/** * Get page where user should be redirected, based on user's role. * If there is no specific page set for provided role, redirect to default page. * * @return string Page where user should be redirected. */ function get_redirect_page() { $login = new ASLogin(); if ($login->isLoggedIn()) { $user = new ASUser(ASSession::get("user_id")); $role = $user->getRole(); } else { $role = 'default'; } $redirect = unserialize(SUCCESS_LOGIN_REDIRECT); if (!isset($redirect['default'])) { $redirect['default'] = 'index.php'; } return isset($redirect[$role]) ? $redirect[$role] : $redirect['default']; }
function onlyAdmin() { $login = new ASLogin(); if (!$login->isLoggedIn()) { exit; } $loggedUser = new ASUser(ASSession::get("user_id")); if (!$loggedUser->isAdmin()) { exit; } }
/** * Send forgot password email. * @param string $userEmail Provided email. * @return bool|mixed|string */ public function forgotPassword($userEmail) { $validator = new ASValidator(); $errors = array(); //we only have one field to validate here //so we don't need id's from other fields if ($userEmail == "") { return ASLang::get('email_required'); } if (!$validator->emailValid($userEmail)) { return ASLang::get('email_wrong_format'); } if (!$validator->emailExist($userEmail)) { return ASLang::get('email_not_exist'); } $login = new ASLogin(); if ($login->_isBruteForce()) { return ASLang::get('brute_force'); } //ok, no validation errors, we can proceed //generate password reset key $key = $this->_generateKey(); //write key to db $this->db->update('as_users', array("password_reset_key" => $key, "password_reset_confirmed" => 'N', "password_reset_timestamp" => date('Y-m-d H:i:s')), "`email` = :email", array("email" => $userEmail)); $login->increaseLoginAttempts(); //send email $this->mailer->passwordResetEmail($userEmail, $key); return TRUE; }