);
$subject = str_replace('%SITENAME%', $seoOption->siteName, $this->option->forgotPassword->subject);
$dotEmail->setSubject($subject);
$userToken = Dot_Auth::generateUserToken($value['password']);
$msg = str_replace(array('%FIRSTNAME%', '%SITE_URL%', '%USERID%', '%TOKEN%'), array($value['firstName'], $this->config->website->params->url, $value['id'], $userToken), $this->option->forgotPassword->message);
$dotEmail->setBodyText($msg);
$succeed = $dotEmail->send();
if ($succeed) {
$session->message['txt'] = $this->option->infoMessage->emailSent . $value['email'];
$session->message['type'] = 'info';
} else {
$session->message['txt'] = $this->option->errorMessage->emailNotSent . $value['email'];
$session->message['type'] = 'error';
}
} else {
$session->message['txt'] = $value['email'] . $this->option->infoMessage->emailNotFound;
$session->message['type'] = 'info';
}
}
/**
* Add the user's token to the template
* @access public
* @return array
*/
public function addUserToken()
{
$dotAuth = Dot_Auth::getInstance();
$user = $dotAuth->getIdentity('user');
$this->setVar('USERTOKEN', Dot_Auth::generateUserToken($user->password));
}
}
$userView->details('forgot_password', $data);
break;
case 'reset-password':
// start by considering there are no errors, and we enable the form
$disabled = false;
// not sure if the form was submitted or not yet , either from Request or from POST
$userId = array_key_exists('id', $registry->request) ? $registry->request['id'] : (isset($_POST['userId']) ? $_POST['userId'] : '');
$userToken = array_key_exists('token', $registry->request) ? $registry->request['token'] : (isset($_POST['userToken']) ? $_POST['userToken'] : '');
// get user info based on ID , and see if is valid
$userInfo = $userModel->getUserInfo($userId);
if (false == $userInfo) {
$disabled = true;
} else {
// Check if the user's password match the token
$expectedToken = Dot_Auth::generateUserToken($userInfo['password']);
if ($expectedToken != $userToken) {
$disabled = true;
}
}
// we have errors, display the message and disable the form
if (true == $disabled) {
$session->message['txt'] = $registry->option->errorMessage->wrongResetPasswordUrl;
$session->message['type'] = 'error';
}
// IF the form was submmited and there are NO errors
if ($_SERVER['REQUEST_METHOD'] === 'POST' && false == $disabled) {
// POST values that will be validated
$values['password'] = array('password' => isset($_POST['password']) ? $_POST['password'] : '', 'password2' => isset($_POST['password2']) ? $_POST['password2'] : '');
$dotValidateUser = new Dot_Validate_User(array('who' => 'user', 'action' => 'update', 'values' => $values, 'userId' => $userId));
if ($dotValidateUser->isValid()) {
/**
* Check if a user's token is set and is correct
*
* @access public
* @static
* @param string $userToken
* @param string $type - the identity that is checked (i.e. admin)
* @return bool
*/
public static function checkUserToken($userToken, $type = 'admin')
{
if (is_null($userToken) || $userToken == '') {
return false;
}
$dotAuth = Dot_Auth::getInstance();
$user = $dotAuth->getIdentity($type);
if (Dot_Auth::generateUserToken($user->password) != $userToken) {
return false;
}
return true;
}
