/** * Start recovery of a users password */ public function startPasswordRecovery() { $form = new sfc\Form(SSP_Path(), "noTable", "startPasswordRecovery"); $form->tplf = "passwordrecover.tpl"; $form->tpl = $this->tpl(array("title" => "Password recovery")); $form->errorAutoFormDisplay = false; $form->tda("loginPath", $this->cfg->logonScript); $form->fe("text", "email", "Enter your registered email"); $form->fep("required=true,width=30, dataType=email"); $form->fe("submit", "submit", "Recover Password"); $form->fep("elClass=SSPFormButton"); if ($form->processForm($_POST)) { if (!$form->error) { // check for the email $fields = array("UserId", "UserEmail", "UserName", "UserPassword"); $where["UserEmail"] = SSP_encrypt(trim($form->getField("email"))); $row = $this->db->getf($this->cfg->userTable, $fields, $where, "SSP user admin: getting user info for password recovery"); if ($this->db->numRows()) { // found the email $rowMisc = $this->db->get($this->cfg->userMiscTable, array("UserId" => $row->UserId), "Getting user name for password recovery"); if ($this->cfg->passwordRecovery == 0 or $this->cfg->encryptPassword) { // use user change of password method // Generate user response token $token = SSP_ResponseToken($row->UserId, $this->cfg->recoverTime); // generate email if ($this->cfg->loginType == 1) { // Supply user name if used for login $content["UserName"] = $row["UserName"]; } $content["link"] = $this->cfg->newPassword; $content['token'] = $token; $content["adminEmail"] = $this->cfg->adminEmail; $email = new Email($this->cfg); $email->noReplyEmail($content, "emailpasswordrecovery0.tpl", $row->UserEmail, $rowMisc->FirstName . " " . $rowMisc->FamilyName); } else { // email all info to the user // generate email if ($this->cfg->loginType == 1) { // Supply user name if used for login $content["UserName"] = $row["UserName"]; } $content["UserPassword"] = $row["UserPassword"]; $content["adminEmail"] = $this->cfg->adminEmail; $email = new Email($this->cfg); $email->noReplyEmail($content, "emailpasswordrecovery1.tpl", $row->UserEmail, $rowMisc->FirstName . " " . $rowMisc->FamilyName); } $form->tda("sent"); $result = $form->create(); } else { // email not found $form->tda("error"); $result = $form->create(); } } else { $result = $form->create(true); } } else { // display form $result = $form->create(); } return $result; }
/** * Check the data returned by the login form is for an existing user * @param w34u\ssp\sfc\Form $form * @return bool - true on existing user */ protected function loginFormCheck(&$form) { $passwordOk = false; if ($this->cfg->loginType == 0) { // encrypt email and password $userEmail = SSP_encrypt(trim(strtolower($form->getField("email")))); $userPassword = trim($form->getField("password")); // check email and password $where = array(); $where["UserEmail"] = $userEmail; $userInfo = $this->db->get($this->cfg->userTable, $where, "SSP Logon: Getting user login data using email"); if ($this->db->numRows() > 0) { // email and password found if ($this->session->checkPassword($userPassword, $userInfo->UserPassword)) { // password the same $passwordOk = true; } else { $this->errorDesc = "Password not correct: '{$userPassword}'"; } } else { $this->errorDesc = "Email not found"; } } elseif ($this->cfg->loginType == 1) { // encrypt password $userName = trim($form->getField("user")); $userPassword = trim($form->getField("password")); // check user name and password $where = array(); $where["UserName"] = $userName; $userInfo = $this->db->get($this->cfg->userTable, $where, "SSP Logon: Getting user login data using username"); if ($this->db->numRows() > 0) { // user name found if ($this->session->checkPassword($userPassword, $userInfo->UserPassword)) { // password the same $passwordOk = true; } else { $this->errorDesc = "Password not correct: '{$userPassword}'"; } } else { $this->errorDesc = "User name not found"; } } if ($passwordOk) { $form->userInfo = $userInfo; if ($this->rememberMe and $form->getField("rememberMe") == "1") { $this->rememberMeSave = true; } } return $passwordOk; }