{
$this->initErrorHandling();
- //DB_DataObject::DebugLevel(1);
+ // DB_DataObject::DebugLevel(5);
if (!empty($_REQUEST['logout'])) {
return $this->logout();
}
if(!$u->loginPublic()){
$this->jerr('Switch fail');
}
-
+
$this->jok('OK');
}
if (!empty($_REQUEST['logout'])) {
return $this->logout();
}
+
+ if(!empty($_REQUEST['check_owner_company'])) {
+ $core_company = DB_DataObject::factory('core_company');
+ $core_company->comptype = 'OWNER';
+ $this->jok($core_company->count());
+ }
if (!empty($_REQUEST['passwordRequest'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
return $this->passwordRequest($_REQUEST['passwordRequest']);
$this->jerr("Invalid request to reset password");
}
- $this->verifyCheckSum($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key']);
+ $this->verifyResetPassword($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key']);
+ $this->jok("Checksum is ok");
}
// this is 'classic' change password...
}
}
- //$u->active = 1;
+ // this was removed before - not quite sure why.
+ // when a duplicate login account is created, this stops the old one from interfering..
+ $u->active = 1;
// empty username = not really a hacking attempt.
exit;
}
- if (!$u->active()) {
+ if (!$u->active()) {
$this->jerror('LOGIN-BAD','Account disabled');
}
if(!empty($u->oath_key) && empty($_REQUEST['oath_password'])){
- $this->jerror('LOGIN-BAD','Your account requires Two-Factor Authentication');
+ $this->jerror('LOGIN-2FA','Your account requires Two-Factor Authentication');
}
// check if config allows non-owner passwords.
// sort out sender.
$cm = DB_DataObject::factory('core_email');
if (!$cm->get('name', 'ADMIN_PASSWORD_RESET')) {
- $this->jerr("no template ADMIN_PASSWORD_RESET exists - please run importer ");
-
+ $this->jerr("no template Admin password reset (ADMIN_PASSWORD_RESET) exists - please run importer ");
}
+ if (!$cm->active) {
+ $this->jerr("template for Admin password reset has been disabled");
+ }
/*
$g = DB_DAtaObject::factory('Groups');
$sent = $mailer->send();
if (is_a($sent,'PEAR_Error') ) {
$this->addEvent('SYSERR',false, $sent->getMessage());
- $this->jerr($ret->getMessage());
+ $this->jerr($sent->getMessage());
}
$this->addEvent('PASSREQ',$u, $u->email);
function verifyResetPassword($id,$t, $key)
{
$au = $this->getAuthUser();
+ print_R($au);
if ($au) {
$this->jerr( "Already Logged in - no need to use Password Reset");
}
// validate key..
if ($key != $u->genPassKey($t)) {
- $this->jerr("Password reset link is not valid ($key)");
+ $this->jerr("Password reset link is not valid (key)");
}
if ($t < strtotime("NOW - 1 DAY")) {
function resetPassword($id,$t, $key, $newpass )
{
- $au = $this->getAuthUser();
- if ($au) {
- $this->jerr( "Already Logged in - no need to use Password Reset");
- }
-
- $u = DB_DataObject::factory('core_person');
- //$u->company_id = $this->company->id;
- $u->active = 1;
- if (!$u->get($id) || !strlen($u->passwd)) {
- $this->jerr("Password reset link is not valid (id)");
- }
-
- // validate key..
- if ($key != $u->genPassKey($t)) {
- $this->jerr("Password reset link is not valid ($key)");
- }
+ $u = $this->verifyResetPassword($id,$t,$key);
- if ($t < strtotime("NOW - 1 DAY")) {
- $this->jerr("Password reset link has expired");
- }
$uu = clone($u);
$u->no_reset_sent = 0;
$u->setPassword($newpass);
}
$u->update($uu);
- $u->login();
+ $this->addEvent("CHANGEPASS", $u);
+
$this->jok("Password has been Updated");
}
$core_ip_access->sendXMPP();
- $this->jerr('NEW-IP-ADDRESS', array('ip' => $ip));
+ $this->jerror('NEW-IP-ADDRESS', "New IP Address = needs approving", array('ip' => $ip));
return;
}
if(empty($core_ip_access->status)){
- $this->jerr('PENDING-IP-ADDRESS', array('ip' => $ip));
+ $this->jerror('PENDING-IP-ADDRESS', "IP is still pending approval", array('ip' => $ip));
}
if($core_ip_access->status == -1){
- $this->jerr('BLOCKED-IP-ADDRESS', array('ip' => $ip));
+ $this->jerror('BLOCKED-IP-ADDRESS', "Your IP is blocked", array('ip' => $ip));
return;
}
if($core_ip_access->status == -2 && strtotime($core_ip_access->expire_dt) < strtotime('NOW')){
- $this->jerr('BLOCKED-IP-ADDRESS', array('ip' => $ip));
+ $this->jerrpr('BLOCKED-IP-ADDRESS', "Your IP is blocked", array('ip' => $ip));
return;
}
projects / Pman.Base / blobdiff