public function indexAction()
{
if (Zend_Auth::getInstance()->hasIdentity()) {
return $this->_redirect('/');
}
// process the form
$form = new Application_Form_Register();
if ($this->getRequest()->isPost()) {
if ($form->isValid($_POST)) {
if ($form->getValue('password') == $form->getValue('password_confirm')) {
/**
* Check if a user with the given username or email already
* exists
*/
$user_mapper = new Application_Model_UserMapper();
$user = $user_mapper->findByUsername($form->getValue('username'));
$email = $user_mapper->findByEmail($form->getValue('email'));
if (!$user && !$email) {
$values = $form->getValues();
$user_mapper = new Application_Model_UserMapper();
$user = new Application_Model_User($values);
// Hash the password with a random salt
$user->setPassword_salt(mcrypt_create_iv(64));
$user->setPassword_hash(hash('sha256', $user->getPassword_salt() . $form->getValue('password')));
$user->setActive(0);
// Insert the account into the database
$user_mapper->save($user);
$user = $user_mapper->findByUsername($user->getUsername());
if ($user) {
$user = $user[0];
// prompt the user to activate the account
$this->_helper->FlashMessenger('Successful Registration');
return $this->_redirect('/registration/confirm/id/' . $user->getId());
}
} else {
if ($user) {
print "A user with this user name already exists.";
}
if ($email) {
print "A user with this email already exists.";
}
}
} else {
print "The password was not confirmed.";
}
} else {
print 'Invalid form';
}
}
$this->view->form = $form;
}
public function forgotPasswordAction()
{
if (Zend_Auth::getInstance()->hasIdentity()) {
return $this->_redirect('/');
}
// process the form
$form = new Application_Form_PasswordForgot();
if ($this->getRequest()->isPost() && $form->isValid($_POST)) {
// check if the user exists
$user_mapper = new Application_Model_UserMapper();
$user = $user_mapper->findByEmail($form->getValue('email'));
if ($user) {
$user = $user[0];
/**
* Generate a random reset key unique to the account. Insert
* it into a link, and email it to the user. If the user opens
* the link within 24 hours, the user can reset the password
*/
$password_reset_mapper = new Application_Model_PasswordResetMapper();
$password_reset = new Application_Model_PasswordReset();
$password_reset_key = '';
$duplicate_password_reset_key = true;
while ($duplicate_password_reset_key) {
$random = mcrypt_create_iv(64);
$password_reset_key = hash('sha256', $random . $user->getPassword_salt() . $user->getUsername() . $user->getPassword_hash());
$duplicate_password_reset_key = $password_reset_mapper->findByPassword_reset_key($password_reset_key);
}
$password_reset->setUser_id($user->getId())->setPassword_reset_key($password_reset_key)->setCreated(date('Y-m-d H:i:s'));
$password_reset_mapper->save($password_reset, true);
$to = $user->getEmail();
$subject = 'Password Reset';
$txt = "You have requested to have your password reset.\n <br/>\n <br/>\n To reset your password, follow this <a href='zf1.local/auth/reset-password/password_reset_key/{$password_reset_key}'>link</a>.\n <br/>\n <br/>\n This link will expire after 24 hours.";
$headers = '';
// mail($to, $subject, $txt, $headers);
mail($to, $subject, $txt);
echo "An email has been sent to the user. Instructions to reset the user's password are enclosed in the email.";
} else {
echo "Invalid email";
}
}
$this->view->form = $form;
}
public function editAction()
{
if (!Zend_Auth::getInstance()->hasIdentity()) {
return $this->_redirect('/');
}
$user = new Zend_Session_Namespace('user');
// process the form
$form = new Application_Form_UserEdit();
if ($this->getRequest()->isPost()) {
if ($form->isValid($_POST)) {
/**
* Because some fields are excluded from the form, they will be
* set manually
*/
$id = $user->user['id'];
$username = $user->user['username'];
$password_salt = $user->user['password_salt'];
$password_hash = $user->user['password_hash'];
if ($form->getValue('password') == $form->getValue('password_confirm')) {
/**
* Check if the user changed the email to one that is
* already in use
*/
$user_mapper = new Application_Model_UserMapper();
$email = $user_mapper->findByEmail($form->getValue('email'));
$duplicate = false;
if ($email) {
$email = $email[0];
if ($id != $email->getId()) {
$duplicate = true;
}
}
if (!$duplicate) {
// update the user
$values = $form->getValues();
$user_mapper = new Application_Model_UserMapper();
$user = new Application_Model_User($values);
$user->setId($id);
$user->setUsername($username);
$user->setPassword_salt($password_salt);
$user->setPassword_hash($password_hash);
$user->setActive(1);
$user_mapper->save($user);
// update the session
$session = new Zend_Session_Namespace('user');
$session->user = $user->get_array();
$this->_helper->FlashMessenger('Successful Update');
return $this->_redirect('/user');
} else {
print "A user with this email already exists.";
}
} else {
print "The password was not confirmed.";
}
} else {
print 'Invalid form';
}
}
// populate the form with the user's information
$elements = $form->getElements();
unset($elements['submit']);
foreach ($elements as $key => $row) {
$form->{$key}->setValue($user->user[$key]);
}
$this->view->form = $form;
}
