public function resetPassword($login = null, $lostKey = null, $lostTime = null) { $r = Auth::userCanChangeHisPassword($login, $lostKey, $lostTime); $passwordIsChanged = false; if ($r === true) { $urlForm = "../../index.php/Users/resetPassword?login="******"&lostKey=" . urlencode($lostKey) . "&lostTime=" . urlencode($lostTime); # Save the new password if (!empty($_POST)) { # Test params isset($_POST['login']) ? $login = $_POST['login'] : ($login = null); isset($_POST['new_password']) ? $newPassword = $_POST['new_password'] : ($newPassword = null); isset($_POST['new_password']) ? $new_password_confirm = $_POST['new_password_confirm'] : ($new_password_confirm = null); # Get user id $userId = UsersManagement::getUserIdByLogin($login); # test if it is ok if ($userId !== null && $newPassword !== null && $newPassword == $new_password_confirm && Util::checkPasswordLength($newPassword)) { $db = DbUtil::accessFactory(); if (!$db->execute("UPDATE users SET password = '******' WHERE id = '" . $userId . "'")) { $message = __('Please reconfirm your password'); $isError = true; } else { $message = __('Your password have been changed'); $isError = false; $passwordIsChanged = true; Auth::removeForgotPasswordState($login); # Now reset the lostKey (for security) } } else { $message = __('Please reconfirm your password'); $isError = true; } //var_dump($_POST); } else { # Display the form to change password # Get Avaliable Langue //$availableLanguages = Util::getAvailableLanguages(); //$userLanguage = Auth::getLanguage(); } require_once DefaultFC::getView('changepassword.tpl'); } else { if ($r == -1) { die(__('Authorized time to change your password has expired, please restart the "forgot your password" process from the portal UI.')); } else { die(__('You are not authorized to view this page.')); } } }
public static function userCanChangeHisPassword($login, $lostKey, $lostTime) { # Verify if the login exists $db = DbUtil::accessFactory(); $login = urldecode($login); $login = $db->db_escape_string($login); $lostKey = $db->db_escape_string($lostKey); $lostTime = $db->db_escape_string($lostTime); $userId = UsersManagement::getUserIdByLogin($login); # If login exists fill db with lost key and timestamp if ($userId !== null) { $currentTime = time(); $thresholdHour = VALIDE_LOST_KEY_PERIOD; # 2h $threshold = 3600 * $thresholdHour; # number of seconde # Store the state $rs = $db->select('SELECT * FROM `users` WHERE `id` = \'' . $userId . '\' AND `lostKey` = \'' . $lostKey . '\' AND `lostTime` = \'' . $lostTime . '\''); // var_dump($rs->count()); // var_dump($threshold); // var_dump($currentTime - $lostTime); if ($rs->count() == 1) { if ($currentTime - $lostTime < $threshold) { return true; } else { return -1; } # -1 means that the time is over } else { return false; } } else { return false; } }
public function addDefaultWidget($username) { $userId = UsersManagement::getUserIdByLogin($username); WidgetSpace::loadWidgetSpace($userId, DEFAULT_WIDGET_SPACE_ON_SIGNIN); }