/**
* Start recovery of a users password
*/
public function startPasswordRecovery()
{
$form = new sfc\Form(SSP_Path(), "noTable", "startPasswordRecovery");
$form->tplf = "passwordrecover.tpl";
$form->tpl = $this->tpl(array("title" => "Password recovery"));
$form->errorAutoFormDisplay = false;
$form->tda("loginPath", $this->cfg->logonScript);
$form->fe("text", "email", "Enter your registered email");
$form->fep("required=true,width=30, dataType=email");
$form->fe("submit", "submit", "Recover Password");
$form->fep("elClass=SSPFormButton");
if ($form->processForm($_POST)) {
if (!$form->error) {
// check for the email
$fields = array("UserId", "UserEmail", "UserName", "UserPassword");
$where["UserEmail"] = SSP_encrypt(trim($form->getField("email")));
$row = $this->db->getf($this->cfg->userTable, $fields, $where, "SSP user admin: getting user info for password recovery");
if ($this->db->numRows()) {
// found the email
$rowMisc = $this->db->get($this->cfg->userMiscTable, array("UserId" => $row->UserId), "Getting user name for password recovery");
if ($this->cfg->passwordRecovery == 0 or $this->cfg->encryptPassword) {
// use user change of password method
// Generate user response token
$token = SSP_ResponseToken($row->UserId, $this->cfg->recoverTime);
// generate email
if ($this->cfg->loginType == 1) {
// Supply user name if used for login
$content["UserName"] = $row["UserName"];
}
$content["link"] = $this->cfg->newPassword;
$content['token'] = $token;
$content["adminEmail"] = $this->cfg->adminEmail;
$email = new Email($this->cfg);
$email->noReplyEmail($content, "emailpasswordrecovery0.tpl", $row->UserEmail, $rowMisc->FirstName . " " . $rowMisc->FamilyName);
} else {
// email all info to the user
// generate email
if ($this->cfg->loginType == 1) {
// Supply user name if used for login
$content["UserName"] = $row["UserName"];
}
$content["UserPassword"] = $row["UserPassword"];
$content["adminEmail"] = $this->cfg->adminEmail;
$email = new Email($this->cfg);
$email->noReplyEmail($content, "emailpasswordrecovery1.tpl", $row->UserEmail, $rowMisc->FirstName . " " . $rowMisc->FamilyName);
}
$form->tda("sent");
$result = $form->create();
} else {
// email not found
$form->tda("error");
$result = $form->create();
}
} else {
$result = $form->create(true);
}
} else {
// display form
$result = $form->create();
}
return $result;
}
/**
* Check the data returned by the login form is for an existing user
* @param w34u\ssp\sfc\Form $form
* @return bool - true on existing user
*/
protected function loginFormCheck(&$form)
{
$passwordOk = false;
if ($this->cfg->loginType == 0) {
// encrypt email and password
$userEmail = SSP_encrypt(trim(strtolower($form->getField("email"))));
$userPassword = trim($form->getField("password"));
// check email and password
$where = array();
$where["UserEmail"] = $userEmail;
$userInfo = $this->db->get($this->cfg->userTable, $where, "SSP Logon: Getting user login data using email");
if ($this->db->numRows() > 0) {
// email and password found
if ($this->session->checkPassword($userPassword, $userInfo->UserPassword)) {
// password the same
$passwordOk = true;
} else {
$this->errorDesc = "Password not correct: '{$userPassword}'";
}
} else {
$this->errorDesc = "Email not found";
}
} elseif ($this->cfg->loginType == 1) {
// encrypt password
$userName = trim($form->getField("user"));
$userPassword = trim($form->getField("password"));
// check user name and password
$where = array();
$where["UserName"] = $userName;
$userInfo = $this->db->get($this->cfg->userTable, $where, "SSP Logon: Getting user login data using username");
if ($this->db->numRows() > 0) {
// user name found
if ($this->session->checkPassword($userPassword, $userInfo->UserPassword)) {
// password the same
$passwordOk = true;
} else {
$this->errorDesc = "Password not correct: '{$userPassword}'";
}
} else {
$this->errorDesc = "User name not found";
}
}
if ($passwordOk) {
$form->userInfo = $userInfo;
if ($this->rememberMe and $form->getField("rememberMe") == "1") {
$this->rememberMeSave = true;
}
}
return $passwordOk;
}
