2016-09-02 11:17:10 +02:00
< ? php
/*****************************************************************************
* ResetPassword . php
* Contains the controller for the reset password procedure .
*
* Kabuki CMS ( C ) 2013 - 2016 , Aaron van Geffen
*****************************************************************************/
class ResetPassword extends HTMLController
{
public function __construct ()
{
// Already logged in? Then you don't need this.
if ( Registry :: get ( 'user' ) -> isLoggedIn ())
throw new UserFacingException ( 'You are already logged in.' );
// Verifying an existing reset key?
if ( isset ( $_GET [ 'step' ], $_GET [ 'email' ], $_GET [ 'key' ]) && $_GET [ 'step' ] == 2 )
{
$email = rawurldecode ( $_GET [ 'email' ]);
2024-11-05 16:44:54 +01:00
$user = Member :: fromEmailAddress ( $email );
if ( ! $user )
2016-09-02 11:17:10 +02:00
throw new UserFacingException ( 'Invalid email address. Please make sure you copied the full link in the email you received.' );
$key = $_GET [ 'key' ];
2024-11-05 16:44:54 +01:00
if ( ! Authentication :: checkResetKey ( $user -> getUserId (), $key ))
2016-09-02 11:17:10 +02:00
throw new UserFacingException ( 'Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.' );
parent :: __construct ( 'Reset password - ' . SITE_TITLE );
$form = new PasswordResetForm ( $email , $key );
$this -> page -> adopt ( $form );
// Are they trying to set something already?
if ( isset ( $_POST [ 'password1' ], $_POST [ 'password2' ]))
{
$missing = [];
if ( strlen ( $_POST [ 'password1' ]) < 6 || ! preg_match ( '~[^A-z]~' , $_POST [ 'password1' ]))
$missing [] = 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).' ;
if ( $_POST [ 'password1' ] != $_POST [ 'password2' ])
$missing [] = 'The passwords you entered do not match.' ;
// So, are we good to go?
if ( empty ( $missing ))
{
2024-11-05 16:44:54 +01:00
Authentication :: updatePassword ( $user -> getUserId (), Authentication :: computeHash ( $_POST [ 'password1' ]));
2016-09-02 11:17:10 +02:00
$_SESSION [ 'login_msg' ] = [ 'Your password has been reset' , 'You can now use the form below to log in to your account.' , 'success' ];
header ( 'Location: ' . BASEURL . '/login/' );
exit ;
}
else
2023-03-11 13:30:02 +01:00
$form -> adopt ( new Alert ( 'Some fields require your attention' , '<ul><li>' . implode ( '</li><li>' , $missing ) . '</li></ul>' , 'danger' ));
2016-09-02 11:17:10 +02:00
}
}
else
{
parent :: __construct ( 'Reset password - ' . SITE_TITLE );
$form = new ForgotPasswordForm ();
$this -> page -> adopt ( $form );
// Have they submitted an email address yet?
if ( isset ( $_POST [ 'emailaddress' ]) && preg_match ( '~^.+@.+\.[a-z]+$~' , trim ( $_POST [ 'emailaddress' ])))
{
2024-11-05 16:44:54 +01:00
$user = Member :: fromEmailAddress ( $_POST [ 'emailaddress' ]);
if ( ! $user )
2016-09-02 11:17:10 +02:00
{
2023-03-11 13:30:02 +01:00
$form -> adopt ( new Alert ( 'Invalid email address' , 'The email address you provided could not be found in our system. Please try again.' , 'danger' ));
2016-09-02 11:17:10 +02:00
return ;
}
2024-11-05 16:44:54 +01:00
Authentication :: setResetKey ( $user -> getUserId ());
Email :: resetMail ( $user -> getUserId ());
2016-09-02 11:17:10 +02:00
// Show the success message
$this -> page -> clear ();
$box = new DummyBox ( 'An email has been sent' );
$box -> adopt ( new Alert ( '' , 'We have sent an email to ' . $_POST [ 'emailaddress' ] . ' containing details on how to reset your password.' , 'success' ));
$this -> page -> adopt ( $box );
}
}
}
}