public function action_resetpassword()
{
$this->template->content = new View('kwalbum/user/resetpassword');
$this->template->title = 'Reset Password';
if (isset($_GET['h'])) {
$temp = explode('.', $_GET['h']);
if (!isset($temp[1])) {
$this->template->content->message = '<span class="errors">This address is no longer valid for changing your password.</span>';
return;
}
$hash = $temp[0];
$id = (int) $temp[1];
$user = Model::factory('Kwalbum_User')->load($id);
if (!$user->reset_code or $user->reset_code != $hash) {
$user->reset_code = '';
$user->save();
$this->template->content->message = '<span class="errors">This address is no longer valid for changing your password.</span>';
} elseif (isset($_POST['act'])) {
$pw = $_POST['pw'];
if (strlen($pw) > 5) {
$user->password = $pw;
$user->reset_code = '';
$user->save();
$this->template->content->message = 'Your password has been changed and you can now <a href="' . $this->url . '/~user/login">log in</a>.';
} else {
$this->template->content->message2 = '<div class="errors">New password must be at least 6 characters long.</div>';
}
}
$user->permission_level = 0;
$this->template->set_global('user', $user);
} elseif (isset($_POST['act'])) {
$login = $_POST['name'];
$email = $_POST['email'];
$user = Model::factory('Kwalbum_User')->load($login, 'login_name');
if ($user->email == $email) {
if (!$user->reset_code) {
$user->reset_code = Kwalbum_Helper::getRandomHash();
$user->save();
}
$host = $_SERVER['SERVER_NAME'];
$emailMessage = "A password change has been requested for {$login} at {$host}. To change it go to\n{$this->url}/~user/resetpassword/?h={$user->reset_code}.{$user->id}\n\nAutomatic email from\nKwalbum \n\n";
if (!mail($email, 'Lost Password on ' . $host, $emailMessage, 'From: "do_not_reply.' . '" <kwalbum@' . $host . '>')) {
$this->template->content->message = '<span class="errors">Email with further instructions was not sent. Please contact the website administrator.</span>';
}
}
$this->template->content->message = 'If the login name and email address match, then an email has been sent with further instructions. If you do not recieve the email within a few hours, check your junk mail folder then contact the website administrator if you still can not find it. If you are unsure which email address or name you registered with, try them all until you get an email or contact the administrator and ask for help.';
}
}
/**
*
* @param string $username
* @param string $password
* @param int $length length for cookie if using a cookie
* @return Model_Kwalbum_User if login was successful
*/
public static function login($username, $password, $length = 0)
{
$user = Model::factory('Kwalbum_User')->load($username, 'login_name');
if (!$user->password_equals($password)) {
session_start();
unset($_SESSION['kwalbum_id']);
unset($_SESSION['kwalbum_edit']);
setcookie('kwalbum', '', time() - 36000, '/');
session_write_close();
return null;
}
$loginLength = (int) $length;
$user->visit_date = date('Y-m-d H:i:s');
$user->token = Kwalbum_Helper::getRandomHash();
$user->save();
if ($loginLength > 0) {
setcookie('kwalbum', $user->id . ':' . $user->token, time() + $loginLength, '/');
}
session_start();
$_SESSION['kwalbum_id'] = $user->id;
session_write_close();
return $user;
}
