public function finishResetPW()
{
$result = PHPWS_User::checkPassword($_POST['password1'], $_POST['password2']);
if (PHPWS_Error::isError($result)) {
return $result;
}
@($auth = $_POST['authhash']);
@($user_id = (int) $_POST['user_id']);
if (empty($user_id) || empty($auth) || preg_match('/\\W/', $auth)) {
return 0;
}
$db = new PHPWS_DB('users_pw_reset');
$db->addWhere('user_id', $user_id);
$db->addWhere('authhash', $auth);
$db->addWhere('timeout', time(), '>');
$result = $db->select();
$db->reset();
$db->addWhere('user_id', $user_id);
if (PHPWS_Error::logIfError($result)) {
$db->delete();
return 0;
} elseif (empty($result)) {
$db->delete();
return 0;
} else {
$user = new PHPWS_User($user_id);
$user->setPassword($_POST['password1']);
$result = $user->save();
if (PHPWS_Error::logIfError($result)) {
return 0;
}
Current_User::loginUser($user->username, $_POST['password1']);
unset($user);
$db->delete();
return 1;
}
}
<?php
// Detect phpWebSite
if (file_exists('../config/core/config.php')) {
define('PHPWEBSITE', true);
require_once '../config/core/config.php';
require_once PHPWS_SOURCE_DIR . 'inc/Bootstrap.php';
if (isset($_SERVER['PHP_AUTH_USER'])) {
require_once PHPWS_SOURCE_DIR . 'mod/users/class/Current_User.php';
Current_User::loginUser(preg_replace(PHPWS_SHIBB_USER_AUTH, '', $_SERVER['PHP_AUTH_USER']));
}
PHPWS_unBootstrap();
}
// Build new URL
require_once PHPWS_SOURCE_DIR . 'Global/Server.php';
$redirect = preg_replace('/secure\\/?$/', '', \Server::getSiteUrl());
?>
<html>
<head>
<!-- THIS FILE SHOULD NEVER EVER BE CACHED. MAKE SURE TO DISABLE CACHING AT THE APACHE LEVEL. -->
<meta http-equiv="refresh" content="0;url=<?php
echo $redirect;
?>
" />
</head>
<body>
<p><a href="<?php
echo $redirect;
?>
">If you are not redirected automatically, please click this link.</a></p>
</body>
/**
* There are five subpermission states. How your module handles them is up
* to you.
*
* new - user can create a new entry
* edit - user can edit an existing entry
* list - user can list entries
* category - user can post category changes
* delete - user can delete entries
*/
public function logUser($username, $password, $subpermission = null)
{
$result = Current_User::loginUser($username, $password);
// Bad result or blank result returns an error message
if (PHPWS_Error::logIfError($result) || !$result) {
return new IXR_Error(4000, XMLRPC_CANNOT_AUTHENTICATE);
}
// No subpermission check passes the user
if (!$subpermission) {
return true;
}
// No allow function passes the user
if (!method_exists($this, 'allow')) {
$this->validUser = true;
return true;
}
// Send the subpermission to the object's allow function
$result = $this->allow($subpermission);
if ($result === true) {
$this->validUser = true;
return true;
} else {
return $result;
}
}
