public function resetPassword($login = null, $lostKey = null, $lostTime = null)
{
$r = Auth::userCanChangeHisPassword($login, $lostKey, $lostTime);
$passwordIsChanged = false;
if ($r === true) {
$urlForm = "../../index.php/Users/resetPassword?login="******"&lostKey=" . urlencode($lostKey) . "&lostTime=" . urlencode($lostTime);
# Save the new password
if (!empty($_POST)) {
# Test params
isset($_POST['login']) ? $login = $_POST['login'] : ($login = null);
isset($_POST['new_password']) ? $newPassword = $_POST['new_password'] : ($newPassword = null);
isset($_POST['new_password']) ? $new_password_confirm = $_POST['new_password_confirm'] : ($new_password_confirm = null);
# Get user id
$userId = UsersManagement::getUserIdByLogin($login);
# test if it is ok
if ($userId !== null && $newPassword !== null && $newPassword == $new_password_confirm && Util::checkPasswordLength($newPassword)) {
$db = DbUtil::accessFactory();
if (!$db->execute("UPDATE users SET password = '******' WHERE id = '" . $userId . "'")) {
$message = __('Please reconfirm your password');
$isError = true;
} else {
$message = __('Your password have been changed');
$isError = false;
$passwordIsChanged = true;
Auth::removeForgotPasswordState($login);
# Now reset the lostKey (for security)
}
} else {
$message = __('Please reconfirm your password');
$isError = true;
}
//var_dump($_POST);
} else {
# Display the form to change password
# Get Avaliable Langue
//$availableLanguages = Util::getAvailableLanguages();
//$userLanguage = Auth::getLanguage();
}
require_once DefaultFC::getView('changepassword.tpl');
} else {
if ($r == -1) {
die(__('Authorized time to change your password has expired, please restart the "forgot your password" process from the portal UI.'));
} else {
die(__('You are not authorized to view this page.'));
}
}
}
public static function userCanChangeHisPassword($login, $lostKey, $lostTime)
{
# Verify if the login exists
$db = DbUtil::accessFactory();
$login = urldecode($login);
$login = $db->db_escape_string($login);
$lostKey = $db->db_escape_string($lostKey);
$lostTime = $db->db_escape_string($lostTime);
$userId = UsersManagement::getUserIdByLogin($login);
# If login exists fill db with lost key and timestamp
if ($userId !== null) {
$currentTime = time();
$thresholdHour = VALIDE_LOST_KEY_PERIOD;
# 2h
$threshold = 3600 * $thresholdHour;
# number of seconde
# Store the state
$rs = $db->select('SELECT * FROM `users` WHERE `id` = \'' . $userId . '\' AND `lostKey` = \'' . $lostKey . '\' AND `lostTime` = \'' . $lostTime . '\'');
// var_dump($rs->count());
// var_dump($threshold);
// var_dump($currentTime - $lostTime);
if ($rs->count() == 1) {
if ($currentTime - $lostTime < $threshold) {
return true;
} else {
return -1;
}
# -1 means that the time is over
} else {
return false;
}
} else {
return false;
}
}
public function addDefaultWidget($username)
{
$userId = UsersManagement::getUserIdByLogin($username);
WidgetSpace::loadWidgetSpace($userId, DEFAULT_WIDGET_SPACE_ON_SIGNIN);
}
