public function enviarNovaSenha($email)
{
$novaSenha = gerarNovaSenha();
$usuario = $this->usuario_dao->findUserByEmail($email);
if ($usuario == null) {
throw new Exception('Usuário não encontrado.', 3);
}
$usuario->setSenha(md5($novaSenha));
$this->usuario_dao->update($usuario);
$result = sendPasswordEmail($novaSenha, $email);
}
$show = 'userNotFound';
} else {
$error = false;
$show = 'securityForm';
$securityUser = $result['userID'];
}
break;
case 2:
//we just submitted the security question for verification
if ($_POST['userID'] != "" && $_POST['answer'] != "") {
$result = checkSecAnswer($_POST['userID'], $_POST['answer']);
if ($result == true) {
//answer was right
$error = false;
$show = 'successPage';
$passwordMessage = sendPasswordEmail($_POST['userID']);
$_SESSION['badCount'] = 0;
} else {
//answer was wrong
$error = true;
$show = 'securityForm';
$securityUser = $_POST['userID'];
$_SESSION['badCount']++;
}
} else {
$error = true;
$show = 'securityForm';
}
break;
case 3:
//we are submitting a new password (only for encrypted)
$step = 'emailForm';
// Formulaire par defaut
if (isset($_POST['subStep']) && !isset($_GET['a'])) {
// Sous-etape
switch ($_POST['subStep']) {
case 1:
//we just submitted an email or username for verification
$result = checkUNEmail($_POST['uname'], $_POST['email']);
if ($result['status'] == false) {
$error = true;
$step = 'userNotFound';
} else {
$error = false;
$step = 'successPage';
$securityUser = $result['userID'];
sendPasswordEmail($securityUser);
}
break;
case 2:
//we are submitting a new password (only for encrypted)
if ($_POST['userID'] == '' || $_POST['key'] == '') {
header("location: login.php");
}
if (strcmp($_POST['pw0'], $_POST['pw1']) != 0 || trim($_POST['pw0']) == '') {
$error = true;
$step = 'recoverForm';
} else {
$error = false;
$step = 'recoverSuccess';
if (updateUserPassword($_POST['userID'], $_POST['pw0'], $_POST['key'])) {
// il y encore un controle ici
<?php
session_start();
// If user is logged in, redirect to homepage
if (isset($_SESSION['login']) && $_SESSION['login'] === '1') {
header("Location: /dashboard/index");
} else {
require 'functions.php';
////////////
// listener for the reset password button
////////////
if (isset($_POST['reset_pass'])) {
$result = checkEmail(sanitize($_POST['email']));
if ($result['status']) {
// email exists -- send email to user
sendPasswordEmail($result['userID']);
$_SESSION['validemail'] = true;
header("Location: /dashboard/login");
} else {
// email is not valid
$_SESSION['validemail'] = false;
header("Location: /dashboard/login");
}
} else {
if (isset($_POST['login'])) {
// need to escape characters
$username = sanitize($_POST['username']);
$password = sanitize($_POST['password']);
$data = my_query('s', array(&$username), "SELECT * FROM user WHERE Username=?");
$id = $data['ID'];
if (strcmp($username, $data['Username']) !== 0) {