/**
* Register User profile
*
* @access private
* @param array $_post _POST array
* @return void
*/
private function profiling($_post)
{
$msg = null;
// ther'is no permission check because each user can only change his profile
// handle _post
$post = array('lang' => $_post['lang'], 'username' => $_post['username'], 'description' => strip_tags($_post['description']), 'mail' => $_post['mail'], 'phone' => $_post['phone']);
// check for password update
if (!empty($_post['password'])) {
$post['password'] = X4Utils_helper::hashing($_post['password']);
}
$user = new User_model();
// check if username or email address are already used by another user
$check = (bool) $user->exists($post['username'], $post['mail'], $_SESSION['xuid']);
if ($check) {
$msg = AdmUtils_helper::set_msg($false, '', $this->dict->get_word('_USER_ALREADY_EXISTS', 'msg'));
} else {
// update profile
$result = $user->update($_SESSION['xuid'], $post);
// if user changes his password then send a reminder
if ($result[1] && !empty($_post['password'])) {
// build subject and message
$s = array('DOMAIN', 'USERNAME', 'PASSWORD');
$r = array($this->site->site->domain, $_post['username'], $_post['password']);
$subject = str_replace($s, $r, _SUBJECT_PROFILE);
$msg = str_replace($s, $r, _MSG_PROFILE);
$to = array(array('mail' => $_post['mail'], 'name' => $_post['username']));
// send
X4Mailer_helper::mailto(MAIL, false, $subject, $msg, $to);
}
// set message
$this->dict->get_words();
$msg = AdmUtils_helper::set_msg($result);
// set update
if ($result[1]) {
$msg->update[] = array('element' => 'topic', 'url' => urldecode(BASE_URL . 'profile'), 'title' => null);
}
}
$this->response($msg);
}
/**
* Reset password
* send an email with new credentials
*
* @param integer $id User ID
* @param string $md5 Encrypted verification code
* @return void
*/
public function reset($id, $md5)
{
$mod = new X4Auth_model('users');
$user = $mod->get_by_id($id, 'users', 'last_in, password, mail, username');
if ($user) {
// user exists
if (md5($user->last_in . SITE . $user->password) == $md5 && time() - strtotime($user->last_in) < 604800) {
$new_pwd = X4Text_helper::random_string(6);
$result = $mod->reset($user->mail, $new_pwd);
if ($result) {
// load dictionary
$this->dict->get_wordarray(array('login', 'pwd_recovery'));
$src = array('XXXUSERNAMEXXX', 'XXXPASSWORDXXX');
$rpl = array($user->username, $new_pwd);
$view = new X4View_core(X4Utils_helper::set_tpl('mail'));
$view->subject = SERVICE . ' - ' . _RECOVERY_SUBJECT;
$view->message = str_replace($src, $rpl, _RECOVERY_BODY_RESET);
// build msg
$body = $view->__toString();
$msg = mb_convert_encoding($body, 'ISO-8859-1', 'auto');
// recipients
$to = array(array('mail' => $user->mail, 'name' => $user->username));
$check = X4Mailer_helper::mailto(MAIL, true, $view->subject, $msg, $to, array());
X4Utils_helper::set_msg($check, _RECOVERY_PWD_OK, _MSG_ERROR);
header('Location: ' . BASE_URL . 'login/recovery');
die;
}
// log
if (LOGS) {
$mod->logger($user->id, 1, 'users', 'recovery password completed for ' . $user->mail);
}
} else {
if (LOGS) {
$mod->logger($user->id, 1, 'users', 'recovery password failed for ' . $user->mail);
}
}
} else {
if (LOGS) {
$mod->logger($user->id, 1, 'users', 'recovery password attempt from unknown id ' . $id);
}
}
X4Utils_helper::set_msg(false, '', _RECOVERY_PWD_ERROR);
header('Location: ' . BASE_URL . 'login/recovery');
die;
}