/** * Set the new password * Please note that this happens while the user is not logged in. The user identifies via the data provided by the * password reset link from the email, automatically filled into the <form> fields. See verifyPasswordReset() * for more. Then (regardless of result) route user to index page (user will get success/error via feedback message) * POST request ! * TODO this is an _action */ public function setNewPassword() { PasswordResetModel::setNewPassword(Request::post('user_name'), Request::post('user_password_reset_hash'), Request::post('user_password_new'), Request::post('user_password_repeat')); Redirect::to('login/index'); }
/** * Writes the new password to the database * * @param string $user_name username * @param string $user_password_hash * @param string $user_password_reset_hash * * @return bool */ public static function saveNewUserPassword($user_name, $user_password_hash, $user_password_reset_hash) { if (self::$saveNewPasswordQuery === null) { self::$saveNewPasswordQuery = DatabaseFactory::getFactory()->getConnection()->prepare("UPDATE users SET user_password_hash = :user_password_hash, user_password_reset_hash = NULL,\n user_password_reset_timestamp = NULL\n WHERE user_name = :user_name AND user_password_reset_hash = :user_password_reset_hash\n AND user_provider_type = :user_provider_type LIMIT 1"); } self::$saveNewPasswordQuery->execute(array(':user_password_hash' => $user_password_hash, ':user_name' => $user_name, ':user_password_reset_hash' => $user_password_reset_hash, ':user_provider_type' => 'DEFAULT')); // if one result exists, return true, else false. Could be written even shorter btw. return self::$saveNewPasswordQuery->rowCount() == 1 ? true : false; }
/** * Set the new password (for DEFAULT user, FACEBOOK-users don't have a password) * Please note: At this point the user has already pre-verified via verifyPasswordReset() (within one hour), * so we don't need to check again for the 60min-limit here. In this method we authenticate * via username & password-reset-hash from (hidden) form fields. * * @param string $user_name * @param string $user_password_reset_hash * @param string $user_password_new * @param string $user_password_repeat * * @return bool success state of the password reset */ public static function setNewPassword($user_name, $user_password_reset_hash, $user_password_new, $user_password_repeat) { // validate the password if (!self::validateNewPassword($user_name, $user_password_reset_hash, $user_password_new, $user_password_repeat)) { return false; } // crypt the password (with the PHP 5.5+'s password_hash() function, result is a 60 character hash string) $user_password_hash = password_hash($user_password_new, PASSWORD_DEFAULT); // write the password to database (as hashed and salted string), reset user_password_reset_hash if (PasswordResetModel::saveNewUserPassword($user_name, $user_password_hash, $user_password_reset_hash)) { Session::add('feedback_positive', Text::get('FEEDBACK_PASSWORD_CHANGE_SUCCESSFUL')); return true; } else { Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_CHANGE_FAILED')); return false; } }
/** * Password Change Action * Submit form, if retured positive redirect to index, otherwise show the changePassword page again */ public function changePassword_action() { $result = PasswordResetModel::changePassword(Session::get('user_name'), Request::post('user_password_current'), Request::post('user_password_new'), Request::post('user_password_repeat')); if ($result) { Redirect::to('login/index'); } else { Redirect::to('login/changePassword'); } }
require_once __DIR__ . '/../classes/SessionWrapper.php'; Tools::startSession(); $email1 = Request::get('email'); $code1 = Request::get('code'); if (empty($email1) || empty($code1)) { // redirect to the home page header("HTTP/1.0 301 Moved Permanently"); header("Location: " . Tools::getBaseUrl()); exit; } SessionWrapper::clearFeedback(); $verified = PasswordResetModel::verifyPasswordReset($email1, $code1); if ($verified) { SessionWrapper::clearFeedback(); if (!empty($_POST)) { $reset = PasswordResetModel::setNewPassword($email1, $code1, $_POST['user_password_new'], $_POST['user_password_repeat']); } } $headerMeta = array('es' => array('title' => 'Reestablecer contraseña'), 'en' => array('title' => 'Reset password')); $headerResources = ' <link href="' . Tools::getBaseUrl() . '/css/style-registro.css" rel="stylesheet" />'; require_once '../header.php'; ?> <main class="text-center"> <?php if ($verified) { if (!$reset) { ?> <form id="register_form" method="post"> <h1><?php