/** * checkDefaultPassword function that checks if the currently logged in user is using a default password. Sets a session message which is displayed when the user is redirected to the index page, which suggests the user to change their password. * @author Prayas Bhattarai * @return boolean */ function checkDefaultPassword() { $userProfile = retrieveCurrentUserProfile(); $currentPass = $userProfile->get_password(); if (getUserAccessLevel() == 1) { //use functions for social workers $fname = $userProfile->get_swFirstName(); $phone = $userProfile->get_swphone(); } else { if (getUserAccessLevel() > 1) { //use functions for rmh staff $fname = $userProfile->get_rmhStaffFirstName(); $phone = $userProfile->get_rmhStaffPhone(); } else { return false; } } $defaultPass = trim(strtolower($fname)) . trim(substr($phone, -4)); $defaultPass = getHashValue($defaultPass); if ($defaultPass != $currentPass) { return true; } else { setSessionMessage(array('default_pass' => 'You are using the default password for your account. It is advised that you change your password immediately by clicking on the "Manage Account" section.')); } }
$fname = $data['fname']; $lname = $data['lname']; $phone = $data['phone']; $email = $data['email']; //data for social worker, extra info that rmh staff don't have if (isset($userType) && $userType == 'socialworker') { $hospital = $data['hospital']; $notify = $data['notify']; } else { $hospital = ''; $notify = ''; } //proceed with creating and storing the new user //create a default password based on: User's firstname and last 4 digits of their phone number $password = trim(strtolower($fname)) . trim(substr($phone, -4)); $password = getHashValue($password); $newUserProfile = new UserProfile($userCategories[$userType], 0, $username, $email, $password, 0, $title, $fname, $lname, $phone, 0, $title, $fname, $lname, $hospital, $phone, $notify); //insert user profile $insertProfile = insert_UserProfile($newUserProfile); //if user profile insertion is successful, then the corresponding user profile tables need to be updated as well if ($insertProfile) { //get the userprofile id for the newly inserted user //can this be done more efficiently, instead of retrieving all the info? using last_insert_id maybe? $retrievedUser = retrieve_UserByAuth($username); if ($retrievedUser) { //if a user is retrieved, store the detailed information in the corresponding profile table $newUserProfile->set_userProfileId($retrievedUser['UserProfileID']); if ($retrievedUser['UserCategory'] == $userCategories['socialworker']) { //if the user is a social worker, insert the detail info in the social worker table $insertDetailProfile = insert_SocialWorkerProfile($newUserProfile); } else {
include_once ROOT_DIR . '/core/class/FormHelper.php'; include_once ROOT_DIR . '/core/class/DataValidator.php'; $errors = array(); $messages = array(); $data = array(); if (isset($_POST['form_token'])) { try { //form validation rules $accountSettingsRules = array('title' => array('alpha', 'allow' => array('.')), 'old_pass' => array('password'), 'new_pass' => array('password'), 'verify_pass' => array('password', 'notempty'), 'submit' => array('ignore')); $validator = new DataValidator($_POST, $accountSettingsRules); $data = $validator->getData(); if ($validator->isValid()) { //validation successful $newPass = getHashValue($data['new_pass']); $verifyPass = getHashValue($data['verify_pass']); $oldPass = getHashValue($data['old_pass']); $title = $data['title']; $username = getCurrentUser(); //TODO we could add this check in the validator? if ($newPass === $verifyPass) { if (retrieve_UserByAuth($username, $oldPass)) { //verify password and new password match AND the user with the old password exists //retrieve user profile: $userProfile = retrieveCurrentUserProfile(); if ($userProfile) { //change the password $userProfile->set_password($newPass); //TODO set the user title too. But isn't that included in profile change? //update the user profile table if (update_UserProfile($userProfile)) { //set session message