/**
* (non-PHPdoc)
* @see IActionController::executeAction()
*/
public function executeAction($parameters)
{
$user = $this->_websoccer->getUser();
$columns = array();
// save new password
if ($parameters["newpassword"] != null) {
// always create new salt (in order to invalid old cookies)
$salt = SecurityUtil::generatePasswordSalt();
$hashedPassword = SecurityUtil::hashPassword($parameters["newpassword"], $salt);
$columns["passwort_salt"] = $salt;
$columns["passwort"] = $hashedPassword;
}
// handle new e-mail
if ($parameters["newemail"] != null) {
$activationKey = SecurityUtil::generatePassword();
$columns["schluessel"] = $activationKey;
$columns["status"] = 2;
$columns["email"] = $parameters["newemail"];
$user->email = $parameters["newemail"];
// send e-mail
$querystr = "key=" . $columns["schluessel"] . "&userid=" . $user->id;
$tplparameters["activationlink"] = $this->_websoccer->getInternalActionUrl("activate", $querystr, "activate-user", TRUE);
// send e-mail
EmailHelper::sendSystemEmailFromTemplate($this->_websoccer, $this->_i18n, $user->email, $this->_i18n->getMessage("activation_changedemail_subject"), "changed_email_activation", $tplparameters);
$this->_websoccer->addFrontMessage(new FrontMessage(MESSAGE_TYPE_WARNING, $this->_i18n->getMessage("profile_changedemail_message_title"), $this->_i18n->getMessage("profile_changedemail_message_content")));
}
$columns["name"] = $parameters["realname"];
$columns["wohnort"] = $parameters["place"];
$columns["land"] = $parameters["country"];
$columns["beruf"] = $parameters["occupation"];
$columns["interessen"] = $parameters["interests"];
$columns["lieblingsverein"] = $parameters["favorite_club"];
$columns["homepage"] = $parameters["homepage"];
$columns["c_hideinonlinelist"] = $parameters["c_hideinonlinelist"];
if ($parameters["birthday"]) {
$dateObj = DateTime::createFromFormat($this->_websoccer->getConfig("date_format"), $parameters["birthday"]);
$columns["geburtstag"] = $dateObj->format("Y-m-d");
}
// update record
if (count($columns)) {
$fromTable = $this->_websoccer->getConfig("db_prefix") . "_user";
$whereCondition = "id = %d";
$this->_db->queryUpdate($columns, $fromTable, $whereCondition, $user->id);
}
// success message
$this->_websoccer->addFrontMessage(new FrontMessage(MESSAGE_TYPE_SUCCESS, $this->_i18n->getMessage("saved_message_title"), ""));
return "profile";
}
public function executeAction($parameters)
{
if (!$this->_websoccer->getConfig("login_allow_sendingpassword")) {
throw new Exception("Action is disabled.");
}
// check captcha
if ($this->_websoccer->getConfig("register_use_captcha") && strlen($this->_websoccer->getConfig("register_captcha_publickey")) && strlen($this->_websoccer->getConfig("register_captcha_privatekey"))) {
include_once BASE_FOLDER . "/lib/recaptcha/recaptchalib.php";
$captchaResponse = recaptcha_check_answer($this->_websoccer->getConfig("register_captcha_privatekey"), $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$captchaResponse->is_valid) {
throw new Exception($this->_i18n->getMessage("registration_invalidcaptcha"));
}
}
$email = $parameters["useremail"];
$fromTable = $this->_websoccer->getConfig("db_prefix") . "_user";
// get user
$columns = "id, passwort_salt, passwort_neu_angefordert";
$wherePart = "UPPER(email) = '%s' AND status = 1";
$result = $this->_db->querySelect($columns, $fromTable, $wherePart, strtoupper($email));
$userdata = $result->fetch_array();
$result->free();
if (!isset($userdata["id"])) {
sleep(5);
throw new Exception($this->_i18n->getMessage("forgot-password_email-not-found"));
}
$now = $this->_websoccer->getNowAsTimestamp();
$timeBoundary = $now - 24 * 3600;
if ($userdata["passwort_neu_angefordert"] > $timeBoundary) {
