/** * This activity either verifies the recover email and sets up the * appropriate data for a change password form or it verifies the * change password form data and changes the password. If verifications * error messages are set up * * @return array form data to be used by recover or signin views */ function recoverComplete() { $data = array(); $data['REFRESH'] = "signin"; $user_model = $this->model("user"); $visitor_model = $this->model("visitor"); $fields = array("user", "hash", "time"); if (isset($_REQUEST['finish_hash'])) { $fields = array("user", "finish_hash", "time", "password", "repassword"); } $recover_fail = "doMessage('<h1 class=\"red\" >" . tl('register_controller_account_recover_fail') . "</h1>');"; foreach ($fields as $field) { if (isset($_REQUEST[$field])) { $data[$field] = $this->clean($_REQUEST[$field], "string"); } else { $data['SCRIPT'] = $recover_fail; return $data; } } $user = $user_model->getUser($data["user"]); if (!$user) { $data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_account_recover_fail') . "</h1>');"; return $data; } $user_session = $user_model->getUserSession($user["USER_ID"]); if (isset($data['finish_hash'])) { $finish_hash = urlencode(crawlCrypt($user['HASH'] . $data["time"] . $user['CREATION_TIME'] . AUTH_KEY, urldecode($data['finish_hash']))); if ($finish_hash != $data['finish_hash'] || !$this->checkRecoveryQuestions($user)) { $visitor_model->updateVisitor($_SERVER['REMOTE_ADDR'], "captcha_time_out"); $data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_account_recover_fail') . "</h1>');"; return $data; } if ($data["password"] == $data["repassword"]) { if (isset($user_session['LAST_RECOVERY_TIME']) && $user_session['LAST_RECOVERY_TIME'] > $data["time"]) { $data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_recovered_already') . "</h1>');"; return $data; } else { if (time() - $data["time"] > ONE_DAY) { $data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_recovery_expired') . "</h1>');"; return $data; } else { $user["PASSWORD"] = $data["password"]; $user_model->updateUser($user); $data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_password_changed') . "</h1>');"; $user_session['LAST_RECOVERY_TIME'] = time(); $user_model->setUserSession($user["USER_ID"], $user_session); return $data; } } } else { $data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_passwords_dont_match') . "</h1>');"; } } else { $hash = crawlCrypt($user['HASH'] . $data["time"] . $user['USER_NAME'] . AUTH_KEY, $data['hash']); if ($hash != $data['hash']) { $visitor_model->updateVisitor($_SERVER['REMOTE_ADDR'], "captcha_time_out"); $data['SCRIPT'] = $recover_fail; return $data; } else { if (isset($user_session['LAST_RECOVERY_TIME']) && $user_session['LAST_RECOVERY_TIME'] > $data["time"]) { $data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_recovered_already') . "</h1>');"; return $data; } else { if (time() - $data["time"] > ONE_DAY) { $data['SCRIPT'] = "doMessage('<h1 class=\"red\" >" . tl('register_controller_recovery_expired') . "</h1>');"; return $data; } } } } if (!isset($user_session['RECOVERY']) || !isset($user_session['RECOVERY_ANSWERS'])) { $data['SCRIPT'] = $recover_fail; return $data; } $data['PASSWORD'] = ""; $data['REPASSWORD'] = ""; for ($i = 0; $i < self::NUM_RECOVERY_QUESTIONS; $i++) { $data["question_{$i}"] = ""; } $data["RECOVERY"] = $user_session['RECOVERY']; $data["REFRESH"] = "recover"; $data["RECOVER_COMPLETE"] = true; $data['finish_hash'] = urlencode(crawlCrypt($user['HASH'] . $data["time"] . $user['CREATION_TIME'] . AUTH_KEY)); return $data; }
/** * Used to update the fields stored in a USERS row according to * an array holding new values * * @param array $user updated values for a USERS row */ function updateUser($user) { $user_id = $user['USER_ID']; if (isset($user['IMAGE_STRING'])) { $folder = $this->getUserIconFolder($user_id); $image = @imagecreatefromstring($user['IMAGE_STRING']); $thumb_string = ImageProcessor::createThumb($image); file_put_contents($folder . "/user_icon.jpg", $thumb_string); clearstatcache($folder . "/user_icon.jpg"); } unset($user['USER_ID']); unset($user['USER_NAME']); unset($user['IMAGE_STRING']); unset($user['USER_ICON']); $sql = "UPDATE USERS SET "; $comma = ""; $params = array(); if ($user == array()) { return; } foreach ($user as $field => $value) { $sql .= "{$comma} {$field}=? "; $comma = ","; if ($field == "PASSWORD") { $params[] = crawlCrypt($value); } else { $params[] = $value; } } $sql .= " WHERE USER_ID=?"; $params[] = $user_id; $this->db->execute($sql, $params); }
/** * Changes the password of a given user * * @param string $username username of user to change password of * @param string $password new password for user * @return bool update successful or not. */ function changePassword($username, $password) { $sql = "UPDATE USERS SET PASSWORD=? WHERE USER_NAME = ? "; $result = $this->db->execute($sql, array(crawlCrypt($password), $username)); return $result != false; }