protected function _authenticateValidateResult($resultIdentity) { $hash = new Application_Plugin_Phpass(); $check = false; // auto-login if ($this->_credentialTreatment == 'autologin') { $check = true; } // again, try with md5 if (is_string($this->_credential) && md5($this->_credential) == $resultIdentity['password']) { $check = true; } // Check that hash value is correct if (is_string($this->_credential) && $hash->CheckPassword($this->_credential, $resultIdentity['password'])) { $check = true; } if (!$check) { $this->_authenticateResultInfo['code'] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID; $this->_authenticateResultInfo['messages'][] = 'Supplied credential is invalid.'; return $this->_authenticateCreateAuthResult(); } $this->_resultRow = $resultIdentity; $this->_authenticateResultInfo['code'] = Zend_Auth_Result::SUCCESS; $this->_authenticateResultInfo['messages'][] = 'Authentication successful.'; return $this->_authenticateCreateAuthResult(); }
/** * Edit user */ public function userAction() { $Profiles = new Application_Model_Profiles(); $ProfilesMeta = new Application_Model_ProfilesMeta(); $request = $this->getRequest(); $profile_id = $request->getParam('id', null); $profile = $Profiles->getProfileByField('id', $profile_id); $this->view->sidebar_editprofile = $profile; // attach sidebar box Zend_Registry::get('hooks')->attach('hook_view_sidebar', 5, function () { echo Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer')->view->render('/_sidebar/editprofile.phtml'); }); $edit_user_form = new Application_Form_AdminUser(); $this->view->edit_user_form = $edit_user_form; if ($request->isPost() && $profile_id && $edit_user_form->isValid($_POST)) { $elements = $edit_user_form->getElements(); // standard db fields foreach ($elements as $element) { $element_id = $element->getId(); // if column exists - save to main profiles table if (isset($profile->{$element_id})) { $profile->{$element_id} = $element->getValue(); } } // specific fields if ($edit_user_form->getValue('password1')) { $hash = new Application_Plugin_Phpass(); $profile->password = $hash->HashPassword($edit_user_form->getValue('password1')); } $profile->relogin_request = 1; $profile->save(); // notifications $bulk_notifications = array(); foreach ($elements as $element) { $element_id = $element->getId(); if (strstr($element_id, 'notification_email') !== false) { $bulk_notifications[$element_id] = $element->getValue(); } } $ProfilesMeta->metaUpdate('bulk_notifications', json_encode($bulk_notifications), $profile->id); // save all the rest to meta $elements = $edit_user_form->getElements(); $system_elements = array('identifier', 'formsubmit', 'profile_privacy', 'default_privacy', 'screen_name', 'language', 'password1', 'password2', 'activationkey', 'is_hidden', 'csrf', 'role', 'name', 'email', 'id'); // foreach meta elements foreach ($elements as $element) { $element_id = $element->getId(); $element_value = $element->getValue(); // skip system & readonly fields if (in_array($element_id, $system_elements)) { continue; } // skip notifications if (strstr($element_id, 'notification_email') !== false) { continue; } // custom date element? if ($element->helper == 'formDate') { if ($element_value) { $dateval = date("Y-m-d H:i:s", strtotime($element_value['day'] . '-' . $element_value['month'] . '-' . $element_value['year'])); $ProfilesMeta->metaUpdate($element_id, $dateval, $profile->id); } else { $ProfilesMeta->deleteProfilesMetaKey($profile->id, $element_id); } continue; } $ProfilesMeta->metaUpdate($element_id, $element_value, $profile->id); } Application_Plugin_Alerts::success($this->view->translate('User updated')); // flush url $this->redirect('admin/user/id/' . $profile_id); } }
/** * Register submit */ public function submitRegisterForm($form) { if ($form->isValid($_POST)) { $Profiles = new Application_Model_Profiles(); $name = $form->getValue('regname'); $email = $form->getValue('regemail'); $hash = new Application_Plugin_Phpass(); $password = $hash->HashPassword($form->getValue('regpassword')); $user = $Profiles->createRow(); $user->name = $name; $user->email = $email; $user->password = $password; if (Zend_Registry::get('config')->get('user_activation_disabled')) { // create new user withot activation & login $user->activationkey = 'activated'; $new_profile = $Profiles->createNewUser($user); // auto-login user and store identity $authAdapter = Application_Plugin_Common::getAuthAdapter(); $authAdapter->setIdentity($new_profile->email)->setCredential('whatever')->setCredentialTreatment('autologin'); $auth = Zend_Auth::getInstance(); $auth->authenticate($authAdapter); $identity = $authAdapter->getResultRowObject(); $authStorage = $auth->getStorage(); $authStorage->write($identity); // update last login date $ProfilesMeta = new Application_Model_ProfilesMeta(); $ProfilesMeta->metaUpdate('last_login', Application_Plugin_Common::now(), $identity->id); // show welcome message Application_Plugin_Alerts::success($this->view->translate('Welcome to the network.'), 'on'); } else { // create activation key and sent it to user email $key = $Profiles->generateActivationKey($email); $user->activationkey = $key; $ret = Application_Plugin_Common::sendActivationEmail($email, $name, $key); // email has been sent, proceed if ($ret) { // show success message Application_Plugin_Alerts::info(Zend_Registry::get('Zend_Translate')->translate('Please Check your Inbox and come back after you activate your account.'), 'off'); // build url $base_url = Application_Plugin_Common::getFullBaseUrl(); $resendactivation_link = $base_url . '/index/activate/resend/' . $user->name; Application_Plugin_Alerts::info('<a href="' . $resendactivation_link . '">' . Zend_Registry::get('Zend_Translate')->translate('Click here to resend the activation email') . '</a>', 'off', false); // create new user $new_profile = $Profiles->createNewUser($user); } else { // show error message Application_Plugin_Alerts::error(Zend_Registry::get('Zend_Translate')->translate('Something went wrong, email was not sent.'), 'off'); Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector')->gotoUrl(''); return; } } // flush url Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector')->gotoUrl(''); } return $form; }
/** * Change password with recover key */ public function recoverpasswordAction() { $this->_helper->_layout->setLayout('layout_wide'); $request = $this->getRequest(); // Get password change key if any $key = $request->getParam('key', false); $Profiles = new Application_Model_Profiles(); $ProfilesMeta = new Application_Model_ProfilesMeta(); if ($key) { $form = new Application_Form_ChangeForgottenPassword(); $profile_id = $ProfilesMeta->getProfileId('password_reset', $key); if ($profile_id) { $profile = $Profiles->getProfileByField('id', $profile_id); } } // Redirect if bad or no user if (!$key || !isset($profile) || !$profile) { $this->redirect(''); } $this->view->form = $form; // Form Submitted... if ($request->isPost() && $form->isValid($_POST)) { Application_Plugin_Common::redirectOnDemoAccount(); $newpassword = $form->getValue('password2'); $hash = new Application_Plugin_Phpass(); $hashed_password = $hash->HashPassword($newpassword); // update password $Profiles->updateField($profile->name, 'password', $hashed_password); // remove password reset key $ProfilesMeta->deletePair('password_reset', $key); Application_Plugin_Alerts::success($this->view->translate('Password updated')); // prepare phtml email template $mail_template_path = APPLICATION_PATH . '/views/emails/'; $view = new Zend_View(); $view->setScriptPath($mail_template_path); $body = $view->render('passwordnotice.phtml'); // send email as a security measure $ret = Application_Plugin_Common::sendEmail($profile->email, $this->view->translate('Password updated'), $body, true); $this->redirect(''); } }