Http::redirect('index.php'); } elseif (isset($errors['msg'])) { $banner = $errors['msg']; } break; } } elseif ($_GET['token']) { $banner = __('Re-enter your username or email'); $inc = 'pwreset.login.php'; $_config = new Config('pwreset'); if (($id = $_config->get($_GET['token'])) && ($acct = ClientAccount::lookup(array('user_id' => $id)))) { if (!$acct->isConfirmed()) { $inc = 'register.confirmed.inc.php'; $acct->confirm(); // TODO: Log the user in if ($client = UserAuthenticationBackend::processSignOn($errors)) { if ($acct->hasPassword() && !$acct->get('backend')) { $acct->cancelResetTokens(); } else { $_SESSION['_client']['reset-token'] = $_GET['token']; $acct->forcePasswdReset(); } Http::redirect('account.php?confirmed'); } } } elseif ($id && ($user = User::lookup($id))) { $inc = 'pwreset.create.php'; } else { Http::redirect('index.php'); } } elseif ($cfg->allowPasswordReset()) {
// force attempts (which doesn't buy much since the link is emailed) $user->sendAccessLink(); $msg = sprintf(__("%s - access link sent to your email!"), Format::htmlchars($user->getName()->getFirst())); $_POST = null; } elseif (!$errors['err']) { $errors['err'] = __('Invalid email or ticket number - try again!'); } } elseif (isset($_GET['do'])) { switch ($_GET['do']) { case 'ext': // Lookup external backend if ($bk = UserAuthenticationBackend::getBackend($_GET['bk'])) { $bk->triggerAuth(); } } } elseif ($user = UserAuthenticationBackend::processSignOn($errors, false)) { // Users from the ticket access link if ($user && $user instanceof TicketUser && $user->getTicketId()) { Http::redirect('tickets.php?id=' . $user->getTicketId()); } elseif ($user instanceof ClientCreateRequest) { if ($cfg && $cfg->isClientRegistrationEnabled()) { // Attempt to automatically register if ($user->attemptAutoRegister()) { Http::redirect('tickets.php'); } // Unable to auto-register. Fill in what we have and let the // user complete the info $inc = 'register.inc.php'; } else { $errors['err'] = __('Access Denied. Contact your help desk administrator to have an account registered for you'); // fall through to show login page again