function getAccount() { if ($this->_account === false) { $this->_account = ClientAccount::lookup(array('user_id' => $this->getId())); } return $this->_account; }
function signOn($errors = array()) { global $ost; if (!isset($_GET['token'])) { return false; } elseif (!($_config = new Config('pwreset'))) { return false; } elseif (!($id = $_config->get($_GET['token']))) { return false; } elseif (!($acct = ClientAccount::lookup(array('user_id' => $id))) || !$acct->getId() || $id != $acct->getUserId() || !($client = new ClientSession(new EndUser($acct->getUser())))) { return false; } else { return $client; } }
break; case 'reset': $inc = 'pwreset.login.php'; $errors = array(); if ($client = UserAuthenticationBackend::processSignOn($errors)) { Http::redirect('index.php'); } elseif (isset($errors['msg'])) { $banner = $errors['msg']; } break; } } elseif ($_GET['token']) { $banner = __('Re-enter your username or email'); $inc = 'pwreset.login.php'; $_config = new Config('pwreset'); if (($id = $_config->get($_GET['token'])) && ($acct = ClientAccount::lookup(array('user_id' => $id)))) { if (!$acct->isConfirmed()) { $inc = 'register.confirmed.inc.php'; $acct->confirm(); // TODO: Log the user in if ($client = UserAuthenticationBackend::processSignOn($errors)) { if ($acct->hasPassword() && !$acct->get('backend')) { $acct->cancelResetTokens(); } else { $_SESSION['_client']['reset-token'] = $_GET['token']; $acct->forcePasswdReset(); } Http::redirect('account.php?confirmed'); } } } elseif ($id && ($user = User::lookup($id))) {
$errors = array(); if ($client = UserAuthenticationBackend::processSignOn($errors)) { Http::redirect('index.php'); } elseif (isset($errors['msg'])) { $banner = $errors['msg']; } break; } } elseif ($_GET['token']) { $banner = __('Re-enter your username or email'); $inc = 'pwreset.login.php'; $_config = new Config('pwreset'); if (($id = $_config->get($_GET['token'])) && ($acct = ClientAccount::lookup(array('user_id'=>$id)))) { if (!$acct->isConfirmed()) { $inc = 'register.confirmed.inc.php'; $acct->confirm(); // TODO: Log the user in if ($client = UserAuthenticationBackend::processSignOn($errors)) { if ($acct->hasPassword() && !$acct->get('backend')) { $acct->cancelResetTokens(); } // No password setup yet -- force one to be created else { $_SESSION['_client']['reset-token'] = $_GET['token']; $acct->forcePasswdReset(); } Http::redirect('account.php?confirmed'); }