/**
* Process the "change password" submission.
*
* @param \VuFind\Db\Row\User $user Logged in user
* @param \VuFind\Db\Row\UserCard $card Library card
*
* @return object|bool Response object if redirect is needed, false if form
* needs to be redisplayed.
*/
protected function processPasswordChange($user, $card)
{
$post = $this->getRequest()->getPost();
$userFromHash = isset($post->hash) ? $this->getTable('User')->getByVerifyHash($post->hash) : false;
$oldPassword = $this->params()->fromPost('oldpwd', '');
$password = $this->params()->fromPost('password', '');
$password2 = $this->params()->fromPost('password2', '');
// Validate new password
try {
$ilsAuth = $this->getServiceLocator()->get('VuFind\\AuthPluginManager')->get('ILS');
$ilsAuth->validatePasswordInUpdate(['password' => $password, 'password2' => $password2]);
} catch (AuthException $e) {
$this->flashMessenger()->addMessage($e->getMessage(), 'error');
return false;
}
// Missing or invalid hash
if (false == $userFromHash) {
$this->flashMessenger()->addMessage('recovery_user_not_found', 'error');
return false;
} elseif ($userFromHash->username !== $user->username) {
$this->flashMessenger()->addMessage('authentication_error_invalid', 'error');
return false;
}
// Connect to the ILS and check that the credentials are correct:
$catalog = $this->getILS();
$patron = $catalog->patronLogin($card->cat_username, $oldPassword);
if (!$patron) {
$this->flashMessenger()->addMessage('authentication_error_invalid', 'error');
return false;
}
$result = $catalog->changePassword(['patron' => $patron, 'oldPassword' => $oldPassword, 'newPassword' => $password]);
if (!$result['success'] && $result['status'] == 'authentication_error_invalid' && !empty($oldPassword)) {
// Try again with empty old password just in case this was a user that
// was logged in with the fallback login field
$result = $catalog->changePassword(['patron' => $patron, 'oldPassword' => '', 'newPassword' => $password]);
}
if (!$result['success']) {
$this->flashMessenger()->addMessage($result['status'], 'error');
return false;
}
$user->saveLibraryCard($card->id, $card->card_name, $card->cat_username, $password);
if ($user->cat_username === $card->cat_username) {
$user->saveCredentials($card->cat_username, $password);
}
$user->updateHash();
$this->flashMessenger()->addSuccessMessage('new_password_success');
return $this->redirect()->toRoute('librarycards-home');
}
/**
* Process the "change password" submission.
*
* @param \VuFind\Db\Row\User $user Logged in user
* @param \VuFind\Db\Row\UserCard $card Library card
*
* @return object|bool Response object if redirect is needed, false if form
* needs to be redisplayed.
*/
protected function processPasswordChange($user, $card)
{
$post = $this->getRequest()->getPost();
$userFromHash = isset($post->hash) ? $this->getTable('User')->getByVerifyHash($post->hash) : false;
$oldPassword = $this->params()->fromPost('oldpwd', '');
$password = $this->params()->fromPost('password', '');
$password2 = $this->params()->fromPost('password2', '');
if ($oldPassword === '' || $password === '' || $password2 === '') {
$this->flashMessenger()->addMessage('authentication_error_blank', 'error');
return false;
}
// Missing or invalid hash
if (false == $userFromHash) {
$this->flashMessenger()->addMessage('recovery_user_not_found', 'error');
return false;
} elseif ($userFromHash->username !== $user->username) {
$this->flashMessenger()->addMessage('authentication_error_invalid', 'error');
return false;
}
// Connect to the ILS and check that the credentials are correct:
$catalog = $this->getILS();
$patron = $catalog->patronLogin($card->cat_username, $oldPassword);
if (!$patron) {
$this->flashMessenger()->addMessage('authentication_error_invalid', 'error');
return false;
}
if ($password !== $password2) {
$this->flashMessenger()->addMessage('Passwords do not match', 'error');
return false;
}
$result = $catalog->changePassword(['patron' => $patron, 'oldPassword' => $oldPassword, 'newPassword' => $password]);
if (!$result['success']) {
$this->flashMessenger()->addMessage($result['status'], 'error');
return false;
}
$user->saveLibraryCard($card->id, $card->card_name, $card->cat_username, $password);
if ($user->cat_username === $card->cat_username) {
$user->saveCredentials($card->cat_username, $password);
}
$user->updateHash();
$this->flashMessenger()->addMessage('new_password_success', 'info');
return $this->redirect()->toRoute('librarycards-home');
}
