public function passwordpost()
{
$f3 = \Base::instance();
$this->_requireLogin();
$user = $f3->get('user');
$user_obj = $f3->get('user_obj');
$user_org = $f3->get('user_org');
$user_org_links = $f3->get('user_org_links');
// Check that the old password matches
$security = \Helpers\Security::instance();
if ($security->hash($f3->get("POST.oldPass"), $user_obj->salt ?: "") == $user_obj->password) {
// Okep, update
$newPass = $f3->get("POST.newPass");
if (strlen($newPass) > 6) {
extract($security->hash($newPass));
$user_obj->password = $hash;
$user_obj->salt = $salt;
$user_obj->save();
new Notification('Password updated !', 'success', true);
$f3->reroute('/account');
} else {
$f3->set('error', 'New password must be at least 7 characters long.');
}
} else {
// LOLNO
$f3->set('error', "Password doesn't match your actual one." . '');
}
$f3->set('target', 'account/password.html');
$this->_render('base.html');
}
public function details()
{
$f3 = \Base::instance();
$this->_requireLogin();
$this->_requireRank('support');
$user = $f3->get('user');
$user_obj = $f3->get('user_obj');
$user_org_links = $f3->get('user_org_links');
$db = $f3->get('db.instance');
// Target user
$tuser_id = $f3->get('PARAMS.id');
$tuser = new User();
$tuser->load($tuser_id);
$f3->set('tuser', $tuser->cast());
if ($f3->get('GET.action') == 'resetpassword') {
if ($tuser->rank > $user['rank']) {
new Notification("You cannot reset this user's password (he's higher ranked then you)", 'danger', true);
$f3->reroute($f3->get('PATH'));
} else {
$security = Security::instance();
$randpswd = $security->salt();
extract($security->hash($randpswd));
$tuser->password = $hash;
$tuser->salt = $salt;
$tuser->save();
new Notification("The user's password has been reset, his new password is <b>{$randpswd}</b>", 'danger', true);
SendingAPI::send(['from' => '*****@*****.**', 'to' => $tuser->email, 'subject' => 'Password reset', 'content' => "Hello, your password has been reset, here is your new one: <b>{$randpswd}</b>. Don't forget to change it !"]);
$f3->reroute($f3->get('PATH'));
}
}
// If the target user is a higher level user, you are not allowed to change his info
if ($tuser->rank > $user['rank']) {
new Notification("This user is higher ranked then you, you can't change his information.", 'danger', true);
}
$f3->set('target', 'dashboard/admin/users/details.html');
$this->_render('base.html');
}
/**
* Verifies the validity of a user's password
*
* @param $identifier mixed Can be username, email or id
* @param $password
* @return bool
*/
public static function verifyUserPassword($identifier, $password)
{
// Load the user by it's $identifier type
$user = new \Models\User();
if (is_int($identifier)) {
// ID
$user->load(array("id=?", $identifier));
} elseif (strpos($identifier, "@")) {
// Email
$user->load(array("email=?", $identifier));
} elseif (is_string($identifier)) {
// Username
$user->load(array("username=?", $identifier));
}
// Failed loading
if (!$user->id) {
return false;
}
// Verify password
$security = \Helpers\Security::instance();
if ($security->hash($password, $user->salt ?: "") == $user->password) {
return true;
}
return false;
}
