/**
* @group IL_Init
*/
public function testPasswordAssisstanceSession()
{
global $ilUser;
include_once "./include/inc.pwassist_session_handler.php";
$result = "";
// write session
db_pwassist_session_write("12345", 60, $ilUser->getId());
// find
$res = db_pwassist_session_find($ilUser->getId());
if ($res["pwassist_id"] == "12345") {
$result .= "find-";
}
// read
$res = db_pwassist_session_read("12345");
if ($res["user_id"] == $ilUser->getId()) {
$result .= "read-";
}
// destroy
db_pwassist_session_destroy("12345");
$res = db_pwassist_session_read("12345");
if (!$res) {
$result .= "destroy-";
}
db_pwassist_session_gc();
$this->assertEquals("find-read-destroy-", $result);
}
/** Reads the submitted data from the password assistance form.
*
* The following form fields are read as HTTP POST parameters:
* key
* username
* password1
* password2
*
* The key is used to retrieve the password assistance session.
* If the key is missing, or if the password assistance session has expired, the
* password assistance form will be shown instead of this form.
*
* If the password assistance session is valid, and if the username matches the
* username, for which the password assistance has been requested, and if the
* new password is valid, ILIAS assigns the password to the user.
*
* Note: To prevent replay attacks, the session is deleted when the
* password has been assigned successfully.
*/
function submitAssignPasswordForm()
{
global $tpl, $ilias, $lng, $rbacadmin, $rbacreview;
require_once "include/inc.pwassist_session_handler.php";
// Retrieve form data
$pwassist_id = ilUtil::stripSlashes($_POST["key"]);
$username = ilUtil::stripSlashes($_POST["username"]);
$password1 = ilUtil::stripSlashes($_POST["password1"]);
$password2 = ilUtil::stripSlashes($_POST["password2"]);
// Retrieve the session
$pwassist_session = db_pwassist_session_read($pwassist_id);
if (count($pwassist_session) == 0 || $pwassist_session["expires"] < time()) {
$this->showAssistanceForm($lng->txt("pwassist_session_expired"));
} else {
$is_successful = true;
$message = "";
$userObj = new ilObjUser($pwassist_session["user_id"]);
// Validate the entries of the user
// ----------------------------------
// check if the user still exists
if ($userObj == null) {
$message = $lng->txt("user_does_not_exist");
$is_successful = false;
}
// check if the username entered by the user matches the
// one of the user object.
if ($is_successful && strcasecmp($userObj->getLogin(), $username) != 0) {
$message = $lng->txt("pwassist_login_not_match");
$is_successful = false;
}
// check if the user entered the password correctly into the
// two entry fields.
if ($is_successful && $password1 != $password2) {
$message = $lng->txt("passwd_not_match");
$is_successful = false;
}
// validate the password
if ($is_successful && !ilUtil::isPassword($password1)) {
$message = $lng->txt("passwd_invalid");
$is_successful = false;
}
// End of validation
// If the validation was successful, we change the password of the
// user.
// ------------------
if ($is_successful) {
$is_successful = $userObj->resetPassword($password1, $password2);
if (!$is_successful) {
$message = $lng->txt("passwd_invalid");
}
}
// If we are successful so far, we update the user object.
// ------------------
if ($is_successful) {
$is_successfull = $userObj->update();
if (!$is_successful) {
$message = $lng->txt("update_error");
}
}
// If we are successful, we destroy the password assistance
// session and redirect to the login page.
// Else we display the form again along with an error message.
// ------------------
if ($is_successful) {
db_pwassist_session_destroy($pwassist_id);
$this->showMessageForm(null, sprintf($lng->txt("pwassist_password_assigned"), $username));
} else {
$this->showAssignPasswordForm($message, $username, $password1, $password2, $pwassist_id);
}
}
}
/**
* Reads the submitted data from the password assistance form.
* The following form fields are read as HTTP POST parameters:
* key
* username
* password1
* password2
* The key is used to retrieve the password assistance session.
* If the key is missing, or if the password assistance session has expired, the
* password assistance form will be shown instead of this form.
* If the password assistance session is valid, and if the username matches the
* username, for which the password assistance has been requested, and if the
* new password is valid, ILIAS assigns the password to the user.
* Note: To prevent replay attacks, the session is deleted when the
* password has been assigned successfully.
*/
public function submitAssignPasswordForm()
{
require_once 'include/inc.pwassist_session_handler.php';
// We need to fetch this before form instantiation
$pwassist_id = ilUtil::stripSlashes($_POST['key']);
$form = $this->getAssignPasswordForm($pwassist_id);
if (!$form->checkInput()) {
$form->setValuesByPost();
return;
}
$username = $form->getInput('username');
$password = $form->getInput('password');
$pwassist_id = $form->getInput('key');
// Retrieve the session
$pwassist_session = db_pwassist_session_read($pwassist_id);
if (count($pwassist_session) == 0 || $pwassist_session['expires'] < time()) {
ilUtil::sendFailure(str_replace("\\n", '', $this->lng->txt('pwassist_session_expired')));
$form->setValuesByPost();
$this->showAssistanceForm($form);
return;
} else {
$is_successful = true;
$message = '';
$userObj = new ilObjUser($pwassist_session['user_id']);
if ($userObj == null) {
$message = $this->lng->txt('user_does_not_exist');
$is_successful = false;
}
// check if the username entered by the user matches the
// one of the user object.
if ($is_successful && strcasecmp($userObj->getLogin(), $username) != 0) {
$message = $this->lng->txt('pwassist_login_not_match');
$is_successful = false;
}
$error_lng_var = '';
if (!ilUtil::isPasswordValidForUserContext($password, $userObj, $error_lng_var)) {
$message = $this->lng->txt($error_lng_var);
$is_successful = false;
}
// End of validation
// If the validation was successful, we change the password of the
// user.
// ------------------
if ($is_successful) {
$is_successful = $userObj->resetPassword($password, $password);
if (!$is_successful) {
$message = $this->lng->txt('passwd_invalid');
}
}
// If we are successful so far, we update the user object.
// ------------------
if ($is_successful) {
$userObj->update();
}
// If we are successful, we destroy the password assistance
// session and redirect to the login page.
// Else we display the form again along with an error message.
// ------------------
if ($is_successful) {
db_pwassist_session_destroy($pwassist_id);
$this->showMessageForm(sprintf($this->lng->txt('pwassist_password_assigned'), $username));
} else {
ilUtil::sendFailure(str_replace("\\n", '', $message));
$form->setValuesByPost();
$this->showAssignPasswordForm($form, $pwassist_id);
}
}
}
