// Check if the user's password match the token
$expectedToken = Dot_Auth::generateUserToken($userInfo['password']);
if ($expectedToken != $userToken) {
$disabled = true;
}
}
// we have errors, display the message and disable the form
if (true == $disabled) {
$session->message['txt'] = $registry->option->errorMessage->wrongResetPasswordUrl;
$session->message['type'] = 'error';
}
// IF the form was submmited and there are NO errors
if ($_SERVER['REQUEST_METHOD'] === 'POST' && false == $disabled) {
// POST values that will be validated
$values['password'] = array('password' => isset($_POST['password']) ? $_POST['password'] : '', 'password2' => isset($_POST['password2']) ? $_POST['password2'] : '');
$dotValidateUser = new Dot_Validate_User(array('who' => 'user', 'action' => 'update', 'values' => $values, 'userId' => $userId));
if ($dotValidateUser->isValid()) {
$data['password'] = $_POST['password'];
$data['id'] = $userId;
$data['username'] = $userInfo['username'];
$userModel->updateUser($data);
$userModel->authorizeLogin($data);
} else {
$data = $dotValidateUser->getData();
$session->message['txt'] = $dotValidateUser->getError();
$session->message['type'] = 'error';
}
}
// show the form, enabled or disabled
$userView->resetPasswordForm('reset_password', $disabled, $userId, $userToken);
break;
$pageTitle = $option->pageTitle->action->{$registry->requestAction};
switch ($registry->requestAction) {
default:
// default action is home
$pageTitle = $option->pageTitle->action->home;
case 'home':
// call showPage method to view the home page
$pageView->showPage('home');
if ($_SERVER['REQUEST_METHOD'] === "POST" && array_key_exists('phone', $_POST) && array_key_exists('phone', $_POST) && array_key_exists('email', $_POST) && array_key_exists('message', $_POST)) {
// validate the response
$values = array('email' => array('email' => $_POST['email']), 'details' => array('message' => $_POST['message']));
//if phone is completed, validate phone to be from US
if ($_POST['phone'] != '') {
$values['phone'] = array('phone' => $_POST['phone']);
}
$dotValidateUser = new Dot_Validate_User(array('who' => 'mobile', 'action' => 'form', 'values' => $values));
if ($dotValidateUser->isValid()) {
//if valid, send a mail
$data = $dotValidateUser->getData();
$dotEmail = new Dot_Email();
$dotEmail->addTo($settings->siteEmail);
$dotEmail->setSubject($registry->seo->siteName . ' - ' . $option->contactForm->subject);
$msg = str_replace(array('%EMAIL%', '%PHONE%', '%MESSAGE%', '%DATE%', '%IP%', '%USERAGENT%'), array($data['email'], isset($data['phone']) ? $data['phone'] : '', $data['message'], Dot_Kernel::timeFormat('now'), Dot_Kernel::getUserIp(), $_SERVER['HTTP_USER_AGENT']), $option->contactForm->message);
$dotEmail->setBodyText($msg);
$dotEmail->send();
/** If you want to redirect to a link,
* uncomment the 2 lines below to display a message
*/
$tpl->setVar('ERROR_MESSAGE', $option->contactForm->mailSent);
} else {
$session->message['txt'] = $dotValidateUser->getError();
// see: IndexController.php : $userToken
if (!Dot_Auth::checkUserToken($userToken)) {
// remove the identity
$dotAuth = Dot_Auth::getInstance();
$dotAuth->clearIdentity('admin');
// warn the user
$session->message['txt'] = $option->warningMessage->tokenExpired;
$session->message['type'] = 'warning';
// log in
header('Location: ' . $registry->configuration->website->params->url . '/' . $registry->requestController . '/login');
exit;
}
$id = isset($_POST['id']) ? (int) $_POST['id'] : 0;
$isActive = isset($_POST['isActive']) ? $_POST['isActive'] : 0;
$values = array('enum' => array('0' => '0,1', 'isActive' => $isActive));
$dotValidateUser = new Dot_Validate_User(array('who' => 'admin', 'action' => 'activate', 'values' => $values));
if ($dotValidateUser->isValid()) {
$data = $dotValidateUser->getData();
// no error - then change active value of admin user
$adminModel->activateUser($id, $data['isActive']);
$result = array("success" => true, "id" => $id, "isActive" => intval($data["isActive"]));
} else {
$result = array("success" => false, "message" => "An error occured");
}
echo Zend_Json::encode($result);
exit;
break;
case 'delete':
// display confirmation form and delete admin user
if ($_SERVER['REQUEST_METHOD'] === "POST") {
// changes were made to checkUserToken