/** * Updates the currently logged in user's account information (the user * associated with the API key) * * Params * =========================== * Required: * - firstName: The first name of the user * - lastName: The last name of the user * - emailAddress: The email address of the user * - timezone: The timezone of the user (America/New_York, etc.) * */ public function put($params) { if (!Zend_Auth::getInstance()->hasIdentity()) { throw new Ot_Exception_Access('msg-error-apiAccessDenied'); } $this->checkForEmptyParams(array('firstName', 'lastName', 'emailAddress', 'timezone'), $params); if (!in_array($params['timezone'], Ot_Model_Timezone::getTimezoneList())) { throw new Ot_Exception_Data('msg-error-invalidTimezone'); } $otAccount = new Ot_Model_DbTable_Account(); $accountId = Zend_Auth::getInstance()->getIdentity()->accountId; $data = array('accountId' => $accountId, 'firstName' => $params['firstName'], 'lastName' => $params['lastName'], 'emailAddress' => $params['emailAddress'], 'timezone' => $params['timezone']); $otAccount->update($data, null); return true; }
/** * Action for forgetting a password * */ public function passwordResetAction() { if (Zend_Auth::getInstance()->hasIdentity()) { $this->_helper->redirector->gotoRoute(array(), 'default', true); return; } $userKey = $this->_getParam('key', null); if (is_null($userKey)) { throw new Ot_Exception_Input('msg-error-noKeyFound'); } $loginOptions = Zend_Registry::get('applicationLoginOptions'); $key = $loginOptions['forgotpassword']['key']; $iv = $loginOptions['forgotpassword']['iv']; $cipher = $loginOptions['forgotpassword']['cipher']; $string = pack("H*", $userKey); $decryptKey = trim(mcrypt_decrypt($cipher, $key, $string, MCRYPT_MODE_CBC, $iv)); if (!preg_match('/[^@]*@[^-]*-[0-9]*/', $decryptKey)) { throw new Ot_Exception_Input('msg-error-invalidKey'); } $userId = preg_replace('/\\-.*/', '', $decryptKey); $ts = preg_replace('/^[^-]*-/', '', $decryptKey); $timestamp = new Zend_Date($ts); $now = new Zend_Date(); $now->subMinute((int) $loginOptions['forgotpassword']['numberMinutesKeyIsActive']); if ($timestamp->getTimestamp() < $now->getTimestamp()) { throw new Ot_Exception_Input('msg-error-keyExpired'); } $realm = preg_replace('/^[^@]*@/', '', $userId); $username = preg_replace('/@.*/', '', $userId); // Set up the auth adapter $authAdapter = new Ot_Model_DbTable_AuthAdapter(); $adapter = $authAdapter->find($realm); if (is_null($adapter)) { throw new Ot_Exception_Data($this->view->translate('ot-login-signup:realmNotFound', array('<b>' . $realm . '</b>'))); } if ($adapter->enabled == 0) { throw new Ot_Exception_Access('msg-error-authNotSupported'); } $className = (string) $adapter->class; $auth = new $className(); if (!$auth->manageLocally()) { throw new Ot_Exception_Access('msg-error-authNotSupported'); } $account = new Ot_Model_DbTable_Account(); $thisAccount = $account->getByUsername($username, $realm); if (is_null($thisAccount)) { throw new Ot_Exception_Data('msg-error-userAccountNotFound'); } $form = new Ot_Form_PasswordReset(); if ($this->_request->isPost()) { if ($form->isValid($_POST)) { if ($form->getValue('password') == $form->getValue('passwordConf')) { $data = array('accountId' => $thisAccount->accountId, 'password' => md5($form->getValue('password'))); $account->update($data, null); $this->_helper->messenger->addSuccess('msg-info-passwordReset'); $loggerOptions = array('attributeName' => 'accountId', 'attributeId' => $data['accountId']); $this->_helper->log(Zend_Log::INFO, 'User reset their password', $loggerOptions); $this->_helper->redirector->gotoRoute(array('realm' => $realm), 'login', true); } else { $this->_helper->messenger->addError('msg-error-passwordsNotMatch'); } } else { $this->_helper->messenger->addError('msg-error-invalidFormInfo'); } } $this->view->headScript()->appendFile($this->view->baseUrl() . '/public/scripts/ot/jquery.plugin.passStrength.js'); $this->_helper->pageTitle('ot-login-passwordReset:title'); $this->view->assign(array('form' => $form)); }
/** * allows a user to change their password * */ public function changePasswordAction() { $identity = Zend_Auth::getInstance()->getIdentity(); $account = new Ot_Model_DbTable_Account(); $thisAccount = $account->getByUsername($identity->username, $identity->realm); if (is_null($thisAccount)) { throw new Ot_Exception_Data('msg-error-noAccount'); } $otAuthAdapter = new Ot_Model_DbTable_AuthAdapter(); $thisAdapter = $otAuthAdapter->find($thisAccount->realm); $auth = new $thisAdapter->class(); if (!$auth->manageLocally()) { throw new Ot_Exception_Access('msg-error-authAdapterSupport'); } $form = new Ot_Form_ChangePassword(); if ($this->_request->isPost()) { if ($form->isValid($_POST)) { if ($form->getValue('newPassword') != $form->getValue('newPasswordConf')) { $this->_helper->messenger->addError('msg-error-passwordMismatch'); } if (md5($form->getValue('oldPassword')) != $thisAccount->password) { $this->_helper->messenger->addError('msg-error-passwordInvalidOriginal'); } if ($this->_helper->messenger->count('error') == 0) { $data = array('accountId' => $thisAccount->accountId, 'password' => md5($form->getValue('newPassword'))); $account->update($data, null); $this->_helper->messenger->addSuccess('msg-info-passwordChanged'); $loggerOptions = array('attributeName' => 'accountId', 'attributeId' => $thisAccount->accountId); $this->_helper->log(Zend_Log::INFO, 'User changed Password', $loggerOptions); $this->_helper->redirector->gotoRoute(array(), 'account', true); } } else { $this->_helper->messenger->addError('msg-error-invalidForm'); } } $this->view->headScript()->appendFile($this->view->baseUrl() . '/public/scripts/ot/jquery.plugin.passStrength.js'); $this->_helper->pageTitle('ot-account-changePassword:title'); $this->view->assign(array('form' => $form)); }