function signOn($errors = array()) { global $ost; if (!isset($_POST['userid']) || !isset($_POST['token'])) { return false; } elseif (!($_config = new Config('pwreset'))) { return false; } elseif (($staff = new StaffSession($_POST['userid'])) && !$staff->getId()) { $errors['msg'] = __('Invalid user-id given'); } elseif (!($id = $_config->get($_POST['token'])) || $id != $staff->getId()) { $errors['msg'] = __('Invalid reset token'); } elseif (!($ts = $_config->lastModified($_POST['token'])) && $ost->getConfig()->getPwResetWindow() < time() - strtotime($ts)) { $errors['msg'] = __('Invalid reset token'); } elseif (!$staff->forcePasswdRest()) { $errors['msg'] = __('Unable to reset password'); } else { return $staff; } }
} } else { $msg = 'Unable to verify username ' . Format::htmlchars($_POST['userid']); } break; case 'newpasswd': // TODO: Compare passwords $tpl = 'pwreset.login.php'; $_config = new Config('pwreset'); if (($staff = new StaffSession($_POST['userid'])) && !$staff->getId()) { $msg = 'Invalid user-id given'; } elseif (!($id = $_config->get($_POST['token'])) || $id != $staff->getId()) { $msg = 'Invalid reset token'; } elseif (!($ts = $_config->lastModified($_POST['token'])) && $ost->getConfig()->getPwResetWindow() < time() - strtotime($ts)) { $msg = 'Invalid reset token'; } elseif (!$staff->forcePasswdRest()) { $msg = 'Unable to reset password'; } else { $info = array('page' => 'index.php'); Signal::send('auth.pwreset.login', $staff, $info); Staff::_do_login($staff, $_POST['userid']); $_SESSION['_staff']['reset-token'] = $_POST['token']; header('Location: ' . $info['page']); exit; } break; } } elseif ($_GET['token']) { $msg = 'Re-enter your username or email'; $_config = new Config('pwreset'); if (($id = $_config->get($_GET['token'])) && ($staff = Staff::lookup($id))) {