if (!$username) { throw new Exception('Username missing from password reset request.'); } $person = new PSUPerson($username); if (!$reason && ($ssn != substr($person->ssn, -4) || $dob != $person->birth_date)) { $GLOBALS['LOG']->write('Password Reset Attempt Failed: invalid DOB & SSN portion provided.', $username); throw new Exception('The identity verification failed. Either the last 4 of the SSN OR the Date of Birth did not match.'); } //end if if ($reason && !IDMObject::authZ('permission', 'ape_pw')) { throw new Exception('You are not allowed to perform password resets without the last 4 of the SSN and Birth Date.'); } //end if if (!$reason) { $reason = 'Private Data Provided and Verified'; } //end if list($username, $password) = $GLOBALS['PWMAN']->defaultCredentials($username); $GLOBALS['PWMAN']->setPassword($username, $password); $GLOBALS['PWMAN']->expire($username, 'reset'); $GLOBALS['LOG']->write('Resetting password: '******'Password Reset', 'Reset password.', array('call_status' => 'closed'))) { $message .= ' Ticket #<a href="http://go.plymouth.edu/log/' . $call_id . '">' . $call_id . '</a> has been logged.'; } //end if $_SESSION['messages'][] = $message; } catch (Exception $e) { $_SESSION['errors'][] = sprintf("%s (%d)", $e->GetMessage(), $e->GetCode()); } PSUHTML::redirect($GLOBALS['BASE_URL'] . '/user/' . $username);
*/ $pidm = (int) $_GET['pidm']; $redirect_id = $pidm; $lock = (bool) $_GET['lock']; $reason = isset($_GET['reason']) ? $_GET['reason'] : null; try { if (!$GLOBALS['ape']->canResetPassword()) { throw new Exception('You are not allowed to modify account locks.'); } $person = new PSUPerson($pidm); $redirect_id = PSU::nvl($person->id, $person->wp_id); if ($lock) { $GLOBALS['LOG']->write('Locking account', $person->login_name); $message = "Account for {$person->login_name} has been locked."; $reason .= ' (auto-opened via APE)'; if ($call_id = APE::create_ticket($person->login_name, 'Account Locked', $reason, array('call_source' => 'APE Locked Account'))) { $message .= ' Ticket #<a href="http://go.plymouth.edu/log/' . $call_id . '">' . $call_id . '</a> opened.'; } //end if $_SESSION['messages'][] = $message; $keys = array('added', 'sourced_id', 'password', 'pidm', 'login_name', 'fullname', 'reason', 'locker_pidm'); $values = array('NOW()', '?', '?', '?', '?', '?', '?', '?'); $args = array($person->sourced_id, ' ', $pidm, $person->login_name, $person->formatName('f l'), $reason, $_SESSION['pidm']); $sql = "\n\t\t INSERT INTO ape_support_locks (" . implode(', ', $keys) . ")\n\t\t VALUES (" . implode(', ', $values) . ")\n\t\t"; if (!PSU::db('myplymouth')->Execute($sql, $args)) { throw new Exception(PSU::db('myplymouth')->errorMsg()); } $person->lock_wp_account(); } else { $GLOBALS['LOG']->write('Unlocking account', $person->login_name); $message = "Account for {$person->login_name} has been unlocked.";