public function indexAction() { if (Zend_Auth::getInstance()->hasIdentity()) { return $this->_redirect('/'); } // process the form $form = new Application_Form_Register(); if ($this->getRequest()->isPost()) { if ($form->isValid($_POST)) { if ($form->getValue('password') == $form->getValue('password_confirm')) { /** * Check if a user with the given username or email already * exists */ $user_mapper = new Application_Model_UserMapper(); $user = $user_mapper->findByUsername($form->getValue('username')); $email = $user_mapper->findByEmail($form->getValue('email')); if (!$user && !$email) { $values = $form->getValues(); $user_mapper = new Application_Model_UserMapper(); $user = new Application_Model_User($values); // Hash the password with a random salt $user->setPassword_salt(mcrypt_create_iv(64)); $user->setPassword_hash(hash('sha256', $user->getPassword_salt() . $form->getValue('password'))); $user->setActive(0); // Insert the account into the database $user_mapper->save($user); $user = $user_mapper->findByUsername($user->getUsername()); if ($user) { $user = $user[0]; // prompt the user to activate the account $this->_helper->FlashMessenger('Successful Registration'); return $this->_redirect('/registration/confirm/id/' . $user->getId()); } } else { if ($user) { print "A user with this user name already exists."; } if ($email) { print "A user with this email already exists."; } } } else { print "The password was not confirmed."; } } else { print 'Invalid form'; } } $this->view->form = $form; }
public function forgotPasswordAction() { if (Zend_Auth::getInstance()->hasIdentity()) { return $this->_redirect('/'); } // process the form $form = new Application_Form_PasswordForgot(); if ($this->getRequest()->isPost() && $form->isValid($_POST)) { // check if the user exists $user_mapper = new Application_Model_UserMapper(); $user = $user_mapper->findByEmail($form->getValue('email')); if ($user) { $user = $user[0]; /** * Generate a random reset key unique to the account. Insert * it into a link, and email it to the user. If the user opens * the link within 24 hours, the user can reset the password */ $password_reset_mapper = new Application_Model_PasswordResetMapper(); $password_reset = new Application_Model_PasswordReset(); $password_reset_key = ''; $duplicate_password_reset_key = true; while ($duplicate_password_reset_key) { $random = mcrypt_create_iv(64); $password_reset_key = hash('sha256', $random . $user->getPassword_salt() . $user->getUsername() . $user->getPassword_hash()); $duplicate_password_reset_key = $password_reset_mapper->findByPassword_reset_key($password_reset_key); } $password_reset->setUser_id($user->getId())->setPassword_reset_key($password_reset_key)->setCreated(date('Y-m-d H:i:s')); $password_reset_mapper->save($password_reset, true); $to = $user->getEmail(); $subject = 'Password Reset'; $txt = "You have requested to have your password reset.\n <br/>\n <br/>\n To reset your password, follow this <a href='zf1.local/auth/reset-password/password_reset_key/{$password_reset_key}'>link</a>.\n <br/>\n <br/>\n This link will expire after 24 hours."; $headers = ''; // mail($to, $subject, $txt, $headers); mail($to, $subject, $txt); echo "An email has been sent to the user. Instructions to reset the user's password are enclosed in the email."; } else { echo "Invalid email"; } } $this->view->form = $form; }
public function editAction() { if (!Zend_Auth::getInstance()->hasIdentity()) { return $this->_redirect('/'); } $user = new Zend_Session_Namespace('user'); // process the form $form = new Application_Form_UserEdit(); if ($this->getRequest()->isPost()) { if ($form->isValid($_POST)) { /** * Because some fields are excluded from the form, they will be * set manually */ $id = $user->user['id']; $username = $user->user['username']; $password_salt = $user->user['password_salt']; $password_hash = $user->user['password_hash']; if ($form->getValue('password') == $form->getValue('password_confirm')) { /** * Check if the user changed the email to one that is * already in use */ $user_mapper = new Application_Model_UserMapper(); $email = $user_mapper->findByEmail($form->getValue('email')); $duplicate = false; if ($email) { $email = $email[0]; if ($id != $email->getId()) { $duplicate = true; } } if (!$duplicate) { // update the user $values = $form->getValues(); $user_mapper = new Application_Model_UserMapper(); $user = new Application_Model_User($values); $user->setId($id); $user->setUsername($username); $user->setPassword_salt($password_salt); $user->setPassword_hash($password_hash); $user->setActive(1); $user_mapper->save($user); // update the session $session = new Zend_Session_Namespace('user'); $session->user = $user->get_array(); $this->_helper->FlashMessenger('Successful Update'); return $this->_redirect('/user'); } else { print "A user with this email already exists."; } } else { print "The password was not confirmed."; } } else { print 'Invalid form'; } } // populate the form with the user's information $elements = $form->getElements(); unset($elements['submit']); foreach ($elements as $key => $row) { $form->{$key}->setValue($user->user[$key]); } $this->view->form = $form; }