function perform()
{
// fetch the data
$this->_userName = $this->_request->getValue("userName");
$this->_userEmail = $this->_request->getValue("userEmail");
// try to see if there is a user who has this username and uses the
// given mailbox as the email address
$users = new Users();
$userInfo = $users->getUserInfoFromUsername($this->_userName);
// if the user doesn't exist, quit
if (!$userInfo) {
$this->_view = new SummaryView("resetpassword");
$this->_form->setFieldValidationStatus("userName", false);
$this->setCommonData(true);
return false;
}
// if the user exists but this is not his/her mailbox, then quit too
if ($userInfo->getEmail() != $this->_userEmail) {
$this->_view = new SummaryView("resetpassword");
$this->_form->setFieldValidationStatus("userEmail", false);
$this->setCommonData(true);
return false;
}
// if everything's fine, then send out the email message with a request to
// reset the password
$requestHash = SummaryTools::calculatePasswordResetHash($userInfo);
$config =& Config::getConfig();
$baseUrl = $config->getValue("base_url");
$resetUrl = $baseUrl . "/summary.php?op=setNewPassword&a={$requestHash}&b=" . md5($userInfo->getUsername());
SummaryTools::sendResetEmail($userInfo, $resetUrl);
$this->_view = new SummaryMessageView($this->_locale->tr("password_reset_message_sent_ok"));
$this->setCommonData();
return true;
}
function perform()
{
$this->_userNameHash = $this->_request->getValue("b");
$this->_requestHash = $this->_request->getValue("a");
$this->_newPassword = $this->_request->getValue("newPassword");
$this->_retypeNewPassword = $this->_request->getValue("retypePassword");
$this->_userId = $this->_request->getValue("userId");
// check if the passwords are correct and are the same
if ($this->_newPassword != $this->_retypeNewPassword) {
$this->_view = new SummaryView("changepassword");
$this->_view->setErrorMessage($this->_locale->tr("error_passwords_do_not_match"));
$this->setCommonData(true);
return false;
}
$userInfo = SummaryTools::verifyRequest($this->_userNameHash, $this->_requestHash);
if (!$userInfo) {
$this->_view = new SummaryView("summaryerror");
$this->_view->setErrorMessage($this->_locale->tr("error_incorrect_request"));
$this->setCommonData(true);
return false;
}
// so if everything went fine, we can *FINALLY* change the password!
$users = new Users();
$userInfo->setPassword($this->_newPassword);
$users->updateUser($userInfo);
$this->_view = new SummaryView("message");
$this->_view->setSuccessMessage($this->_locale->tr("password_updated_ok"));
return true;
}
function perform()
{
// make sure that the request is correct
$userInfo = SummaryTools::verifyRequest($this->_userNameHash, $this->_requestHash);
if (!$userInfo) {
$this->_view = new SummaryView("summaryerror");
$this->_view->setErrorMessage($this->_locale->tr("error_incorrect_request"));
return false;
}
// so if everything went fine, we can now show a form to allow the user to finally
// set a new password...
$this->_view = new SummaryView("changepassword");
$this->_view->setValue("a", $this->_requestHash);
$this->_view->setValue("b", $this->_userNameHash);
$this->_view->setValue("userId", $userInfo->getId());
$this->setCommonData();
return true;
}
function verifyRequest($userNameHash, $requestHash)
{
// make sure that the request is correct
$users = new Users();
// it's not a good idea to do this but it makes things a bit easier...
$prefix = $users->getPrefix();
$query = "SELECT u.id AS id, u.user AS user, u.password AS password, u.email AS email, \n\t\t\t u.about AS about, u.full_name AS full_name, u.properties AS properties, \n\t\t\t\t\t IF(p.permission_id = 1, 1, 0 ) AS site_admin, u.resource_picture_id AS resource_picture_id,\n\t\t\t\t\t u.status AS status\n\t\t\t\t\t FROM {$prefix}users u LEFT JOIN {$prefix}users_permissions p ON u.id = p.user_id \n\t\t\t\t\t WHERE MD5(u.user) = '" . Db::qstr($userNameHash) . "'";
$userInfo = $users->_getUserInfoFromQuery($query);
// try to see if we can load the user...
if (!$userInfo) {
return false;
}
// and if so, validate the hash
$originalRequestHash = SummaryTools::calculatePasswordResetHash($userInfo);
if ($requestHash != $originalRequestHash) {
return false;
}
return $userInfo;
}
