/**
* @since 1.6
*/
function processResetComplete($data)
{
// Get the form.
$form = $this->getResetCompleteForm();
// Check for an error.
if ($form instanceof Exception) {
return $form;
}
// Filter and validate the form data.
$data = $form->filter($data);
$return = $form->validate($data);
// Check for an error.
if ($return instanceof Exception) {
return $return;
}
// Check the validation results.
if ($return === false) {
// Get the validation messages from the form.
foreach ($form->getErrors() as $message) {
$this->setError($message);
}
return false;
}
// Get the token and user id from the confirmation process.
$app = JFactory::getApplication();
$token = $app->getUserState('com_users.reset.token', null);
$id = $app->getUserState('com_users.reset.user', null);
// Check the token and user id.
if (empty($token) || empty($id)) {
return new Exception(Lang::txt('COM_USERS_RESET_COMPLETE_TOKENS_MISSING'), 403);
}
// Get the user object.
$user = User::getInstance($id);
// Check for a user and that the tokens match.
if (empty($user) || $user->activation !== $token) {
$this->setError(Lang::txt('COM_USERS_USER_NOT_FOUND'));
return false;
}
// Make sure the user isn't blocked.
if ($user->block) {
$this->setError(Lang::txt('COM_USERS_USER_BLOCKED'));
return false;
}
// Initiate profile classs
$profile = User::getInstance($id);
if (\Hubzero\User\Helper::isXDomainUser($user->get('id'))) {
App::abort(403, Lang::txt('This is a linked account. To change your password you must change it using the procedures available where the account you are linked to is managed.'));
return;
}
$password_rules = \Hubzero\Password\Rule::all()->whereEquals('enabled', 1)->rows();
$password1 = $data['password1'];
$password2 = $data['password2'];
if (!empty($password1)) {
$msg = \Hubzero\Password\Rule::verify($password1, $password_rules, $profile->get('username'));
} else {
$msg = array();
}
include_once PATH_CORE . DS . 'components' . DS . 'com_members' . DS . 'helpers' . DS . 'utility.php';
if (!$password1 || !$password2) {
$this->setError(Lang::txt('you must enter your new password twice to ensure we have it correct'));
} elseif ($password1 != $password2) {
$this->setError(Lang::txt('the new password and confirmation you entered do not match. Please try again'));
} elseif (!\Components\Members\Helpers\Utility::validpassword($password1)) {
$this->setError(Lang::txt('the password you entered was invalid password. You may be using characters that are not allowed'));
} elseif (!empty($msg)) {
$this->setError(Lang::txt('the password does not meet site password requirements. Please choose a password meeting all the requirements listed below.'));
}
if ($this->getError()) {
$this->setError($this->getError());
return false;
}
// Encrypt the password and update the profile
$result = \Hubzero\User\Password::changePassword($profile->get('username'), $password1);
// Save the changes
if (!$result) {
$this->setError(Lang::txt('There was an error changing your password.'));
return false;
}
// Flush the user data from the session.
