Esempio n. 1
0
 /**
  * A function to handle the Forgot Password process
  */
 public static function forgotPassword()
 {
     self::construct();
     $curStatus = "initial";
     // The Current Status of Forgot Password process
     $identName = self::$config['features']['email_login'] === false ? "Username" : "Username / E-Mail";
     if (!isset($_POST['logSysForgotPass']) && !isset($_GET['resetPassToken']) && !isset($_POST['logSysForgotPassChange'])) {
         $html = '<form action="' . self::curPageURL() . '" method="POST">';
         $html .= "<label>";
         $html .= "<p>{$identName}</p>";
         $html .= "<input type='text' id='logSysIdentification' placeholder='Enter your {$identName}' size='25' name='identification' />";
         $html .= "</label>";
         $html .= "<p><button name='logSysForgotPass' type='submit'>Reset Password</button></p>";
         $html .= "</form>";
         echo $html;
         /**
          * The user had moved to the reset password form ie she/he is currently seeing the forgot password form
          */
         $curStatus = "resetPasswordForm";
     } elseif (isset($_GET['resetPassToken']) && !isset($_POST['logSysForgotPassChange'])) {
         /**
          * The user gave the password reset token. Check if the token is valid.
          */
         $reset_pass_token = urldecode($_GET['resetPassToken']);
         $sql = self::$dbh->prepare("SELECT `uid` FROM `" . self::$config['db']['token_table'] . "` WHERE `token` = ?");
         $sql->execute(array($reset_pass_token));
         if ($sql->rowCount() == 0 || $reset_pass_token == "") {
             echo "<h3>Error : Wrong/Invalid Token</h3>";
             $curStatus = "invalidToken";
             // The token user gave was not valid
         } else {
             /**
              * The token is valid, display the new password form
              */
             $html = "<p>The Token key was Authorized. Now, you can change the password</p>";
             $html .= "<form action='{$_SERVER['PHP_SELF']}' method='POST'>";
             $html .= "<input type='hidden' name='token' value='{$reset_pass_token}' />";
             $html .= "<label>";
             $html .= "<p>New Password</p>";
             $html .= "<input type='password' name='logSysForgotPassNewPassword' />";
             $html .= "</label><br/>";
             $html .= "<label>";
             $html .= "<p>Retype Password</p>";
             $html .= "<input type='password' name='logSysForgotPassRetypedPassword'/>";
             $html .= "</label><br/>";
             $html .= "<p><button name='logSysForgotPassChange'>Reset Password</button></p>";
             $html .= "</form>";
             echo $html;
             /**
              * The token was correct, displayed the change/new password form
              */
             $curStatus = "changePasswordForm";
         }
     } elseif (isset($_POST['logSysForgotPassChange']) && isset($_POST['logSysForgotPassNewPassword']) && isset($_POST['logSysForgotPassRetypedPassword'])) {
         $reset_pass_token = urldecode($_POST['token']);
         $sql = self::$dbh->prepare("SELECT `uid` FROM `" . self::$config['db']['token_table'] . "` WHERE `token` = ?");
         $sql->execute(array($reset_pass_token));
         if ($sql->rowCount() == 0 || $reset_pass_token == "") {
             echo "<h3>Error : Wrong/Invalid Token</h3>";
             $curStatus = "invalidToken";
             // The token user gave was not valid
         } else {
             if ($_POST['logSysForgotPassNewPassword'] == "" || $_POST['logSysForgotPassRetypedPassword'] == "") {
                 echo "<h3>Error : Passwords Fields Left Blank</h3>";
                 $curStatus = "fieldsLeftBlank";
             } elseif ($_POST['logSysForgotPassNewPassword'] != $_POST['logSysForgotPassRetypedPassword']) {
                 echo "<h3>Error : Passwords Don't Match</h3>";
                 $curStatus = "passwordDontMatch";
                 // The new password and retype password submitted didn't match
             } else {
                 /**
                  * We must create a fake assumption that the user is logged in to
                  * change the password as \Fr\LS::changePassword()
                  * requires the user to be logged in.
                  */
                 self::$user = $sql->fetchColumn();
                 self::$loggedIn = true;
                 if (self::changePassword($_POST['logSysForgotPassNewPassword'])) {
                     self::$user = false;
                     self::$loggedIn = false;
                     /**
                      * The token shall not be used again, so remove it.
                      */
                     $sql = self::$dbh->prepare("DELETE FROM `" . self::$config['db']['token_table'] . "` WHERE `token` = ?");
                     $sql->execute(array($reset_pass_token));
                     echo "<h3>Success : Password Reset Successful</h3><p>You may now login with your new password.</p>";
                     $curStatus = "passwordChanged";
                     // The password was successfully changed
                 }
             }
         }
     } elseif (isset($_POST['identification'])) {
         /**
          * Check if username/email is provided and if it's valid and exists
          */
         $identification = $_POST['identification'];
         if ($identification == "") {
             echo "<h3>Error : {$identName} not provided</h3>";
             $curStatus = "identityNotProvided";
             // The identity was not given
         } else {
             $sql = self::$dbh->prepare("SELECT `email`, `id` FROM `" . self::$config['db']['table'] . "` WHERE `username`=:login OR `email`=:login");
             $sql->bindValue(":login", $identification);
             $sql->execute();
             if ($sql->rowCount() == 0) {
                 echo "<h3>Error : User Not Found</h3>";
                 $curStatus = "userNotFound";
                 // The user with the identity given was not found in the users database
             } else {
                 $rows = $sql->fetch(\PDO::FETCH_ASSOC);
                 $email = $rows['email'];
                 $uid = $rows['id'];
                 /**
                  * Make token and insert into the table
                  */
                 $token = self::rand_string(40);
                 $sql = self::$dbh->prepare("INSERT INTO `" . self::$config['db']['token_table'] . "` (`token`, `uid`, `requested`) VALUES (?, ?, NOW())");
                 $sql->execute(array($token, $uid));
                 $encodedToken = urlencode($token);
                 /**
                  * Prepare the email to be sent
                  */
                 $subject = "Reset Password";
                 $body = "You requested for resetting your password on " . self::$config['basic']['company'] . ". For this, please click the following link :\n          <blockquote>\n            <a href='" . self::curPageURL() . "?resetPassToken={$encodedToken}'>Reset Password : {$token}</a>\n          </blockquote>";
                 self::sendMail($email, $subject, $body);
                 echo "<p>An email has been sent to your email inbox with instructions. Check Your Mail Inbox and SPAM Folders.</p><p>You can close this window.</p>";
                 $curStatus = "emailSent";
                 // E-Mail has been sent
             }
         }
     }
     return $curStatus;
 }