/**
* @param string $user name - Must be non null and at least 1 character.
* @param string $user_password - Must be non null and at least 1 character.
* @param string $new_password - Must be non null and at least 1 character.
* @return boolean - If passwords pass verification and query succeeds, return true, else return false.
* @desc Verify that the current password is correct and write the new password to the DB.
* Portions created by SugarCRM are Copyright (C) SugarCRM, Inc..
* All Rights Reserved..
* Contributor(s): ______________________________________..
*/
function change_password($user_password, $new_password, $dieOnError = true)
{
$usr_name = $this->column_fields["user_name"];
global $mod_strings;
$current_user = vglobal('current_user');
$this->log->debug("Starting password change for {$usr_name}");
if (!isset($new_password) || $new_password == "") {
$this->error_string = $mod_strings['ERR_PASSWORD_CHANGE_FAILED_1'] . $user_name . $mod_strings['ERR_PASSWORD_CHANGE_FAILED_2'];
return false;
}
if (!is_admin($current_user)) {
#commenting this as the the transaction is already started in vtws_changepassword
// $this->db->startTransaction();
if (!$this->verifyPassword($user_password)) {
$this->log->warn("Incorrect old password for {$usr_name}");
$this->error_string = $mod_strings['ERR_PASSWORD_INCORRECT_OLD'];
return false;
}
if ($this->db->hasFailedTransaction()) {
if ($dieOnError) {
die("error verifying old transaction[" . $this->db->database->ErrorNo() . "] " . $this->db->database->ErrorMsg());
}
return false;
}
}
$user_hash = $this->get_user_hash($new_password);
//set new password
$crypt_type = $this->DEFAULT_PASSWORD_CRYPT_TYPE;
$encrypted_new_password = $this->encrypt_password($new_password, $crypt_type);
$query = "UPDATE {$this->table_name} SET user_password=?, confirm_password=?, user_hash=?, " . "crypt_type=? where id=?";
#commenting this as the the transaction is already started in vtws_changepassword
// $this->db->startTransaction();
$this->db->pquery($query, array($encrypted_new_password, $encrypted_new_password, $user_hash, $crypt_type, $this->id));
if ($this->db->hasFailedTransaction()) {
if ($dieOnError) {
die("error setting new password: [" . $this->db->database->ErrorNo() . "] " . $this->db->database->ErrorMsg());
}
return false;
}
// Fill up the post-save state of the instance.
if (empty($this->column_fields['user_hash'])) {
$this->column_fields['user_hash'] = $user_hash;
}
$this->column_fields['user_password'] = $encrypted_new_password;
$this->column_fields['confirm_password'] = $encrypted_new_password;
$this->triggerAfterSaveEventHandlers();
return true;
}
/**
* @param string $user name - Must be non null and at least 1 character.
* @param string $user_password - Must be non null and at least 1 character.
* @param string $new_password - Must be non null and at least 1 character.
* @return boolean - If passwords pass verification and query succeeds, return true, else return false.
* @desc Verify that the current password is correct and write the new password to the DB.
* Portions created by SugarCRM are Copyright (C) SugarCRM, Inc..
* All Rights Reserved..
* Contributor(s): ______________________________________..
*/
function change_password($user_password, $new_password, $dieOnError = true)
{
$usr_name = $this->column_fields["user_name"];
global $mod_strings;
global $current_user;
$this->log->debug("Starting password change for {$usr_name}");
if (!isset($new_password) || $new_password == "") {
$this->error_string = $mod_strings['ERR_PASSWORD_CHANGE_FAILED_1'] . $user_name . $mod_strings['ERR_PASSWORD_CHANGE_FAILED_2'];
return false;
}
if (!is_admin($current_user)) {
$this->db->startTransaction();
if (!$this->verifyPassword($user_password)) {
$this->log->warn("Incorrect old password for {$usr_name}");
$this->error_string = $mod_strings['ERR_PASSWORD_INCORRECT_OLD'];
return false;
}
if ($this->db->hasFailedTransaction()) {
if ($dieOnError) {
die("error verifying old transaction[" . $this->db->database->ErrorNo() . "] " . $this->db->database->ErrorMsg());
}
return false;
}
}
$user_hash = strtolower(md5($new_password));
//set new password
$crypt_type = $this->DEFAULT_PASSWORD_CRYPT_TYPE;
$encrypted_new_password = $this->encrypt_password($new_password, $crypt_type);
$query = "UPDATE {$this->table_name} SET user_password=?, confirm_password=?, user_hash=?, " . "crypt_type=? where id=?";
$this->db->startTransaction();
$this->db->pquery($query, array($encrypted_new_password, $encrypted_new_password, $user_hash, $crypt_type, $this->id));
if ($this->db->hasFailedTransaction()) {
if ($dieOnError) {
die("error setting new password: [" . $this->db->database->ErrorNo() . "] " . $this->db->database->ErrorMsg());
}
return false;
}
$this->createAccessKey();
return true;
}
