public static function post()
{
$page = new Page();
$page->data['title'] = 'Wachtwoord resetten';
$errMsgs = ResetPasswordViewValidator::validate($_POST);
if (empty($errMsgs)) {
try {
//Get the user's password salt and calculate password hash
$passwordSalt = UserDB::getPasswordSaltByEmail($_POST['email']);
$newPassword = Random::getPassword();
$newPasswordHash = hash_pbkdf2('sha256', $newPassword, $passwordSalt, SecurityConfig::N_PASSWORD_HASH_ITERATIONS);
//Get user from database and reset password.
$user = UserDB::getBasicUserByEmail($_POST['email']);
UserDB::resetPassword($_POST['email'], $newPasswordHash);
//Show success message
$page->data['ResetSuccessfulView']['redirectUrl'] = 'login';
$page->addView('resetPassword/ResetSuccessfulView');
//Send email with password
$failedEmails = Email::sendEmails('ResetPassword.html', 'JH De Stip - Wachtwoord reset', EmailConfig::FROM_ADDRESS, [$user], array($user->userId => array('newPassword' => $newPassword)));
//If failedEmails is not empty the mail was not sent
if (!empty($failedEmails)) {
$page->data['ErrorMessageNoDescriptionNoLinkView']['errorTitle'] = 'Kan e-mail met nieuwe wachtwoord niet verzenden.';
$page->addView('error/ErrorMessageNoDescriptionNoLinkView');
}
} catch (UserDBException $ex) {
$page->data['ResetPasswordView']['reset_password_formAction'] = $_SERVER['REQUEST_URI'];
$page->data['ResetPasswordView']['email'] = $_POST['email'];
$page->data['ResetPasswordView']['errMsgs'] = ResetPasswordViewValidator::initErrMsgs();
if ($ex->getCode() == UserDBException::NOUSERFOREMAIL) {
$page->data['ResetPasswordView']['errMsgs']['global'] = '<h2 class="error_message" id="reset_password_form_error_message">Er is geen gebruiker met dit e-mailadres.</h2>';
} else {
$page->data['ResetPasswordView']['errMsgs']['global'] = '<h2 class="error_message" id="reset_password_form_error_message">Kan wachtwoord niet resetten, probeer het opnieuw.</h2>';
}
$page->addView('resetPassword/ResetPasswordView');
} catch (EmailException $ex) {
$page->data['ErrorMessageNoDescriptionNoLinkView']['errorTitle'] = 'Kan e-mail met nieuwe wachtwoord niet verzenden.';
$page->addView('error/ErrorMessageNoDescriptionNoLinkView');
} catch (Exception $ex) {
$page->data['ResetPasswordView']['reset_password_formAction'] = $_SERVER['REQUEST_URI'];
$page->data['ResetPasswordView']['email'] = $_POST['email'];
$page->data['ResetPasswordView']['errMsgs']['global'] = '<h2 class="error_message" id="reset_password_form_error_message">Kan wachtwoord niet resetten, probeer het opnieuw.</h2>';
$page->addView('resetPassword/ResetPasswordView');
}
} else {
$page->data['ResetPasswordView']['reset_password_formAction'] = $_SERVER['REQUEST_URI'];
$page->data['ResetPasswordView']['email'] = $_POST['email'];
$page->data['ResetPasswordView']['errMsgs'] = ResetPasswordViewValidator::initErrMsgs();
$page->data['ResetPasswordView']['errMsgs'] = array_merge($page->data['ResetPasswordView']['errMsgs'], $errMsgs);
$page->addView('resetPassword/ResetPasswordView');
}
$page->showWithMenu();
}
public static function post()
{
$errMsgs = LoginViewValidator::validate($_POST);
if (empty($errMsgs)) {
try {
//Get the user's password salt and calculate password hash
$passwordSalt = UserDB::getPasswordSaltByEmail($_POST['email']);
$passwordHash = hash_pbkdf2("sha256", $_POST['password'], $passwordSalt, SecurityConfig::N_PASSWORD_HASH_ITERATIONS);
//Get user from database. This gets the user only if he's a member this year or if it's the admin account.
$user = UserDB::getAuthUserByEmail($_POST['email']);
if ($user->passwordHash == $passwordHash) {
//Put the user in session
$_SESSION['Stippers']['user'] = $user;
/*
At this point we have a POST request with data from the login form. Because of that the router will try to run 'POST'
on the controller of the requested page. This is incorrect and instead it should 'GET' the requested page.
By forcing the REQUEST_METHOD to GET we trick the router into calling 'GET' on the controller.
*/
$_SERVER['REQUEST_METHOD'] = 'GET';
/*
We're redirecting to another page, so we don't want the login details to be in post for that page.
For example the user search pages will pre populate their fields with this data if we don't clear it.
*/
unset($_POST);
//If we directly request the login page we redirect to the home page
if (explode('?', str_replace(DomainConfig::DOMAIN_SUFFIX, '', strtolower($_SERVER['REQUEST_URI'])), 2)[0] == 'login') {
header('Location: home', true, 303);
}
} else {
$page = new Page();
$page->data['title'] = 'Login';
$page->data['LoginView']['login_formAction'] = $_SERVER['REQUEST_URI'];
$page->data['LoginView']['email'] = $_POST['email'];
$page->data['LoginView']['errMsgs']['global'] = '<h2 class="error_message" id="login_form_error_message">E-mailadres en/of wachtwoord onjuist.</h2>';
$page->addView('authorization/LoginView');
$page->addView('authorization/UserOfPastYearView');
$page->showWithMenu();
}
} catch (Exception $ex) {
if (is_a($ex, 'UserDBException')) {
$page = new Page();
$page->data['title'] = 'Login';
$page->data['LoginView']['login_formAction'] = $_SERVER['REQUEST_URI'];
$page->data['LoginView']['email'] = $_POST['email'];
// If the user doesn't exist we show the invalid credentials error, otherwise a generic error.
if ($ex->getCode() == UserDBException::NOUSERFOREMAIL) {
$page->data['LoginView']['errMsgs']['global'] = '<h2 class="error_message" id="login_form_error_message">E-mailadres en/of wachtwoord onjuist.</h2>';
} else {
$page->data['LoginView']['errMsgs']['global'] = '<h2 class="error_message" id="login_form_error_message">Kan niet aanmelden, probeer het opnieuw.</h2>';
}
$page->addView('authorization/LoginView');
$page->addView('authorization/UserOfPastYearView');
$page->showWithMenu();
}
}
} else {
$page = new Page();
$page->data['title'] = 'Login';
$page->data['LoginView']['login_formAction'] = $_SERVER['REQUEST_URI'];
$page->data['LoginView']['email'] = $_POST['email'];
$page->data['LoginView']['errMsgs'] = LoginViewValidator::initErrMsgs();
$page->data['LoginView']['errMsgs'] = array_merge($page->data['LoginView']['errMsgs'], $errMsgs);
$page->addView("authorization/LoginView");
$page->addView('authorization/UserOfPastYearView');
$page->showWithMenu();
}
}
