/** * Processes the password set form * * @return void */ public function settingpasswordTask() { // Check for request forgeries Session::checkToken('post') or exit(Lang::txt('JINVALID_TOKEN')); // Get the token and user id from the verification process $token = User::getState('com_users.reset.token', null); $id = User::getState('com_users.reset.user', null); $no_html = Request::getInt('no_html', 0); // Check the token and user id if (empty($token) || empty($id)) { throw new Exception(Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_TOKENS_MISSING'), 403); } // Get the user object $user = \Hubzero\User\User::oneOrFail($id); // Check for a user and that the tokens match if ($user->tokens()->latest()->token !== $token) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning'); return; } // Make sure the user isn't blocked if ($user->get('block')) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning'); return; } if (\Hubzero\User\Helper::isXDomainUser($user->get('id'))) { throw new Exception(Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_LINKED_ACCOUNT'), 403); } $password_rules = \Hubzero\Password\Rule::all()->whereEquals('enabled', 1)->rows(); $password1 = trim(Request::getVar('password1', null)); $password2 = trim(Request::getVar('password2', null)); if (!empty($password1)) { $msg = \Hubzero\Password\Rule::verify($password1, $password_rules, $user->get('username')); } else { $msg = array(); } require_once dirname(dirname(__DIR__)) . DS . 'helpers' . DS . 'utility.php'; $error = false; $changing = true; if (!$password1 || !$password2) { $error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_TWICE'); } elseif ($password1 != $password2) { $error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_DONT_MATCH'); } elseif (!\Components\Members\Helpers\Utility::validpassword($password1)) { $error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_INVALID'); } elseif (!empty($msg)) { $error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_FAILS_REQUIREMENTS'); } // If we're resetting password to the current password, just return true // That way you can't reset the counter on your current password, or invalidate it by putting it into history if (\Hubzero\User\Password::passwordMatches($user->get('id'), $password1)) { $error = false; $changing = false; $result = true; } if ($error) { if ($no_html) { $response = array('success' => false, 'message' => $error); echo json_encode($response); die; } else { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), $error, 'warning'); return; } } if ($changing) { // Encrypt the password and update the profile $result = \Hubzero\User\Password::changePassword($user->get('username'), $password1); } // Save the changes if (!$result) { if ($no_html) { $response = array('success' => false, 'message' => Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_GENERIC')); echo json_encode($response); die; } else { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_GENERIC'), 'warning'); return; } } // Flush the user data from the session User::setState('com_users.reset.token', null); User::setState('com_users.reset.user', null); if ($no_html) { $response = array('success' => true, 'redirect' => Route::url('index.php?option=com_users&view=login', false)); echo json_encode($response); die; } else { // Everything went well...go to the login page App::redirect(Route::url('index.php?option=com_users&view=login', false), Lang::txt('COM_MEMBERS_CREDENTIALS_PASSWORD_RESET_COMPLETE'), 'passed'); } }
/** * @since 1.6 */ function processResetComplete($data) { // Get the form. $form = $this->getResetCompleteForm(); // Check for an error. if ($form instanceof Exception) { return $form; } // Filter and validate the form data. $data = $form->filter($data); $return = $form->validate($data); // Check for an error. if ($return instanceof Exception) { return $return; } // Check the validation results. if ($return === false) { // Get the validation messages from the form. foreach ($form->getErrors() as $message) { $this->setError($message); } return false; } // Get the token and user id from the confirmation process. $app = JFactory::getApplication(); $token = $app->getUserState('com_users.reset.token', null); $id = $app->getUserState('com_users.reset.user', null); // Check the token and user id. if (empty($token) || empty($id)) { return new Exception(Lang::txt('COM_USERS_RESET_COMPLETE_TOKENS_MISSING'), 403); } // Get the user object. $user = User::getInstance($id); // Check for a user and that the tokens match. if (empty($user) || $user->activation !== $token) { $this->setError(Lang::txt('COM_USERS_USER_NOT_FOUND')); return false; } // Make sure the user isn't blocked. if ($user->block) { $this->setError(Lang::txt('COM_USERS_USER_BLOCKED')); return false; } // Initiate profile classs $profile = User::getInstance($id); if (\Hubzero\User\Helper::isXDomainUser($user->get('id'))) { App::abort(403, Lang::txt('This is a linked account. To change your password you must change it using the procedures available where the account you are linked to is managed.')); return; } $password_rules = \Hubzero\Password\Rule::all()->whereEquals('enabled', 1)->rows(); $password1 = $data['password1']; $password2 = $data['password2']; if (!empty($password1)) { $msg = \Hubzero\Password\Rule::verify($password1, $password_rules, $profile->get('username')); } else { $msg = array(); } include_once PATH_CORE . DS . 'components' . DS . 'com_members' . DS . 'helpers' . DS . 'utility.php'; if (!$password1 || !$password2) { $this->setError(Lang::txt('you must enter your new password twice to ensure we have it correct')); } elseif ($password1 != $password2) { $this->setError(Lang::txt('the new password and confirmation you entered do not match. Please try again')); } elseif (!\Components\Members\Helpers\Utility::validpassword($password1)) { $this->setError(Lang::txt('the password you entered was invalid password. You may be using characters that are not allowed')); } elseif (!empty($msg)) { $this->setError(Lang::txt('the password does not meet site password requirements. Please choose a password meeting all the requirements listed below.')); } if ($this->getError()) { $this->setError($this->getError()); return false; } // Encrypt the password and update the profile $result = \Hubzero\User\Password::changePassword($profile->get('username'), $password1); // Save the changes if (!$result) { $this->setError(Lang::txt('There was an error changing your password.')); return false; } // Flush the user data from the session. $app->setUserState('com_users.reset.token', null); $app->setUserState('com_users.reset.user', null); return true; }