/**
* put your comment there...
*
* @param mixed $system
* @param mixed $ugr_Name
*/
function user_ResetPassword($system, $username)
{
if ($username) {
$mysqli = $system->get_mysqli();
$user = user_getByField($mysqli, 'ugr_Name', $username);
if (null == $user) {
$user = user_getByField($system->get_mysqli(), 'ugr_Name', $username);
}
if (null == $user) {
$system->addError(HEURIST_NOT_FOUND, "It is not possible to recover password. Username / email, you specified, not found");
} else {
//do not update password if mail is not enabled
if (!checkSmtp()) {
$system->addError(HEURIST_SYSTEM_CONFIG, 'Error_Mail_Recovery');
return false;
}
$new_passwd = generate_passwd();
$record = array("ugr_ID" => $user['ugr_ID'], "ugr_Password" => hash_it($new_passwd));
$res = mysql__insertupdate($mysqli, "sysUGrps", "ugr_", $record);
if (is_numeric($res) > 0) {
$email_title = 'Password reset';
$email_text = "Dear " . $user['ugr_FirstName'] . ",\n\n" . "Your Heurist password has been reset.\n\n" . "Your username is: " . $user['ugr_Name'] . "\n" . "Your new password is: " . $new_passwd . "\n\n" . "To change your password go to Profile -> My User Info in the top right menu.\nYou will first be asked to log in with the new password above.";
$dbowner_Email = user_getDbOwner($mysqli, 'ugr_eMail');
$rv = sendEmail($user['ugr_eMail'], $email_title, $email_text, "From: " . $dbowner_Email);
if ($rv == "ok") {
return true;
} else {
$system->addError(HEURIST_SYSTEM_CONFIG, 'Error_Password_Reset', $rv);
}
} else {
$system->addError(HEURIST_DB_ERROR, 'Cannot update record in database', $res);
}
}
} else {
$system->addError(HEURIST_INVALID_REQUEST, "Username / email not defined");
//INVALID_REQUEST
}
return false;
}
/**
* Find user by name and password and keeps user info in current_User and in session
*
* @param mixed $username
* @param mixed $password
* @param mixed $session_type - public, shared, remember
*
* @return TRUE if login is success
*/
public function login($username, $password, $session_type)
{
if ($username && $password) {
//db_users
$user = user_getByField($this->mysqli, 'ugr_Name', $username);
if ($user) {
if ($user['ugr_Enabled'] != 'y') {
$this->addError(HEURIST_REQUEST_DENIED, "Your user profile is not active. Please contact database owner");
return false;
} else {
if (crypt($password, $user['ugr_Password']) == $user['ugr_Password']) {
$_SESSION[$this->dbname_full]['ugr_ID'] = $user['ugr_ID'];
$_SESSION[$this->dbname_full]['ugr_Name'] = $user['ugr_Name'];
$_SESSION[$this->dbname_full]['ugr_FullName'] = $user['ugr_FirstName'] . ' ' . $user['ugr_LastName'];
//@todo $_SESSION[$this->dbname_full]['user_access'] = $groups;
//$_SESSION[$this->dbname_full]['cookie_version'] = COOKIE_VERSION;
$time = 0;
if ($session_type == 'public') {
$time = 0;
} else {
if ($session_type == 'shared') {
$time = time() + 24 * 60 * 60;
//day
} else {
if ($session_type == 'remember') {
$time = time() + 30 * 24 * 60 * 60;
//30 days
$_SESSION[$this->dbname_full]['keepalive'] = true;
//refresh time on next entry
}
}
}
$cres = setcookie('heurist-sessionid', session_id(), $time, '/');
//, HEURIST_SERVER_NAME);
if (!$cres) {
}
//update login time in database
user_updateLoginTime($this->mysqli, $user['ugr_ID']);
//keep current user info
$user['ugr_FullName'] = $user['ugr_FirstName'] . ' ' . $user['ugr_LastName'];
$user['ugr_Password'] = '';
$user['ugr_Groups'] = user_getWorkgroups($this->mysqli, $user['ugr_ID']);
$user['ugr_Preferences'] = user_getDefaultPreferences();
$this->current_User = $user;
/*
$this->current_User = array(
'ugr_ID'=>$user['ugr_ID'],
'ugr_FullName'=>$user['ugr_FirstName'] . ' ' . $user['ugr_LastName'],
'ugr_Groups' => user_getWorkgroups( $this->mysqli, $user['ugr_ID'] ),
'ugr_Preferences' => user_getPreferences() );
*/
//header('Location: http://localhost/h4/index.php?db='.$this->dbname);
//vsn 3 backward capability
$h3session = $this->dbname_full . '.heurist';
$_SESSION[$h3session]['cookie_version'] = 1;
$_SESSION[$h3session]['user_name'] = $user['ugr_Name'];
$_SESSION[$h3session]['user_realname'] = $user['ugr_FullName'];
$_SESSION[$h3session]['user_id'] = $user['ugr_ID'];
$_SESSION[$h3session]['user_access'] = $user['ugr_Groups'];
$_SESSION[$h3session]['keepalive'] = $session_type == 'remember';
return true;
} else {
$this->addError(HEURIST_REQUEST_DENIED, "Password is incorrect");
return false;
}
}
} else {
$this->addError(HEURIST_REQUEST_DENIED, "User name is incorrect");
return false;
}
} else {
$this->addError(HEURIST_INVALID_REQUEST, "Username / password not defined");
//INVALID_REQUEST
return false;
}
}
