Exemplos de zen_reset_password em PHP

Exemplo n.º 1

Arquivo: admin_account.php Projeto: zenmagick/zencart

        $errors = zen_update_user(FALSE, $_POST['email'], $_POST['id'], $_POST['profile']);
        if (sizeof($errors) > 0) {
            foreach ($errors as $error) {
                $messageStack->add($error, 'error');
            }
            $action = 'edit';
            $formAction = 'update';
            $profilesList = array_merge(array(array('id' => 0, 'text' => 'Choose Profile')), zen_get_profiles());
        } else {
            $action = '';
            $messageStack->add(SUCCESS_USER_DETAILS_UPDATED, 'success');
        }
        break;
    case 'reset':
        // reset existing user's password in database. Post data is prep'd for db in the first function call
        $errors = zen_reset_password($_POST['user'], $_POST['password'], $_POST['confirm']);
        if (sizeof($errors) > 0) {
            foreach ($errors as $error) {
                $messageStack->add($error, 'error');
            }
            $action = 'password';
            $formAction = 'reset';
        } else {
            $action = '';
            $messageStack->add(SUCCESS_PASSWORD_UPDATED, 'success');
        }
        break;
    default:
        // no action, simply drop through and display existing users
}
// get this user's details

Exemplo n.º 2

Arquivo: admin_access.php Projeto: R-Future/zencart

/**
 * Validate whether the password-reset request is permissible
 * @param string $admin_name
 * @param string $adm_old_pwd
 * @param string $adm_new_pwd
 * @param string $adm_conf_pwd
 */
function zen_validate_pwd_reset_request($admin_name, $adm_old_pwd, $adm_new_pwd, $adm_conf_pwd)
{
    global $db;
    $errors = array();
    $result = zen_read_user($admin_name);
    if (!isset($result) || $admin_name != $result['admin_name']) {
        $errors[] = ERROR_WRONG_LOGIN;
    }
    if ($result['lockout_expires'] > time()) {
        $errors[] = ERROR_SECURITY_ERROR;
    }
    // if entered password doesn't match current password, check for reset token
    if (!isset($result) || !zen_validate_password($adm_old_pwd, $result['admin_pass'])) {
        if ($result['reset_token'] != '') {
            list($expired_token, $token) = explode('}', $result['reset_token']);
            if ($expired_token > 0) {
                if ($expired_token <= time()) {
                    // reset the reset_token field to blank, since token has expired
                    $sql = "update " . TABLE_ADMIN . " set reset_token = '' where admin_name = :adminname: ";
                    $sql = $db->bindVars($sql, ':adminname:', $admin_name, 'string');
                    $db->Execute($sql);
                } else {
                    // if we have a token and it hasn't expired, check password against token
                    if (!zen_validate_password($adm_old_pwd, $token)) {
                        $errors[] = ERROR_WRONG_LOGIN;
                    } else {
                        // temporary password is good, so attempt to reset using new password
                        $moreErrors = zen_reset_password($result['admin_id'], $adm_new_pwd, $adm_conf_pwd);
                        if (sizeof($moreErrors)) {
                            $errors = array_merge($errors, $moreErrors);
                        } else {
                            // password change was accepted, so reset token
                            $sql = "update " . TABLE_ADMIN . " set reset_token = '', failed_logins = 0 where admin_name = :adminname: ";
                            $sql = $db->bindVars($sql, ':adminname:', $admin_name, 'string');
                            $db->Execute($sql);
                        }
                    }
                }
            }
        } else {
            $errors[] = ENTRY_PASSWORD_CHANGE_ERROR . ' ' . sprintf(ERROR_PASSWORD_RULES, (int) ADMIN_PASSWORD_MIN_LENGTH < 7 ? 7 : (int) ADMIN_PASSWORD_MIN_LENGTH);
        }
    } else {
        // password matched, so proceed with reset
        $moreErrors = zen_reset_password($result['admin_id'], $adm_new_pwd, $adm_conf_pwd);
        if (sizeof($moreErrors)) {
            $errors = array_merge($errors, $moreErrors);
        } else {
            $sql = "update " . TABLE_ADMIN . " set reset_token = '' where admin_name = :adminname: ";
            $sql = $db->bindVars($sql, ':adminname:', $admin_name, 'string');
            $db->Execute($sql);
        }
    }
    return $errors;
}