public static function hook_start() { if (!BackendUser::check()) { if (PersistUser::check()) { Controller::redirect(); } } }
/** * @todo Refactor this so that an admin user can do backend_user/change_password/$username/$new_password */ public function post_change_password() { $current = Controller::getVar('current_password'); $password = Controller::getVar('password'); $confirm = Controller::getVar('confirm_password'); if ($confirm != $password) { Backend::addError('New password doesn\'t match'); return false; } if (!($user = self::check())) { Backend::addError('Invalid User (Anonymous)'); return false; } $userObj = self::getObject(get_class($this), $user->id); if (!$userObj->array) { Backend::addError('Invalid User'); return false; } list($query, $params) = self::authenticate($user->username, $current, true); if (!$query->fetchAssoc($params)) { Backend::addError('Incorrect current password provided'); return false; } if (!$userObj->update(array('password' => $password))) { Backend::addError('Could not update password'); return false; } //Reread the user $userObj->read(array('query' => $query, 'parameters' => $params, 'mode' => 'object')); if ($userObj->object) { session_regenerate_id(); $_SESSION['BackendUser'] = $userObj->object; if (Component::isActive('PersistUser')) { PersistUser::remember($userObj->object); } } return true; }