$app->setUserState('com_users.reset.token', null);
$app->setUserState('com_users.reset.user', null);
return true;
}
/**
* Processes the password set form
*
* @return void
*/
public function settingpasswordTask()
{
// Check for request forgeries
Session::checkToken('post') or exit(Lang::txt('JINVALID_TOKEN'));
// Get the token and user id from the verification process
$token = User::getState('com_users.reset.token', null);
$id = User::getState('com_users.reset.user', null);
$no_html = Request::getInt('no_html', 0);
// Check the token and user id
if (empty($token) || empty($id)) {
throw new Exception(Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_TOKENS_MISSING'), 403);
}
// Get the user object
$user = \Hubzero\User\User::oneOrFail($id);
// Check for a user and that the tokens match
if ($user->tokens()->latest()->token !== $token) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
return;
}
// Make sure the user isn't blocked
if ($user->get('block')) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
return;
}
if (\Hubzero\User\Helper::isXDomainUser($user->get('id'))) {
throw new Exception(Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_LINKED_ACCOUNT'), 403);
}
$password_rules = \Hubzero\Password\Rule::all()->whereEquals('enabled', 1)->rows();
$password1 = trim(Request::getVar('password1', null));
$password2 = trim(Request::getVar('password2', null));
if (!empty($password1)) {
$msg = \Hubzero\Password\Rule::verify($password1, $password_rules, $user->get('username'));
} else {
$msg = array();
}
require_once dirname(dirname(__DIR__)) . DS . 'helpers' . DS . 'utility.php';
$error = false;
$changing = true;
if (!$password1 || !$password2) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_TWICE');
} elseif ($password1 != $password2) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_DONT_MATCH');
} elseif (!\Components\Members\Helpers\Utility::validpassword($password1)) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_INVALID');
} elseif (!empty($msg)) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_FAILS_REQUIREMENTS');
}
// If we're resetting password to the current password, just return true
// That way you can't reset the counter on your current password, or invalidate it by putting it into history
if (\Hubzero\User\Password::passwordMatches($user->get('id'), $password1)) {
$error = false;
$changing = false;
$result = true;
}
if ($error) {
if ($no_html) {
$response = array('success' => false, 'message' => $error);
echo json_encode($response);
die;
} else {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), $error, 'warning');
return;
}
}
if ($changing) {
// Encrypt the password and update the profile
$result = \Hubzero\User\Password::changePassword($user->get('username'), $password1);
}
// Save the changes
if (!$result) {
if ($no_html) {
$response = array('success' => false, 'message' => Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_GENERIC'));
echo json_encode($response);
die;
} else {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_GENERIC'), 'warning');
return;
}
}
// Flush the user data from the session
User::setState('com_users.reset.token', null);
User::setState('com_users.reset.user', null);
if ($no_html) {
$response = array('success' => true, 'redirect' => Route::url('index.php?option=com_users&view=login', false));
echo json_encode($response);
die;
} else {
// Everything went well...go to the login page
App::redirect(Route::url('index.php?option=com_users&view=login', false), Lang::txt('COM_MEMBERS_CREDENTIALS_PASSWORD_RESET_COMPLETE'), 'passed');
}
}
/**
* Show a form for changing user password
*
* @return void
*/
public function changepasswordTask()
{
// Check if they're logged in
if (User::isGuest()) {
$rtrn = Request::getVar('REQUEST_URI', Route::url('index.php?option=' . $this->_controller . '&task=changepassword', false, true), 'server');
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode($rtrn), false));
}
// Incoming
$id = Request::getInt('id', 0);
$id = $id ?: User::get('id');
// Ensure we have an ID
if (!$id) {
App::abort(404, Lang::txt('COM_MEMBERS_NO_ID'));
}
// Check authorization
if (!User::authorise('core.manage', $this->_option) && User::get('id') != $id) {
App::abort(403, Lang::txt('MEMBERS_NOT_AUTH'));
}
// Initiate profile class
$profile = Member::oneOrFail($id);
