/** * fetch forgotten password page: * Users can request a password reset by givin their username. * They will be sent an email with a verification link to a page, * where they have to enter and confirm a new password. * * @param String $action Defines wheather the user is asking for reset or activating the new password * @param int $key Md5 hash to confirm that user is following the link in activation email */ public function fetchpasswordAction() { $this->breadcrumbs->addStep('Fetchpassword'); // if a user's already logged in, send them to their account home page if (Zend_Auth::getInstance()->hasIdentity()) { $target = $this->_urlHelper->url(array('controller' => 'index', 'action' => 'index', 'language' => $this->view->language), 'lang_default', true); $this->_redirect($target); } // get POST and GET parameters if there are any $action = $this->getRequest()->isPost() ? 'submit' : $this->getRequest()->getQuery('action'); $submittedForm = $this->getRequest()->getPost('submittedform'); $key = $this->getRequest()->getParam('key'); $error = null; /** check in what stage the process of password reset is (according to variables $action, $_POST['passwordgiven'] and $_GET['key']) **/ // the user came here for the first time if ($action == '' && $submittedForm == '' && $key == '') { $form = new Default_Form_FetchPasswordForm(); $this->view->form = $form; } else { if ($action == 'submit' && $submittedForm == 'fetchpassword') { $form = new Default_Form_FetchPasswordForm(); $formData = $this->_request->getPost(); // check the form data if ($form->isValid($formData)) { $user = new Default_Model_User(); // get user's email and id $email = trim($this->getRequest()->getPost('email')); $userId = $user->getIdByEmail($email); // if the email address was valid if ($userId != null) { // create verification key and it's md5 hash $key = $user->generateSalt(30); $key_safe = md5($key); // generate URL for the verification link $url = strtolower(trim(array_shift(explode('/', $_SERVER['SERVER_PROTOCOL'])))) . '://' . $_SERVER['HTTP_HOST']; $url .= $this->_urlHelper->url(array('controller' => 'account', 'action' => 'fetchpassword', 'language' => $this->view->language), 'lang_default', true); $url .= '?key=' . $key; // add new password request into the database $user->addPasswordRequest($userId, $key_safe); // send verification email if ($user->sendVerificationEmail($userId, $email, $url, $this->view->language)) { $action = 'emailsent'; } else { $action = 'emailproblem'; $error = 'account-fetchpassword-error-email'; } } else { $error = 'account-fetchpassword-error-nosuchemail'; $this->view->form = $form; } } else { $error = 'account-fetchpassword-error-invalidemail'; $this->view->form = $form; } } else { if ($action == 'submit' && $submittedForm == 'newpassword') { // create form and get form data $form = new Default_Form_NewPasswordForm(); $formData = $this->getRequest()->getPost(); if ($form->isValid($formData)) { if ($formData['password'] == $formData['confirm']) { $user = new Default_Model_User(); // change password $user->changeUserPassword($_SESSION['request_userid'], $formData['password']); // delete the request $user->getAdapter()->delete('usr_has_npwd', 'id_usr_npwd=' . $_SESSION['request_userid']); // unset the session to avoid conflicts unset($_SESSION['request_userid']); // password reset was successful $action = 'complete'; } else { // User failed (passwords didn't match), show form again $form->getElement('confirm')->addErrorMessage('Passwords didn\'t match.'); $form->getElement('confirm')->markAsError(); $this->view->form = $form; } } else { // User failed (invalid input), show form again $this->view->form = $form; } } else { if ($action == '' && $key != '') { $this->view->keyGiven = true; $user = new Default_Model_User(); // create md5 hash of the key $key_safe = md5($key); // get password request $selectQuery = $user->getAdapter()->select()->from('usr_has_npwd')->where('key_npwd = ?', $key_safe); $npwdData = $user->getAdapter()->fetchAll($selectQuery); // check if request existed if ($npwdData != false) { // Check if the password has expired or not $dateNow = date('y-m-d H:i:s'); if ($dateNow < $npwdData[0]['expire_date_npwd']) { // Show the form for giving a new password $form = new Default_Form_NewPasswordForm(); $this->view->form = $form; // Place the userId into a session in order for the script // above (new password confirmation) to know the id. $_SESSION['request_userid'] = $npwdData[0]['id_usr_npwd']; } else { $error = 'account-fetchpassword-error-keyexpired'; } } else { $error = 'account-fetchpassword-error-nosuchkey'; } } } } } // inject the variables to the view $this->view->error = $error; $this->view->action = $action; $this->view->submittedForm = $submittedForm; }