function perform() { // fetch the data $this->_userName = $this->_request->getValue("userName"); $this->_userEmail = $this->_request->getValue("userEmail"); // try to see if there is a user who has this username and uses the // given mailbox as the email address $users = new Users(); $userInfo = $users->getUserInfoFromUsername($this->_userName); // if the user doesn't exist, quit if (!$userInfo) { $this->_view = new SummaryView("resetpassword"); $this->_form->setFieldValidationStatus("userName", false); $this->setCommonData(true); return false; } // if the user exists but this is not his/her mailbox, then quit too if ($userInfo->getEmail() != $this->_userEmail) { $this->_view = new SummaryView("resetpassword"); $this->_form->setFieldValidationStatus("userEmail", false); $this->setCommonData(true); return false; } // if everything's fine, then send out the email message with a request to // reset the password $requestHash = SummaryTools::calculatePasswordResetHash($userInfo); $config =& Config::getConfig(); $baseUrl = $config->getValue("base_url"); $resetUrl = $baseUrl . "/summary.php?op=setNewPassword&a={$requestHash}&b=" . md5($userInfo->getUsername()); SummaryTools::sendResetEmail($userInfo, $resetUrl); $this->_view = new SummaryMessageView($this->_locale->tr("password_reset_message_sent_ok")); $this->setCommonData(); return true; }
function verifyRequest($userNameHash, $requestHash) { // make sure that the request is correct $users = new Users(); // it's not a good idea to do this but it makes things a bit easier... $prefix = $users->getPrefix(); $query = "SELECT u.id AS id, u.user AS user, u.password AS password, u.email AS email, \n\t\t\t u.about AS about, u.full_name AS full_name, u.properties AS properties, \n\t\t\t\t\t IF(p.permission_id = 1, 1, 0 ) AS site_admin, u.resource_picture_id AS resource_picture_id,\n\t\t\t\t\t u.status AS status\n\t\t\t\t\t FROM {$prefix}users u LEFT JOIN {$prefix}users_permissions p ON u.id = p.user_id \n\t\t\t\t\t WHERE MD5(u.user) = '" . Db::qstr($userNameHash) . "'"; $userInfo = $users->_getUserInfoFromQuery($query); // try to see if we can load the user... if (!$userInfo) { return false; } // and if so, validate the hash $originalRequestHash = SummaryTools::calculatePasswordResetHash($userInfo); if ($requestHash != $originalRequestHash) { return false; } return $userInfo; }