throw new Exception($this->_i18n->getMessage("forgot-password_already-sent"));
}
// create new password
$salt = $userdata["passwort_salt"];
if (!strlen($salt)) {
$salt = SecurityUtil::generatePasswordSalt();
}
$password = SecurityUtil::generatePassword();
$hashedPassword = SecurityUtil::hashPassword($password, $salt);
// update user
$columns = array("passwort_salt" => $salt, "passwort_neu_angefordert" => $now, "passwort_neu" => $hashedPassword);
$whereCondition = "id = %d";
$parameter = $userdata["id"];
$this->_db->queryUpdate($columns, $fromTable, $whereCondition, $parameter);
$this->_sendEmail($email, $password);
$this->_websoccer->addFrontMessage(new FrontMessage(MESSAGE_TYPE_SUCCESS, $this->_i18n->getMessage("forgot-password_message_title"), $this->_i18n->getMessage("forgot-password_message_content")));
return "login";
}
private function _createUser($parameters, $fromTable)
{
$dbcolumns = array();
$dbcolumns["nick"] = $parameters["nick"];
$dbcolumns["email"] = strtolower($parameters["email"]);
$dbcolumns["passwort_salt"] = SecurityUtil::generatePasswordSalt();
$dbcolumns["passwort"] = SecurityUtil::hashPassword($parameters["pswd"], $dbcolumns["passwort_salt"]);
$dbcolumns["datum_anmeldung"] = $this->_websoccer->getNowAsTimestamp();
$dbcolumns["schluessel"] = str_replace("&", "_", SecurityUtil::generatePassword());
$dbcolumns["status"] = 2;
$dbcolumns["lang"] = $this->_i18n->getCurrentLanguage();
if ($this->_websoccer->getConfig("premium_initial_credit")) {
$dbcolumns["premium_balance"] = $this->_websoccer->getConfig("premium_initial_credit");
}
$this->_db->queryInsert($dbcolumns, $fromTable);
// get user id
$columns = "id";
$wherePart = "email = '%s'";
$result = $this->_db->querySelect($columns, $fromTable, $wherePart, $dbcolumns["email"]);
$newuser = $result->fetch_array();
$result->free();
$querystr = "key=" . $dbcolumns["schluessel"] . "&userid=" . $newuser["id"];
$tplparameters["activationlink"] = $this->_websoccer->getInternalActionUrl("activate", $querystr, "activate-user", TRUE);
// send e-mail
EmailHelper::sendSystemEmailFromTemplate($this->_websoccer, $this->_i18n, $dbcolumns["email"], $this->_i18n->getMessage("activation_email_subject"), "useractivation", $tplparameters);
// trigger plug-ins
$event = new UserRegisteredEvent($this->_websoccer, $this->_db, $this->_i18n, $newuser["id"], $dbcolumns["nick"], $dbcolumns["email"]);
PluginMediator::dispatchEvent($event);
}
if ($inputEmail) {
$now = $website->getNowAsTimestamp();
if (count($errors) == 0) {
// correct Pwd?
$columns = array('id', 'passwort_neu_angefordert', 'name', 'passwort_salt');
$fromTable = $conf['db_prefix'] . '_admin';
$whereCondition = 'email = \'%s\'';
$parameters = $inputEmail;
$result = $db->querySelect($columns, $fromTable, $whereCondition, $parameters);
$admin = $result->fetch_array();
if ($result->num_rows < 1) {
$errors['inputEmail'] = $i18n->getMessage('sendpassword_admin_usernotfound');
} elseif ($admin['passwort_neu_angefordert'] > $now - 120 * 60) {
$errors['inputEmail'] = $i18n->getMessage('sendpassword_admin_alreadysent');
} else {
$newPassword = SecurityUtil::generatePassword();
$hashedPw = SecurityUtil::hashPassword($newPassword, $admin['passwort_salt']);
// store new PW
$columns = array('passwort_neu' => $hashedPw, 'passwort_neu_angefordert' => $now);
$fromTable = $conf['db_prefix'] . '_admin';
$whereCondition = 'id = %d';
$parameter = $admin['id'];
$db->queryUpdate($columns, $fromTable, $whereCondition, $parameter);
try {
_sendEmail($inputEmail, $newPassword, $website, $i18n);
header('location: login.php?newpwd=1');
die;
} catch (Exception $e) {
$errors['inputEmail'] = $e->getMessage();
}
}