public function control()
{
$controller = new LoginController(true);
if ($this->is_missing_param) {
$controller->addErrorMessage('Invalid account activation credentials.');
} else {
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$acode = $owner_dao->getActivationCode($_GET['usr']);
if ($_GET['code'] == $acode['activation_code']) {
$owner = $owner_dao->getByEmail($_GET['usr']);
if (isset($owner) && isset($owner->is_activated)) {
if ($owner->is_activated == 1) {
$controller->addSuccessMessage("You have already activated your account. Please log in.");
} else {
$owner_dao->activateOwner($_GET['usr']);
$controller->addSuccessMessage("Success! Your account has been activated. Please log in.");
}
} else {
$controller->addErrorMessage('Houston, we have a problem: Account activation failed.');
}
} else {
$controller->addErrorMessage('Houston, we have a problem: Account activation failed.');
}
}
return $controller->go();
}
/**
* Attempt to log in user via private API key and redirect to specified success or failure URLs based on result
* with msg parameter set.
* Expected $_GET parameters:
* u: email address
* k: private API key
* failure_redir: failure redirect URL
* success_redir: success redirect URL
*/
public function control()
{
$this->disableCaching();
if (!isset($_GET['success_redir']) || !isset($_GET['failure_redir']) || $_GET['success_redir'] == "" || $_GET['failure_redir'] == "") {
if (!isset($_GET['success_redir']) || $_GET['success_redir'] == "") {
$controller = new LoginController(true);
$controller->addErrorMessage('No success redirect specified');
return $controller->go();
}
if (!isset($_GET['failure_redir']) || $_GET['failure_redir'] == "") {
$controller = new LoginController(true);
$controller->addErrorMessage('No failure redirect specified');
return $controller->go();
}
} else {
$this->success_redir = $_GET['success_redir'];
$this->failure_redir = $_GET['failure_redir'];
if (!isset($_GET['u'])) {
$this->fail('User is not set.');
}
if (!isset($_GET['k'])) {
$this->fail('API key is not set.');
}
if ($this->isLoggedIn()) {
Session::logout();
}
$owner_dao = DAOFactory::getDAO('OwnerDAO');
if ($_GET['u'] == '' || $_GET['k'] == '') {
if ($_GET['u'] == '') {
$this->fail("Email must not be empty.");
} else {
$this->fail("API key must not be empty.");
}
} else {
$user_email = $_GET['u'];
if (get_magic_quotes_gpc()) {
$user_email = stripslashes($user_email);
}
$owner = $owner_dao->getByEmail($user_email);
if (!$owner) {
$this->fail("Invalid email.");
} elseif (!$owner->is_activated) {
$error_msg = 'Inactive account.';
$this->fail($error_msg);
// If the credentials supplied by the user are incorrect
} elseif (!$owner_dao->isOwnerAuthorizedViaPrivateAPIKey($user_email, $_GET['k'])) {
$error_msg = 'Invalid API key.';
$this->fail($error_msg);
} else {
// user has logged in sucessfully this sets variables in the session
Session::completeLogin($owner);
$owner_dao->updateLastLogin($user_email);
$owner_dao->resetFailedLogins($user_email);
$owner_dao->clearAccountStatus($user_email);
$this->succeed("Logged in successfully.");
}
}
}
}
public function control()
{
$session = new Session();
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$this->view_mgr->addHelp('reset', 'userguide/accounts/index');
$this->setViewTemplate('session.resetpassword.tpl');
$this->addHeaderJavaScript('assets/js/jqBootstrapValidation.js');
$this->addHeaderJavaScript('assets/js/validate-fields.js');
$this->disableCaching();
$config = Config::getInstance();
$this->addToView('is_registration_open', $config->getValue('is_registration_open'));
if (!isset($_GET['token']) || !preg_match('/^[\\da-f]{32}$/', $_GET['token']) || !($user = $owner_dao->getByPasswordToken($_GET['token']))) {
// token is nonexistant or bad
$this->addErrorMessage('You have reached this page in error.');
return $this->generateView();
}
if (!$user->validateRecoveryToken($_GET['token'])) {
$this->addErrorMessage('Your token is expired.');
return $this->generateView();
}
if (isset($_POST['password'])) {
if ($_POST['password'] == $_POST['password_confirm']) {
$login_controller = new LoginController(true);
// Try to update the password
if ($owner_dao->updatePassword($user->email, $_POST['password']) < 1) {
$login_controller->addErrorMessage('Problem changing your password!');
} else {
$owner_dao->activateOwner($user->email);
$owner_dao->clearAccountStatus($user->email);
$owner_dao->resetFailedLogins($user->email);
$owner_dao->updatePasswordToken($user->email, '');
$login_controller->addSuccessMessage('You have changed your password.');
}
return $login_controller->go();
} else {
$this->addErrorMessage("Passwords didn't match.");
}
} else {
if (isset($_POST['Submit'])) {
$this->addErrorMessage('Please enter a new password.');
}
}
return $this->generateView();
}
public function control() {
$session = new Session();
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$this->setViewTemplate('session.resetpassword.tpl');
$this->disableCaching();
if (!isset($_GET['token']) || !preg_match('/^[\da-f]{32}$/', $_GET['token']) ||
(!$user = $owner_dao->getByPasswordToken($_GET['token']))) {
// token is nonexistant or bad
$this->addErrorMessage('You have reached this page in error.');
return $this->generateView();
}
if (!$user->validateRecoveryToken($_GET['token'])) {
$this->addErrorMessage('Your token is expired.');
return $this->generateView();
}
if (isset($_POST['password'])) {
if ($_POST['password'] == $_POST['password_confirm']) {
$login_controller = new LoginController(true);
if ($owner_dao->updatePassword($user->email, $session->pwdcrypt($_POST['password'])) < 1 ) {
$login_controller->addErrorMessage('Problem changing your password!');
} else {
$owner_dao->activateOwner($user->email);
$owner_dao->clearAccountStatus($user->email);
$login_controller->addSuccessMessage('You have changed your password.');
}
return $login_controller->go();
} else {
$this->addErrorMessage("Passwords didn't match.");
}
} else if (isset($_POST['Submit'])) {
$this->addErrorMessage('Please enter a new password.');
}
return $this->generateView();
}
