public function testUpdate() { $id = DM\Users::toId($this->testName); $params = array('id' => $id, 'first_name' => '123', 'last_name' => '231', 'sex' => 'f', 'email' => 'f', 'password' => 'a', 'photo' => '/tmp/q.jpg', 'language_id' => 2, 'recover_hash' => '---', 'enabled' => 0, 'cid' => 1); DM\Users::update($params); $data = DM\Users::read($id); $params['password'] = md5('aero' . $params['password']); $this->assertArraySubset($params, $data); //updateByName unset($params['id']); $params['name'] = $this->testName; $params['password'] = '******'; $params['enabled'] = 1; DM\Users::updateByName($params); $data = DM\Users::read($id); $params['password'] = md5('aero' . $params['password']); $this->assertArraySubset($params, $data); //verify password $this->assertTrue(DM\Users::verifyPassword($id, 'b'), 'Wrong password'); //check id by mail $id = DM\Users::getIdByEmail('f'); $this->assertTrue(is_numeric($id), 'Cant get Id by mail'); //check id by recover hash $id = DM\Users::getIdByRecoveryHash('---'); $this->assertTrue(is_numeric($id), 'Cant get Id by recover hash'); //check owner $this->assertTrue(DM\Users::getOwnerId($id) == 1, 'different owner set'); }
/** * set new password for a user by his recovery hash * @param varchar $hash * @param varchar $password */ public static function setNewPasswordByRecoveryHash($hash, $password) { $rez = false; $id = DM\Users::getIdByRecoveryHash($hash); if (!empty($id)) { DM\Users::update(array('id' => $id, 'password' => $password, 'recover_hash' => null)); $rez = true; } return $rez; }
$coreUrl = Config::get('core_url'); switch ($action) { case 'forgot-password': break; case 'reset-password': //check if recover hash is given $hash = ''; if (!empty($_GET['h'])) { $hash = $_GET['h']; } if (!empty($_POST['h'])) { $hash = $_POST['h']; } if (!empty($hash)) { //process hash from get and check it $user_id = DM\Users::getIdByRecoveryHash($hash); if (empty($user_id)) { $_SESSION['msg'] = '<div class="alert alert-error">' . L\get('RecoverHashNotFound') . (IS_DEBUG_HOST ? $hash : '') . '</div>'; break; } //if recovery hash check passed - check and set new password if specified if (isset($_POST['p']) && isset($_POST['p2'])) { $p = $_POST['p']; $p2 = $_POST['p2']; if (empty($p) || $p != $p2) { $_SESSION['p_msg'] = L\get('PasswordMissmatch'); break; } User::setNewPasswordByRecoveryHash($hash, $p); $_SESSION['msg'] = '<div class="alert alert-success">' . L\get('PasswordChangedMsg') . '<br /> <br /><a href="' . $coreUrl . '">' . L\get('Login') . '</a></div>'; break;