/**
* Password recovery for user accounts using email or username.
* Password reset string is sent to users email.
*
* @param array $tag_params
* @param array $children
*/
public function recoverPasswordByEmail($tag_params, $children)
{
$result = array('error' => true, 'message' => '');
// make sure contact form module is enabled
if (!class_exists('contact_form')) {
if (_AJAX_REQUEST) {
$result['message'] = $this->parent->getLanguageConstant('message_no_contact_form');
print json_encode($result);
return;
} else {
$template = $this->parent->loadTemplate($tag_params, 'message.xml');
$result['message'] = $this->parent->getLanguageConstant('message_no_contact_form');
$template->restoreXML();
$template->setLocalParams($result);
$template->parse();
return;
}
}
if (!class_exists('captcha')) {
if (_AJAX_REQUEST) {
$result['message'] = $this->parent->getLanguageConstant('message_no_captcha');
print json_encode($result);
return;
} else {
$template = $this->parent->loadTemplate($tag_params, 'message.xml');
$result['message'] = $this->parent->getLanguageConstant('message_no_captcha');
$template->restoreXML();
$template->setLocalParams($result);
$template->parse();
return;
}
}
// get required module instances
$manager = UserManager::getInstance();
$verification_manager = UserVerificationManager::getInstance();
$contact_form = contact_form::getInstance();
$captcha_module = captcha::getInstance();
$username = null;
$email = null;
$captcha = null;
$conditions = array();
// get username
if (array_key_exists('username', $tag_params)) {
$username = fix_chars($tag_params['username']);
}
if (is_null($username) && array_key_exists('username', $_REQUEST)) {
$username = fix_chars($_REQUEST['username']);
}
// get email
if (array_key_exists('email', $tag_params)) {
$email = fix_chars($tag_params['email']);
}
if (is_null($email) && array_key_exists('email', $_REQUEST)) {
$email = fix_chars($_REQUEST['email']);
}
// get captcha value
if (array_key_exists('captcha', $tag_params)) {
$captcha = fix_chars($tag_params['captcha']);
}
if (is_null($captcha) && array_key_exists('captcha', $_REQUEST)) {
$captcha = fix_chars($_REQUEST['captcha']);
}
// get user from the database
if (!is_null($username)) {
$conditions['username'] = $username;
}
if (!is_null($email)) {
$conditions['email'] = $email;
}
$user = $manager->getSingleItem($manager->getFieldNames(), $conditions);
$captcha_valid = $captcha_module->isCaptchaValid($captcha);
// send email
if (is_object($user) && $captcha_valid) {
$code = $contact_form->generateVerificationCode($user->username, $user->email);
// insert verification code
$verification_data = array('user' => $user->id, 'code' => $code);
$verification_manager->insertData($verification_data);
// prepare email
$fields = array('fullname' => $user->fullname, 'username' => $user->username, 'email' => $user->email, 'code' => $code);
$mailer = $contact_form->getMailer();
$sender = $contact_form->getSender();
$recipients = $contact_form->getRecipients();
$template = $contact_form->getTemplate($this->parent->settings['template_recovery']);
// start creating message
$mailer->start_message();
$mailer->set_subject($template['subject']);
$mailer->set_sender($sender['address'], $sender['name']);
foreach ($recipients as $recipient) {
$mailer->add_recipient($recipient['address'], $recipient['name']);
}
$mailer->set_body($template['plain_body'], $template['html_body']);
$mailer->set_variables($fields);
// send email
$result['error'] = !$mailer->send();
if (!$result['error']) {
$result['message'] = $this->parent->getLanguageConstant('message_password_recovery_email_sent');
} else {
$result['message'] = $this->parent->getLanguageConstant('message_password_reocvery_email_error');
}
} elseif (is_object($user) && !$captcha_valid) {
$result['message'] = $this->parent->getLanguageConstant('message_users_error_captcha');
} else {
$result['message'] = $this->parent->getLanguageConstant('message_no_user');
}
// show response
if (_AJAX_REQUEST) {
print json_encode($result);
} else {
$template = $this->parent->loadTemplate($tag_params, 'message.xml');
$template->restoreXML();
$template->setLocalParams($result);
$template->parse();
}
return !$result['error'];
}
/**
* Perform AJAX login
*/
private function json_Login()
{
$captcha_ok = false;
$username = fix_chars($_REQUEST['username']);
$password = fix_chars($_REQUEST['password']);
$captcha = isset($_REQUEST['captcha']) ? fix_chars($_REQUEST['captcha']) : '';
$lasting_session = isset($_REQUEST['lasting']) && ($_REQUEST['lasting'] == 'on' || $_REQUEST['lasting'] == '1') ? true : false;
$result = array('logged_in' => false, 'show_captcha' => false, 'message' => '');
$manager = UserManager::getInstance();
$retry_manager = LoginRetryManager::getInstance();
// prepare hashed password
$test_user = $manager->getSingleItem(array('salt'), array('username' => $username));
if (is_object($test_user) && !empty($test_user->salt)) {
// hash password using stored salt
$hashed_password = hash_hmac('sha256', $password, $test_user->salt);
} else {
// old salting method
$hashed_password = hash_hmac('sha256', $password, UserManager::SALT);
}
// get user based with password
$user = $manager->getSingleItem($manager->getFieldNames(), array('username' => $username, 'password' => array($password, $hashed_password)));
$retry_count = $retry_manager->getRetryCount();
// check captcha
if ($retry_count > 3) {
// on purpose we make a separate condition, if captcha
// module is not loaded, block IP address for one day
if (class_exists('captcha')) {
$captcha_module = captcha::getInstance();
$captcha_ok = $captcha_module->isCaptchaValid($captcha);
$captcha_module->resetCaptcha();
}
} else {
$captcha_ok = true;
}
// check user data
if (is_object($user) && $captcha_ok && $user->verified) {
// remove login retries
$retry_manager->clearAddress();
// change session type
if ($lasting_session) {
Session::change_type(Session::TYPE_EXTENDED);
}
// set session variables
$_SESSION['uid'] = $user->id;
$_SESSION['logged'] = true;
$_SESSION['level'] = $user->level;
$_SESSION['username'] = $user->username;
$_SESSION['fullname'] = $user->fullname;
$result['logged_in'] = true;
} elseif (is_object($user) && $captcha_ok && !$user->verified) {
// user is logged but account is not verified
$result['message'] = $this->parent->getLanguageConstant('message_users_account_not_verified');
} else {
// user is not logged in properly, increase fail
// counter and present login window with message
$count = $retry_manager->increaseCount();
$result['message'] = $this->parent->getLanguageConstant('message_login_error');
$result['show_captcha'] = $count > 3;
}
print json_encode($result);
}
