/**
* Get page where user should be redirected, based on user's role.
* If there is no specific page set for provided role, redirect to default page.
*
* @return string Page where user should be redirected.
*/
function get_redirect_page()
{
$login = new ASLogin();
if ($login->isLoggedIn()) {
$user = new ASUser(ASSession::get("user_id"));
$role = $user->getRole();
} else {
$role = 'default';
}
$redirect = unserialize(SUCCESS_LOGIN_REDIRECT);
if (!isset($redirect['default'])) {
$redirect['default'] = 'index.php';
}
return isset($redirect[$role]) ? $redirect[$role] : $redirect['default'];
}
function onlyAdmin()
{
$login = new ASLogin();
if (!$login->isLoggedIn()) {
exit;
}
$loggedUser = new ASUser(ASSession::get("user_id"));
if (!$loggedUser->isAdmin()) {
exit;
}
}
/**
* Send forgot password email.
* @param string $userEmail Provided email.
* @return bool|mixed|string
*/
public function forgotPassword($userEmail)
{
$validator = new ASValidator();
$errors = array();
//we only have one field to validate here
//so we don't need id's from other fields
if ($userEmail == "") {
return ASLang::get('email_required');
}
if (!$validator->emailValid($userEmail)) {
return ASLang::get('email_wrong_format');
}
if (!$validator->emailExist($userEmail)) {
return ASLang::get('email_not_exist');
}
$login = new ASLogin();
if ($login->_isBruteForce()) {
return ASLang::get('brute_force');
}
//ok, no validation errors, we can proceed
//generate password reset key
$key = $this->_generateKey();
//write key to db
$this->db->update('as_users', array("password_reset_key" => $key, "password_reset_confirmed" => 'N', "password_reset_timestamp" => date('Y-m-d H:i:s')), "`email` = :email", array("email" => $userEmail));
$login->increaseLoginAttempts();
//send email
$this->mailer->passwordResetEmail($userEmail, $key);
return TRUE;
}
