/** * * @param PCRequest $request * @return \PCRendererJSON */ public function changePasswordAction($request) { $auth = $request->getAuthHandler(); if ($auth->isAuthorized() == false) { return new PCRendererJSON(array("error" => "not authorized"), 401); } $user = PCModelUser::getCurrentUser(); $attributes = $request->getParams(); $oldPass = $attributes['oldPass']; $newPass = $attributes['newPass']; if (PCMapperUser::validatePassword($newPass) == FALSE) { return new PCRendererJSON(array("error" => "new password is not valid"), 400); } if (strcmp($oldPass, $newPass) == 0) { return new PCRendererJSON(array("error" => "old password and new password are equals"), 400); } $oldPassHash = PCAuth::computeHashForString($oldPass); $newPassHash = PCAuth::computeHashForString($newPass); if (PCMapperUser::changePasswordForUser($user, $newPassHash, $oldPassHash)) { return new PCRendererJSON(array("result" => "Password changed!!!"), 200); } return new PCRendererJSON(array("error" => "wrong password"), 400); }
/** * Crea una nuova password(aggiorna il db) e la restituisce. restituisce false in caso negativo * @param PCModelUser $user_id l' id dell' utente * @param string $hash l' hash inviato dall'utente * @param PCModelUser * @return boolean|string */ public static function handleRepassRequest($user_id, $hash, &$user_to_ret) { $keys = array('request_hash'=>$hash, 'user_id'=>$user_id); $items = PCModelManager::fetchModelObjectInstances(PCModelRepass::getMapper(), $keys, NULL, TRUE); if (count($items) <= 0) { return FALSE; } $item = $items[0]; if ($item == NULL || $item->isExpired()) { c_dump("SCADUTA"); return FALSE; } $bindigngs = array(":h" => $hash, ":user"=> $user_id); PCModelManager::deleteObject(PCModelRepass::getMapper(), "request_hash = :h AND user_id = :user", $bindigngs); $newPwd = PCMapperRepass::rand_password(8); $model_user = PCModelManager::fetchObjectWithIdentifier(PCModelUser::getMapper(), $item->getUser_id(), NULL, TRUE); if($model_user == NULL){ $id = $item->getUser_id(); error_log("User non presente (user_id: $id )"); return FALSE; } $newPwdHash = PCAuth::computeHashForString($newPwd); if(PCMapperUser::changePasswordForUser($model_user, $newPwdHash) == FALSE){ return FALSE; } $user_to_ret = $model_user; return $newPwd; }