public function control() { $controller = new LoginController(true); if ($this->is_missing_param) { $controller->addErrorMessage('Invalid account activation credentials.'); } else { $owner_dao = DAOFactory::getDAO('OwnerDAO'); $acode = $owner_dao->getActivationCode($_GET['usr']); if ($_GET['code'] == $acode['activation_code']) { $owner = $owner_dao->getByEmail($_GET['usr']); if (isset($owner) && isset($owner->is_activated)) { if ($owner->is_activated == 1) { $controller->addSuccessMessage("You have already activated your account. Please log in."); } else { $owner_dao->activateOwner($_GET['usr']); $controller->addSuccessMessage("Success! Your account has been activated. Please log in."); } } else { $controller->addErrorMessage('Houston, we have a problem: Account activation failed.'); } } else { $controller->addErrorMessage('Houston, we have a problem: Account activation failed.'); } } return $controller->go(); }
/** * Attempt to log in user via private API key and redirect to specified success or failure URLs based on result * with msg parameter set. * Expected $_GET parameters: * u: email address * k: private API key * failure_redir: failure redirect URL * success_redir: success redirect URL */ public function control() { $this->disableCaching(); if (!isset($_GET['success_redir']) || !isset($_GET['failure_redir']) || $_GET['success_redir'] == "" || $_GET['failure_redir'] == "") { if (!isset($_GET['success_redir']) || $_GET['success_redir'] == "") { $controller = new LoginController(true); $controller->addErrorMessage('No success redirect specified'); return $controller->go(); } if (!isset($_GET['failure_redir']) || $_GET['failure_redir'] == "") { $controller = new LoginController(true); $controller->addErrorMessage('No failure redirect specified'); return $controller->go(); } } else { $this->success_redir = $_GET['success_redir']; $this->failure_redir = $_GET['failure_redir']; if (!isset($_GET['u'])) { $this->fail('User is not set.'); } if (!isset($_GET['k'])) { $this->fail('API key is not set.'); } if ($this->isLoggedIn()) { Session::logout(); } $owner_dao = DAOFactory::getDAO('OwnerDAO'); if ($_GET['u'] == '' || $_GET['k'] == '') { if ($_GET['u'] == '') { $this->fail("Email must not be empty."); } else { $this->fail("API key must not be empty."); } } else { $user_email = $_GET['u']; if (get_magic_quotes_gpc()) { $user_email = stripslashes($user_email); } $owner = $owner_dao->getByEmail($user_email); if (!$owner) { $this->fail("Invalid email."); } elseif (!$owner->is_activated) { $error_msg = 'Inactive account.'; $this->fail($error_msg); // If the credentials supplied by the user are incorrect } elseif (!$owner_dao->isOwnerAuthorizedViaPrivateAPIKey($user_email, $_GET['k'])) { $error_msg = 'Invalid API key.'; $this->fail($error_msg); } else { // user has logged in sucessfully this sets variables in the session Session::completeLogin($owner); $owner_dao->updateLastLogin($user_email); $owner_dao->resetFailedLogins($user_email); $owner_dao->clearAccountStatus($user_email); $this->succeed("Logged in successfully."); } } } }
public function control() { $session = new Session(); $owner_dao = DAOFactory::getDAO('OwnerDAO'); $this->view_mgr->addHelp('reset', 'userguide/accounts/index'); $this->setViewTemplate('session.resetpassword.tpl'); $this->addHeaderJavaScript('assets/js/jqBootstrapValidation.js'); $this->addHeaderJavaScript('assets/js/validate-fields.js'); $this->disableCaching(); $config = Config::getInstance(); $this->addToView('is_registration_open', $config->getValue('is_registration_open')); if (!isset($_GET['token']) || !preg_match('/^[\\da-f]{32}$/', $_GET['token']) || !($user = $owner_dao->getByPasswordToken($_GET['token']))) { // token is nonexistant or bad $this->addErrorMessage('You have reached this page in error.'); return $this->generateView(); } if (!$user->validateRecoveryToken($_GET['token'])) { $this->addErrorMessage('Your token is expired.'); return $this->generateView(); } if (isset($_POST['password'])) { if ($_POST['password'] == $_POST['password_confirm']) { $login_controller = new LoginController(true); // Try to update the password if ($owner_dao->updatePassword($user->email, $_POST['password']) < 1) { $login_controller->addErrorMessage('Problem changing your password!'); } else { $owner_dao->activateOwner($user->email); $owner_dao->clearAccountStatus($user->email); $owner_dao->resetFailedLogins($user->email); $owner_dao->updatePasswordToken($user->email, ''); $login_controller->addSuccessMessage('You have changed your password.'); } return $login_controller->go(); } else { $this->addErrorMessage("Passwords didn't match."); } } else { if (isset($_POST['Submit'])) { $this->addErrorMessage('Please enter a new password.'); } } return $this->generateView(); }
public function control() { $session = new Session(); $owner_dao = DAOFactory::getDAO('OwnerDAO'); $this->setViewTemplate('session.resetpassword.tpl'); $this->disableCaching(); if (!isset($_GET['token']) || !preg_match('/^[\da-f]{32}$/', $_GET['token']) || (!$user = $owner_dao->getByPasswordToken($_GET['token']))) { // token is nonexistant or bad $this->addErrorMessage('You have reached this page in error.'); return $this->generateView(); } if (!$user->validateRecoveryToken($_GET['token'])) { $this->addErrorMessage('Your token is expired.'); return $this->generateView(); } if (isset($_POST['password'])) { if ($_POST['password'] == $_POST['password_confirm']) { $login_controller = new LoginController(true); if ($owner_dao->updatePassword($user->email, $session->pwdcrypt($_POST['password'])) < 1 ) { $login_controller->addErrorMessage('Problem changing your password!'); } else { $owner_dao->activateOwner($user->email); $owner_dao->clearAccountStatus($user->email); $login_controller->addSuccessMessage('You have changed your password.'); } return $login_controller->go(); } else { $this->addErrorMessage("Passwords didn't match."); } } else if (isset($_POST['Submit'])) { $this->addErrorMessage('Please enter a new password.'); } return $this->generateView(); }