public function lostPassAction() { if (BTAuth::logged_in()) { header('location: /overview'); BTApp::end(); } if (isset($_POST['cancel']) && $_POST['cancel']) { header("Location: /login"); BTApp::end(); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $mysql['user_name'] = $_POST['user_name']; $mysql['email'] = $_POST['email']; $user_row = UserModel::model()->getRow(array('conditions' => array('email' => $_POST['email']))); if ($user_row && $user_row->get('user_name') != $_POST['user_name']) { $user_row = null; } if (!$user_row) { $error['user'] = '******'; } //i there isn't any error, give this user, a new password, and email it to them! if (!$error) { $mysql['user_id'] = $user_row->id(); //generate random key $pass_key = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $pass_key = substr(str_shuffle($pass_key), 0, 40) . time(); $mysql['pass_key'] = $pass_key; //set the user pass time $mysql['pass_time'] = time(); //insert this verification key into the database, and the timestamp of inserting it $user_row->pass_key = $mysql['pass_key']; $user_row->pass_time = $mysql['pass_time']; $user_row->save(); //now email the user the script to reset their email $to = $_POST['email']; $subject = "Ballistic Tracking Password Reset"; $message = "\n\t\t<p>Someone has asked to reset the password for the following username.</p>\n\t\t\t\t\n\t\t<p>Username: "******"</p>\n\t\t\n\t\t<p>To reset your password visit the following address, otherwise just ignore this email and nothing will happen.</p>\n\t\t\n\t\t<p><a href=\"" . getBTUrl() . "/login/passReset?key={$pass_key}\">" . getBTUrl() . "/login/passReset?key={$pass_key}</a></p>"; $from = "ballistictracking@" . $_SERVER['SERVER_NAME']; $header = "From: Ballistic Tracking<" . $from . "> \r\n"; $header .= "Reply-To: " . $from . " \r\n"; $header .= "To: " . $to . " \r\n"; $header .= "Content-Type: text/html; charset=\"iso-8859-1\" \r\n"; $header .= "Content-Transfer-Encoding: 8bit \r\n"; $header .= "MIME-Version: 1.0 \r\n"; mail($to, $subject, $message, $header); $success = true; } $html['user_name'] = BTHtml::encode($_POST['user_name']); $html['email'] = BTHtml::encode($_POST['email']); } $this->setVar("title", "Reset Your Password"); $this->loadTemplate("public_header"); $this->setVar("success", $success); $this->setVar("html", $html); $this->setVar("error", $error); $this->loadView("login/lostpass"); $this->loadTemplate("public_footer"); }
public static function require_user() { if (BTAuth::logged_in() == false) { if (IS_AJAX) { //is datatables request if (isset($_GET['sEcho'])) { $sEcho = $_GET['sEcho']; $cols = $_GET['iColumns']; $data = array('sEcho' => (int) $sEcho, 'iTotalRecords' => 1, 'iTotalDisplayRecords' => 1, 'aaData' => array()); $arr = array('Your session has timed out. Please log back in.'); for ($i = 1; $i < $cols; $i++) { //ensures we return correct # of cols. No super important since datatables is forgiving in this respect. $arr[] = ''; } $data['aaData'][] = $arr; echo json_encode($data); BTApp::end(); } else { echo "Your session has timed out. Please log back in."; BTApp::end(); } return false; } else { header("Location: /logout"); BTApp::end(); } } if (!self::$user) { $user = UserModel::model()->getRowFromPk(self::$_authUserId, true); if (!$user) { header("Location: /"); BTApp::end(); //what else are we gonna do? Call the ghostbusters? } //this is always the authed user self::$_authUser = $user; if ($user->isAdmin()) { if (isset($_COOKIE['user_inject'])) { $id = $_COOKIE['user_inject']; $tmpuser = UserModel::model()->getRowFromPk($id, true); if ($user->isAdmin()) { //always allow admin self::$user = $tmpuser; } } } if (!self::$user) { //this is the auth user or a subuser (if authed user is admin) self::$user = $user; } } date_default_timezone_set(self::$user->get('timezone')); return true; }