/** * Perform the necessary actions to send a password reset mail * * @param $user_name_or_email string Username or user's email * @param $captcha string Captcha string * * @return bool success status */ public static function requestPasswordReset($user_name_or_email, $captcha) { if (!CaptchaModel::checkCaptcha($captcha)) { Session::add('feedback_negative', Text::get('FEEDBACK_CAPTCHA_WRONG')); return false; } if (empty($user_name_or_email)) { Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_EMAIL_FIELD_EMPTY')); return false; } // check if that username exists $result = UserModel::getUserDataByUserNameOrEmail($user_name_or_email); if (!$result) { Session::add('feedback_negative', Text::get('FEEDBACK_USER_DOES_NOT_EXIST')); return false; } // generate integer-timestamp (to see when exactly the user (or an attacker) requested the password reset mail) // generate random hash for email password reset verification (40 char string) $temporary_timestamp = time(); $user_password_reset_hash = sha1(uniqid(mt_rand(), true)); // set token (= a random hash string and a timestamp) into database ... $token_set = self::setPasswordResetDatabaseToken($result->user_name, $user_password_reset_hash, $temporary_timestamp); if (!$token_set) { return false; } // ... and send a mail to the user, containing a link with username and token hash string $mail_sent = self::sendPasswordResetMail($result->user_name, $user_password_reset_hash, $result->user_email); if ($mail_sent) { return true; } // default return return false; }
/** * Validates the registration input * * @param $captcha * @param $user_name * @param $user_password_new * @param $user_password_repeat * @param $user_email * @param $user_email_repeat * * @return bool */ public static function registrationInputValidation($captcha, $user_name, $user_password_new, $user_password_repeat, $user_email, $user_email_repeat) { $return = true; // perform all necessary checks if (!CaptchaModel::checkCaptcha($captcha)) { Session::add('feedback_negative', Text::get('FEEDBACK_CAPTCHA_WRONG')); $return = false; } // if username, email and password are all correctly validated, but make sure they all run on first sumbit if (self::validateUserName($user_name) && self::validateUserEmail($user_email, $user_email_repeat) && self::validateUserPassword($user_password_new, $user_password_repeat) && $return) { return true; } // otherwise, return false return false; }