private function validate($aUserData, $oUser) { $oFlash = Flash::getFlash(); $oFlash->setArrayToCheck($aUserData); $oFlash->checkForValue('username', 'username_required'); $oFlash->checkForValue('first_name', 'first_name_required'); $oFlash->checkForValue('last_name', 'last_name_required'); $oFlash->checkForEmail('email', 'valid_email'); if ($oUser->isNew() || $aUserData['username'] !== $oUser->getUsername()) { $oCheckedUser = UserQuery::create()->filterByUsername($aUserData['username'])->findOne(); if ($oCheckedUser !== null && $oCheckedUser->getId() !== $oUser->getId()) { $oFlash->addMessage('username_exists'); } } if ($aUserData['force_password_reset']) { // Nothing to validate, pass } else { if ($aUserData['password'] !== '') { if ($oUser->isSessionUser() && $oUser->getPassword() != null) { if ($aUserData['old_password'] == '') { $oFlash->addMessage('old_password_required'); } else { if (!PasswordHash::comparePassword($aUserData['old_password'], $oUser->getPassword())) { $oFlash->addMessage('old_password_invalid'); } } } if ($aUserData['password'] !== $aUserData['password_confirm']) { $oFlash->addMessage('password_confirm'); } PasswordHash::checkPasswordValidity($aUserData['password'], $oFlash); } else { if ($oUser->isNew()) { $oFlash->addMessage('password_new'); } } } $oFlash->finishReporting(); }
public static function loginNewPassword($sReferrer = '') { $oFlash = Flash::getFlash(); $oUser = UserQuery::create()->filterByUsername(trim($_REQUEST['recover_username']))->isActive()->findOne(); if ($oUser === null || md5($oUser->getPasswordRecoverHint()) !== $_REQUEST['recover_hint']) { $oFlash->addMessage('login.recovery.invalid'); return 'login'; } if ($_POST['new_password'] === '') { $oFlash->addMessage('login.empty_fields'); } PasswordHash::checkPasswordValidity($_POST['new_password'], $oFlash); if ($_POST['new_password'] !== $_POST['new_password_retype']) { $oFlash->addMessage('password_confirm'); } $oFlash->finishReporting(); if (!Flash::noErrors()) { return 'password_reset'; } //No errors – set new password, login and redirect UserPeer::ignoreRights(true); $oUser->setPassword($_POST['new_password']); $oUser->setPasswordRecoverHint(null); $oUser->save(); self::login($_POST['recover_username'], $_POST['new_password'], $sReferrer); return 'login'; }