function Handle($Request)
{
header("Cache-Control: no-store, no-cache, must-revalidate, no-transform, max-age=0, post-check=0, pre-check=0");
header("Pragma: no-cache");
$userSession = new phpsec\Session();
$sessionID = $userSession->existingSession();
if ($sessionID != FALSE) {
$userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
return require_once __DIR__ . "/../../view/default/user/index.php";
} else {
$newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/home";
header("Location: {$newLocation}");
}
}
function Handle($Request)
{
try {
$userSession = new phpsec\Session();
$sessionID = $userSession->existingSession();
if ($sessionID != FALSE) {
if (isset($_POST['submit'])) {
$userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
if (isset($_POST['_x_oldpass']) && $_POST['_x_oldpass'] != "" && isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['repass']) && $_POST['repass'] != "") {
$config = (require_once __DIR__ . "/../../config/config.php");
if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
$this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
if ($config['PASSWORD_SUGGESTION'] === "ON") {
$this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
}
if ($_POST['pass'] !== $_POST['repass']) {
$this->error .= "Your Password and Re-Type Password fields do not match. Please enter the same password twice." . "<BR>";
return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
}
try {
$userObj = phpsec\UserManagement::logIn($userID, $_POST['_x_oldpass']);
$userObj->resetPassword($_POST['_x_oldpass'], $_POST['pass']);
$this->info .= "Your password have been changed successfully." . "<BR>";
} catch (phpsec\WrongPasswordException $e) {
if ($config['BRUTE_FORCE_DETECTION'] === "ON") {
try {
new phpsec\AdvancedPasswordManagement($userID, $_POST['pass'], TRUE);
} catch (phpsec\BruteForceAttackDetectedException $ex) {
\phpsec\User::lockAccount($userID);
$this->error .= "Brute Force Attack detected on this account. This account has now been locked. If its not your fault, then please contact the administrator." . "<BR>";
}
}
$this->error .= "Your old password does not seems correct. Please enter your old password for verification." . "<BR>";
}
} else {
$this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
}
}
} else {
$this->error .= "You are not logged-in. Please login to complete the operation." . "<BR>";
$newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/login";
header("Location: {$newLocation}");
}
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
}
function Handle($Request)
{
try {
$userSession = new phpsec\Session();
$sessionID = $userSession->existingSession();
if ($sessionID != FALSE) {
if (isset($_POST['submit'])) {
if (isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['repass']) && $_POST['repass'] != "") {
$config = (require_once __DIR__ . "/../../config/config.php");
if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
$this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
if ($config['PASSWORD_SUGGESTION'] === "ON") {
$this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/newpassword.php";
}
if ($_POST['pass'] !== $_POST['repass']) {
$this->error .= "Your Password and Re-Type Password fields do not match. Please enter the same password twice." . "<BR>";
return require_once __DIR__ . "/../../view/default/user/newpassword.php";
}
$userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
if ($userID !== FALSE) {
$userObj = phpsec\UserManagement::forceLogIn($userID);
if ($userObj->forceResetPassword($_POST['pass'])) {
$this->info .= "Your Password has been changed successfully." . "<BR>";
} else {
$this->error .= "We encountered an error. Please re-try later!" . "<BR>";
}
} else {
$userSession->destroySession();
$this->error .= "Your session seems to be invalid. Cannot proceed!!" . "<BR>";
}
} else {
$this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
}
}
} else {
$this->error .= "Seems you should not be accessing this page!" . "<BR>";
$newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/login";
header("Location: {$newLocation}");
}
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/newpassword.php";
}
function Handle($Request)
{
try {
$userSession = new phpsec\Session();
$sessionID = $userSession->existingSession();
if ($sessionID != FALSE) {
$userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
$userObj = phpsec\UserManagement::forceLogIn($userID);
phpsec\UserManagement::logOut($userObj);
} else {
phpsec\User::deleteAuthenticationToken();
}
$this->info .= "You are now logged out." . "<BR>";
$nextURL = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/home";
header("Location: {$nextURL}");
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
$lastURL = $_SERVER['HTTP_REFERER'];
header("Location: {$lastURL}");
}
}