public function indexAction() { //TODO: Überprüfung auf Passwort und unique E-Mail auch in EditController $namespace = new Zend_Session_Namespace('user'); if ($this->getRequest()->isPost() and $this->form->isValid($this->getRequest()->getParams())) { if ($this->form->getValue('Token') == $namespace->Token) { //get parameters for test of unique username $userTable = new User(); $tableRow = User::COL_USERNAME; $value = $this->getRequest()->getParam(User::COL_USERNAME); if ($this->getRequest()->getParam(User::COL_PASSWORD) != $this->getRequest()->getParam(User_Form_Edit::PASSWORD_CLONE)) { $element = $this->form->getElement(User_Form_Edit::PASSWORD_CLONE); $element->addError("Error: Your password and the repeating don't match."); $this->form->markAsError(); return $this->render('index'); } elseif (Default_SimpleQuery::isValueInTableColumn($value, $userTable, $tableRow, 'string')) { $element = $this->form->getElement(User::COL_USERNAME); $element->addError("Error: This username is already used."); $this->form->markAsError(); return $this->render('index'); } else { try { //values checked, insert $guid = Ble422_Guid::getGuid(); $userTable = new User(); $userTable->getAdapter()->beginTransaction(); $userId = $userTable->insert(array(User::COL_USERNAME => $this->form->getValue(User::COL_USERNAME), User::COL_FIRSTNAME => $this->form->getValue(User::COL_FIRSTNAME), User::COL_LASTNAME => $this->form->getValue(User::COL_LASTNAME), User::COL_PASSWORD => "{SHA}" . base64_encode(pack("H*", sha1($this->form->getValue(User::COL_PASSWORD)))), User::COL_EMAIL => $this->form->getValue(User::COL_USERNAME), User::COL_INSTITUTION => $this->form->getValue(User::COL_INSTITUTION), User::COL_STREET => $this->form->getValue(User::COL_STREET), User::COL_COUNTRY => $this->form->getValue(User::COL_COUNTRY), User::COL_PHONE => $this->form->getValue(User::COL_PHONE), User::COL_FAX => $this->form->getValue(User::COL_FAX), User::COL_CITY => $this->form->getValue(User::COL_CITY), User::COL_GUID => $guid, User::COL_ACTIVE => 0)); $toAdress = $this->form->getValue(User::COL_USERNAME); $bodyText = "Please click this link to confirm your new account:\r\n" . Zend_Registry::get('APP_HOST') . '/default/registeruser/confirm/' . User::COL_GUID . '/' . $guid; $mail = new Default_Mail($toAdress, 'WebGR register user message', $bodyText); $mail->send(); $userTable->getAdapter()->commit(); $namespace->Token = ''; $this->redirectTo('success'); } catch (Exception $e) { $userTable->getAdapter()->rollBack(); throw new Exception('error at register a new user: '******'success'); } } else { //no post or some element(s) not valid //$this->form->setAction(Zend_Controller_Front::getInstance()->getBaseUrl()."/user/new"); if ($this->form->getValue('Token') == null) { $guid = new Ble422_Guid(); $namespace->Token = $guid->__toString(); $this->form->getElement('Token')->setValue($guid->__toString()); } } }
public function indexAction() { //remove all elements, only username (=e-mail) stays $this->form = new User_Form_Edit(); $elems = $this->form->getElements(); foreach ($elems as $elem) { if (!($elem->getName() == User::COL_USERNAME || $elem->getName() == 'submit')) { $this->form->removeElement($elem->getName()); } } //#####################new################################### $this->form->setDecorators(array('FormElements', array('HtmlTag', array('tag' => 'table', 'class' => 'login_form')), array('Description', array('placement' => 'prepend')), 'Form')); $this->form->setElementDecorators(array('ViewHelper', 'Errors', array('decorator' => array('td' => 'HtmlTag'), 'options' => array('tag' => 'td')), array('Label', array('tag' => 'td')), array('decorator' => array('tr' => 'HtmlTag'), 'options' => array('tag' => 'tr')))); //########################################################### if ($this->getRequest()->isPost()) { if ($this->form->isValid($this->getRequest()->getParams())) { //lookup if e-mail exists and send mail $e_mail = $this->form->getValue(User::COL_USERNAME); if (Default_SimpleQuery::isValueInTableColumn($e_mail, new User(), User::COL_USERNAME, 'string')) { $user = new User(); $select = $user->select(); $where = $user->getAdapter()->quoteInto(User::COL_USERNAME . ' = ?', $e_mail, 'string'); $select->where($where); $rowset = $user->fetchAll($select); if ($rowset->count() == 1) { $newGuid = Ble422_Guid::getGuid(); $data = array(User::COL_GUID => $newGuid); $user->update($data, $where); $toAdress = $this->form->getValue(User::COL_USERNAME); $host = Zend_Registry::get('APP_HOST'); $bodyText = 'Please click this link to reset your password:'******'/default/forgotpassword/myresetpassword/' . User::COL_GUID . '/' . $newGuid; $mail = new Default_Mail($toAdress, 'WebGR forgot password message', $bodyText); $mail->send(); } } //show message anyway, not depending on success Zend_Registry::set('MESSAGE', 'if you are known to the system, the message was sent'); $this->view->message = 'if you are known to the system, the message was sent'; $this->render('message'); } else { //not valid $this->view->form = $this->form; } } else { //not post $this->view->form = $this->form; } //prevent robots and abuser to: //- send e-mail to all possible e-mail adresses //- send massive multiple e-mails to known adress //- e-mail server dos //lookup if e-mail exists and send mail //show message anyway, not depending on success }