// Ensure we have a member
if (!$profile->get('id')) {
App::abort(404, Lang::txt('COM_MEMBERS_NOT_FOUND'));
}
// Set the page title
$title = Lang::txt(strtoupper($this->_option));
$title .= $this->_task ? ': ' . Lang::txt(strtoupper($this->_option . '_' . $this->_task)) : '';
Document::setTitle($title);
// Set the pathway
if (Pathway::count() <= 0) {
Pathway::append(Lang::txt(strtoupper($this->_option)), 'index.php?option=' . $this->_option);
}
Pathway::append(stripslashes($profile->get('name')), 'index.php?option=' . $this->_option . '&id=' . $profile->get('id'));
Pathway::append(Lang::txt('COM_MEMBERS_' . strtoupper($this->_task)), 'index.php?option=' . $this->_option . '&id=' . $profile->get('id') . '&task=' . $this->_task);
// Load some needed libraries
if (\Hubzero\User\Helper::isXDomainUser(User::get('id'))) {
App::abort(403, Lang::txt('COM_MEMBERS_PASS_CHANGE_LINKED_ACCOUNT'));
}
// Incoming data
$change = Request::getVar('change', '', 'post');
$oldpass = Request::getVar('oldpass', '', 'post');
$newpass = Request::getVar('newpass', '', 'post');
$newpass2 = Request::getVar('newpass2', '', 'post');
$message = Request::getVar('message', '');
if (!empty($message)) {
$this->setError($message);
}
$this->view->title = $title;
$this->view->profile = $profile;
$this->view->change = $change;
$this->view->oldpass = $oldpass;
$this->view->newpass = $newpass;
$this->view->newpass2 = $newpass2;
$this->view->validated = true;
$password_rules = \Hubzero\Password\Rule::all()->whereEquals('enabled', 1)->rows();
$this->view->password_rules = array();
foreach ($password_rules as $rule) {
if (!empty($rule['description'])) {
$this->view->password_rules[] = $rule['description'];
}
}
if (!empty($newpass)) {
$msg = \Hubzero\Password\Rule::verify($newpass, $password_rules, $profile->get('username'));
} else {
$msg = array();
}
// Blank form request (no data submitted)
if (empty($change)) {
$this->view->setErrors($this->getErrors())->display();
return;
}
$passrules = false;
if (!\Hubzero\User\Password::passwordMatches($profile->get('id'), $oldpass, true)) {
$this->setError(Lang::txt('COM_MEMBERS_PASS_INCORRECT'));
} elseif (!$newpass || !$newpass2) {
$this->setError(Lang::txt('COM_MEMBERS_PASS_MUST_BE_ENTERED_TWICE'));
} elseif ($newpass != $newpass2) {
$this->setError(Lang::txt('COM_MEMBERS_PASS_NEW_CONFIRMATION_MISMATCH'));
} elseif ($oldpass == $newpass) {
// make sure the current password and new password are not the same
// this should really be done in the password rules validation step
$this->setError(Lang::txt('Your new password must be different from your current password'));
} elseif (!empty($msg)) {
$this->setError(Lang::txt('Password does not meet site password requirements. Please choose a password meeting all the requirements listed below.'));
$this->view->set('validated', $msg);
$passrules = true;
}
if ($this->getError()) {
$change = array();
$change['_missing']['password'] = $this->getError();
if (!empty($msg) && $passrules) {
$change['_missing']['password'] .= '<ul>';
foreach ($msg as $m) {
$change['_missing']['password'] .= '<li>';
$change['_missing']['password'] .= $m;
$change['_missing']['password'] .= '</li>';
}
$change['_missing']['password'] .= '</ul>';
}
if (Request::getInt('no_html', 0)) {
echo json_encode($change);
exit;
} else {
$this->view->setError($this->getError())->display();
return;
}
}
// Encrypt the password and update the profile
$result = \Hubzero\User\Password::changePassword($profile->get('id'), $newpass);
// Save the changes
if (!$result) {
$this->view->setError(Lang::txt('MEMBERS_PASS_CHANGE_FAILED'))->display();
return;
}
// Redirect user back to main account page
$return = base64_decode(Request::getVar('return', '', 'method', 'base64'));
$this->_redirect = $return ? $return : Route::url('index.php?option=' . $this->_option . '&id=' . $id);
$session = App::get('session');
// Redirect user back to main account page
if (Request::getInt('no_html', 0)) {
if ($session->get('badpassword', '0') || $session->get('expiredpassword', '0')) {
$session->set('badpassword', '0');
$session->set('expiredpassword', '0');
}
echo json_encode(array("success" => true));
exit;
} else {
if ($session->get('badpassword', '0') || $session->get('expiredpassword', '0')) {
$session->set('badpassword', '0');
$session->set('expiredpassword', '0');
}
}
}
