public function alterarSenhaAction($token)
{
$this->view->setFile('redefinir');
$validarToken = Recovery::validarToken($token);
$error = null;
if ($validarToken->status === false) {
$this->view->setFile('blank');
$error = $this->messages->getByCode($validarToken->code);
} else {
$this->view->setVar('token', $token);
$password = $this->request->post('password');
if (!is_null($password)) {
$atualizarSenha = User::atualizarSenha($validarToken->user, $password);
if ($atualizarSenha === true) {
Recovery::limpar($validarToken->user->id);
$this->view->setPath('login')->setFile('index');
$success = $this->messages->getByCode('senha-redefinida');
$this->load('Helpers\\Alert', $success);
}
}
}
if (!is_null($error)) {
$this->load('Helpers\\Alert', $error);
}
}
$ok = True;
}
// Authenticate through recovery hash
if (strlen($_REQUEST["recovery_code"]) > 0) {
$recovery = new Recovery();
$status = $recovery->hash_authenticated($_REQUEST["recovery_code"]);
if ($status == True) {
$webid = $recovery->get_webid();
$_SESSION['recovery_status'] = null;
$ok = True;
} else {
$_SESSION['recovery_status'] = error('Your recovery code does not match any records in our database.');
}
}
if (strlen($_REQUEST["pairing_pin"]) > 0) {
$recovery = new Recovery();
$status = $recovery->pin_authenticated($_REQUEST["pairing_pin"]);
if ($status == True) {
$webid = $recovery->get_webid();
$_SESSION['recovery_status'] = null;
$ok = True;
} else {
$_SESSION['recovery_status'] = error('Your recovery PIN does not match any records in our database.');
}
}
// DEBUG
//echo "\n<!-- WEBID=".$webid."\nSESSION=\n".print_r($_SESSION, true)."-->\n";
if ($ok == True) {
if (!isset($_SESSION['myprofile'])) {
$_SESSION['webid'] = $webid;
$_SESSION['myprofile'] = new MyProfile($webid, BASE_URI, SPARQL_ENDPOINT);
* copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
* INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
* PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
require_once 'include.php';
$title = "Account Recovery";
$ret = '';
$ret .= "<div class=\"content relative shadow clearfix main\">\n";
// Recover account
if (webid_is_local($_REQUEST['webid'])) {
if (isset($_REQUEST['recovery_webid'])) {
$recovery = new Recovery();
$ret .= $recovery->recover($_REQUEST['recovery_webid']);
}
} else {
$ret .= "The account recovery is only available for local users.";
}
if (isset($_REQUEST['recovery_code']) && isset($_SESSION['recovery_status'])) {
$ret .= $_SESSION['recovery_status'];
}
// display recovery options
$ret .= "<p></p>\n";
$ret .= "<h2><strong>Recover Your Account</strong></h2>\n";
$ret .= "<form method=\"post\">\n";
$ret .= "<table><tr>\n";
$ret .= "<td>\n";
$ret .= "Please type your WebID address here:";
}
// clear local session
$_SESSION = array();
session_destroy();
include 'header.php';
echo $ret;
include 'footer.php';
exit;
}
if (isset($_REQUEST['recovery_email'])) {
$ret .= $_SESSION['myprofile']->set_recovery_email($_REQUEST['recovery_email']);
}
}
// generate PIN for browser pairing
if (isset($_REQUEST['generate_pin'])) {
$recovery = new Recovery();
$pin = $recovery->set_pin($_SESSION['webid']);
}
// subscribe or unsubscribe
if (isset($_REQUEST['subscribe'])) {
$ret .= $_SESSION['myprofile']->subscribe();
$_SESSION['feed_hash'] = $_SESSION['myprofile']->get_feed();
$_SESSION['user_hash'] = $_SESSION['myprofile']->get_hash();
} else {
if (isset($_REQUEST['submit'])) {
// Unsubscribed if the user ticked off the checkbox
if (!isset($_REQUEST['subscription']) || $_REQUEST['subscription'] == 'off') {
$_SESSION['user_hash'] = null;
$_SESSION['feed_hash'] = null;
$ret .= $_SESSION['myprofile']->unsubscribe();
}
$newPwd = _post("password", "");
if (strlen($newPwd) < 6 || strlen($newPwd) > 20) {
throw new Exception("The length of new password shuould be between 6 and 20", -1);
}
if ($email == "" || $ucode == "") {
throw new Exception("Invalid url", -1);
} else {
$re = new Recovery();
$re->changePwd($email, $ucode, $newPwd);
echo json_encode(array("errCode" => 0, "errMessage" => "You has changed your password"));
}
} else {
if ($step == 3) {
$currPwd = _post("currpwd", "");
$newPwd = _post("password", "");
$userID = _post("uid", "");
$auth = Auth::getInstance();
if ($auth->getUserID() != $userID) {
throw new Exception("unauthorized", -1);
}
$re = new Recovery();
$re->resetPwd($userID, $currPwd, $newPwd);
echo json_encode(array("errCode" => 0, "errMessage" => "You has changed your password"));
}
}
}
}
} catch (Exception $e) {
$result = array("errCode" => $e->getCode(), "errMessage" => $e->getMessage());
echo json_encode($result);
}