public function passwordpost() { $f3 = \Base::instance(); $this->_requireLogin(); $user = $f3->get('user'); $user_obj = $f3->get('user_obj'); $user_org = $f3->get('user_org'); $user_org_links = $f3->get('user_org_links'); // Check that the old password matches $security = \Helpers\Security::instance(); if ($security->hash($f3->get("POST.oldPass"), $user_obj->salt ?: "") == $user_obj->password) { // Okep, update $newPass = $f3->get("POST.newPass"); if (strlen($newPass) > 6) { extract($security->hash($newPass)); $user_obj->password = $hash; $user_obj->salt = $salt; $user_obj->save(); new Notification('Password updated !', 'success', true); $f3->reroute('/account'); } else { $f3->set('error', 'New password must be at least 7 characters long.'); } } else { // LOLNO $f3->set('error', "Password doesn't match your actual one." . ''); } $f3->set('target', 'account/password.html'); $this->_render('base.html'); }
public function details() { $f3 = \Base::instance(); $this->_requireLogin(); $this->_requireRank('support'); $user = $f3->get('user'); $user_obj = $f3->get('user_obj'); $user_org_links = $f3->get('user_org_links'); $db = $f3->get('db.instance'); // Target user $tuser_id = $f3->get('PARAMS.id'); $tuser = new User(); $tuser->load($tuser_id); $f3->set('tuser', $tuser->cast()); if ($f3->get('GET.action') == 'resetpassword') { if ($tuser->rank > $user['rank']) { new Notification("You cannot reset this user's password (he's higher ranked then you)", 'danger', true); $f3->reroute($f3->get('PATH')); } else { $security = Security::instance(); $randpswd = $security->salt(); extract($security->hash($randpswd)); $tuser->password = $hash; $tuser->salt = $salt; $tuser->save(); new Notification("The user's password has been reset, his new password is <b>{$randpswd}</b>", 'danger', true); SendingAPI::send(['from' => '*****@*****.**', 'to' => $tuser->email, 'subject' => 'Password reset', 'content' => "Hello, your password has been reset, here is your new one: <b>{$randpswd}</b>. Don't forget to change it !"]); $f3->reroute($f3->get('PATH')); } } // If the target user is a higher level user, you are not allowed to change his info if ($tuser->rank > $user['rank']) { new Notification("This user is higher ranked then you, you can't change his information.", 'danger', true); } $f3->set('target', 'dashboard/admin/users/details.html'); $this->_render('base.html'); }
/** * Verifies the validity of a user's password * * @param $identifier mixed Can be username, email or id * @param $password * @return bool */ public static function verifyUserPassword($identifier, $password) { // Load the user by it's $identifier type $user = new \Models\User(); if (is_int($identifier)) { // ID $user->load(array("id=?", $identifier)); } elseif (strpos($identifier, "@")) { // Email $user->load(array("email=?", $identifier)); } elseif (is_string($identifier)) { // Username $user->load(array("username=?", $identifier)); } // Failed loading if (!$user->id) { return false; } // Verify password $security = \Helpers\Security::instance(); if ($security->hash($password, $user->salt ?: "") == $user->password) { return true; } return false; }