public static function hook_start()
{
if (!BackendUser::check()) {
if (PersistUser::check()) {
Controller::redirect();
}
}
}
/**
* @todo Refactor this so that an admin user can do backend_user/change_password/$username/$new_password
*/
public function post_change_password()
{
$current = Controller::getVar('current_password');
$password = Controller::getVar('password');
$confirm = Controller::getVar('confirm_password');
if ($confirm != $password) {
Backend::addError('New password doesn\'t match');
return false;
}
if (!($user = self::check())) {
Backend::addError('Invalid User (Anonymous)');
return false;
}
$userObj = self::getObject(get_class($this), $user->id);
if (!$userObj->array) {
Backend::addError('Invalid User');
return false;
}
list($query, $params) = self::authenticate($user->username, $current, true);
if (!$query->fetchAssoc($params)) {
Backend::addError('Incorrect current password provided');
return false;
}
if (!$userObj->update(array('password' => $password))) {
Backend::addError('Could not update password');
return false;
}
//Reread the user
$userObj->read(array('query' => $query, 'parameters' => $params, 'mode' => 'object'));
if ($userObj->object) {
session_regenerate_id();
$_SESSION['BackendUser'] = $userObj->object;
if (Component::isActive('PersistUser')) {
PersistUser::remember($userObj->object);
}
}
return true;
}