/** * Authorizes the user with his username and password. Initializes * the user session if the user data are valid. * * @access protected * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\RequestAbstract $request * @param \Zepi\Turbo\Response\Response $response * @return string|boolean */ protected function generateNewPassword(Framework $framework, RequestAbstract $request, Response $response) { $uuid = $request->getRouteParam('uuid'); $token = $request->getRouteParam('token'); if ($uuid === false || !$this->userManager->hasUserForUuid($uuid) || $token === false) { $response->redirectTo('/'); return; } // Load the user $user = $this->userManager->getUserForUuid($uuid); if ($user->getMetaData('passwordRequestToken') == '') { return array('result' => false, 'message' => $this->translate('You haven\'t requested a new password.', '\\Zepi\\Web\\AccessControl')); } // If the validate function returned a string there was an error in the validation. if ($user->getMetaData('passwordRequestToken') !== $token || $user->getMetaData('passwordRequestTokenLifetime') < time()) { return array('result' => false, 'message' => $this->translate('The given token is invalid or expired. Please request a new password.', '\\Zepi\\Web\\AccessControl')); } // Generate a new password $password = $this->generateRandomPassword(); // Save the new password $user->setNewPassword($password); // Reset the token $user->setMetaData('passwordRequestToken', ''); $user->setMetaData('passwordRequestTokenLifetime', 0); // Update the user $this->userManager->updateUser($user); // Send the request mail $this->mailHelper->sendMail($user->getMetaData('email'), $this->translate('New password generated', '\\Zepi\\Web\\AccessControl'), $this->render('\\Zepi\\Web\\AccessControl\\Mail\\GenerateNewPassword', array('user' => $user, 'password' => $password))); return array('result' => true, 'message' => $this->translate('Your new password is generated and saved. You will receive an email with the new password.', '\\Zepi\\Web\\AccessControl')); }
/** * Changes the password for the logged in user. * * @access protected * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Web\AccessControl\Entity\User $user */ protected function saveUser(WebRequest $request, User $user) { $formValues = $this->layout->getFormValues(); // Set the username $user->setName($formValues['required-data.username']); // Set the password to a new user or if the user has changed the password if ($user->isNew() || $formValues['required-data.password'] != '') { $user->setNewPassword($formValues['required-data.password']); } // Set the optional data $user->setMetaData('email', $formValues['optional-data.email']); $user->setMetaData('location', $formValues['optional-data.location']); $user->setMetaData('website', $formValues['optional-data.website']); $user->setMetaData('twitter', $formValues['optional-data.twitter']); $user->setMetaData('biography', $formValues['optional-data.biography']); // Save the user if ($user->isNew()) { $user = $this->userManager->addUser($user); } else { $this->userManager->updateUser($user); } if ($user === false) { return false; } // Save the access levels $this->accessControlManager->updatePermissions($user, $formValues['access-levels'], $request->getSession()->getUser()); return true; }
/** * Changes the password for the logged in user. * * @access protected * @param \Zepi\Web\UserInterface\Form\Form $form * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response */ protected function changePassword(Form $form, Framework $framework, WebRequest $request, Response $response) { // Get the logged in user $session = $request->getSession(); $user = $session->getUser(); // Get the password data $oldPassword = trim($form->getField('change-password', 'old-password')->getValue()); $newPassword = trim($form->getField('change-password', 'new-password')->getValue()); $newPasswordConfirmed = trim($form->getField('change-password', 'new-password-confirmed')->getValue()); $result = $this->validateData($framework, $user, $oldPassword, $newPassword, $newPasswordConfirmed); // If the validate function returned a string there was an error in the validation. if ($result !== true) { return $result; } // Change the password $user->setNewPassword($newPassword); // Get the UserManager to update the user $result = $this->userManager->updateUser($user); return $result; }
/** * Authorizes the user with his username and password. Initializes * the user session if the user data are valid. * * @access protected * @param \Zepi\Web\UserInterface\Form\Form $form * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\RequestAbstract $request * @param \Zepi\Turbo\Response\Response $response * @return string|boolean */ protected function sendRequest(Form $form, Framework $framework, RequestAbstract $request, Response $response) { $group = $form->searchPartByKeyAndType('user-data'); $username = trim($group->getPart('username')->getValue()); $result = $this->validateData($framework, $username); // If the validate function returned a string there was an error in the validation. if ($result !== true) { return $result; } // Load the user $user = $this->userManager->getUserForUsername($username); // Generate an request token $token = uniqid(md5($user->getMetaData('email')), true); $user->setMetaData('passwordRequestToken', $token); $user->setMetaData('passwordRequestTokenLifetime', time() + 3600); $this->userManager->updateUser($user); // Send the request mail $requestLink = $request->getFullRoute('/generate-new-password/' . $user->getUuid() . '/' . $token . '/'); $this->mailHelper->sendMail($user->getMetaData('email'), $this->translate('New password requested', '\\Zepi\\Web\\AccessControl'), $this->render('\\Zepi\\Web\\AccessControl\\Mail\\RequestNewPassword', array('user' => $user, 'requestLink' => $requestLink))); return true; }