/** * Send a link to reset the password to user's email * @access public * @param int id * @return void */ public function sendPassword($id) { $session = Zend_Registry::get('session'); $seoOption = Zend_Registry::get('seo'); $value = $this->getUserBy('id', $id); if (!empty($value)) { $dotEmail = new Dot_Email(); $dotEmail->addTo($value['email']); $subject = str_replace('%SITENAME%', $seoOption->siteName, $this->option->forgotPassword->subject); $dotEmail->setSubject($subject); $userToken = Dot_Auth::generateUserToken($value['password']); $msg = str_replace(array('%FIRSTNAME%', '%SITE_URL%', '%USERID%', '%TOKEN%'), array($value['firstName'], $this->config->website->params->url, $value['id'], $userToken), $this->option->forgotPassword->message); $dotEmail->setBodyText($msg); $succeed = $dotEmail->send(); if ($succeed) { $session->message['txt'] = $this->option->infoMessage->emailSent . $value['email']; $session->message['type'] = 'info'; } else { $session->message['txt'] = $this->option->errorMessage->emailNotSent . $value['email']; $session->message['type'] = 'error'; } } else { $session->message['txt'] = $value['email'] . $this->option->infoMessage->emailNotFound; $session->message['type'] = 'info'; } }
/** * Add the user's token to the template * @access public * @return array */ public function addUserToken() { $dotAuth = Dot_Auth::getInstance(); $user = $dotAuth->getIdentity('user'); $this->setVar('USERTOKEN', Dot_Auth::generateUserToken($user->password)); }
} $userView->details('forgot_password', $data); break; case 'reset-password': // start by considering there are no errors, and we enable the form $disabled = false; // not sure if the form was submitted or not yet , either from Request or from POST $userId = array_key_exists('id', $registry->request) ? $registry->request['id'] : (isset($_POST['userId']) ? $_POST['userId'] : ''); $userToken = array_key_exists('token', $registry->request) ? $registry->request['token'] : (isset($_POST['userToken']) ? $_POST['userToken'] : ''); // get user info based on ID , and see if is valid $userInfo = $userModel->getUserInfo($userId); if (false == $userInfo) { $disabled = true; } else { // Check if the user's password match the token $expectedToken = Dot_Auth::generateUserToken($userInfo['password']); if ($expectedToken != $userToken) { $disabled = true; } } // we have errors, display the message and disable the form if (true == $disabled) { $session->message['txt'] = $registry->option->errorMessage->wrongResetPasswordUrl; $session->message['type'] = 'error'; } // IF the form was submmited and there are NO errors if ($_SERVER['REQUEST_METHOD'] === 'POST' && false == $disabled) { // POST values that will be validated $values['password'] = array('password' => isset($_POST['password']) ? $_POST['password'] : '', 'password2' => isset($_POST['password2']) ? $_POST['password2'] : ''); $dotValidateUser = new Dot_Validate_User(array('who' => 'user', 'action' => 'update', 'values' => $values, 'userId' => $userId)); if ($dotValidateUser->isValid()) {
/** * Check if a user's token is set and is correct * * @access public * @static * @param string $userToken * @param string $type - the identity that is checked (i.e. admin) * @return bool */ public static function checkUserToken($userToken, $type = 'admin') { if (is_null($userToken) || $userToken == '') { return false; } $dotAuth = Dot_Auth::getInstance(); $user = $dotAuth->getIdentity($type); if (Dot_Auth::generateUserToken($user->password) != $userToken) { return false; } return true; }