$tbl = empty($ff->Pman['authTable']) ? 'core_person' : $ff->Pman['authTable'];
$u = DB_DataObject::factory($tbl);
- $s = DB_DataObject::Factory('core_setting');
+ $s = DB_DataObject::factory('core_setting');
+ $require_oath_val = 1;
+ $require_oath = $s->lookup('core', 'two_factor_auth_required');
+ if(!empty($require_oath)) {
+ if($require_oath->val == 0) {
+ $require_oath_val = 0;
+ }
+ }
+
if (!$u->isAuth()) {
-
- $this->jok(array('id' => 0, 'test' => 0)); // not logged in..
+ $this->jok(array(
+ 'id' => 0
+ ));
exit;
}
+
//die("got here?");
$au = $u->getAuthUser();
}
if (!empty($_REQUEST['passwordRequest'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
-
- return $this->passwordRequest($_REQUEST['passwordRequest']);
-
+ return $this->passwordRequest($_REQUEST['passwordRequest']);
}
if (!empty($_REQUEST['changePassword'])) {
}
if(
- !empty($u->oath_key) &&
- !$u->checkTwoFactorAuthentication($_REQUEST['oath_password'])
- ){
+ !empty($u->oath_key) &&
+ (
+ empty($_REQUEST['oath_password']) ||
+ !$u->checkTwoFactorAuthentication($_REQUEST['oath_password'])
+ )
+ ) {
$this->jerror('LOGIN-BAD', 'You typed the wrong Username or Password (3)');
exit;
}
$this->bcc = $bcc;
$this->rcpts = $u->getEmailFrom();
- $ret = $cm->send($this);
- //$this->jerr(print_r($r->toData(),true));
-
- if (is_object($ret)) {
- $this->addEvent('SYSERR',false, $ret->getMessage());
+
+ $mailer = $cm->toMailer($this, false);
+ if (is_a($mailer,'PEAR_Error') ) {
+ $this->addEvent('SYSERR',false, $mailer->getMessage());
+ $this->jerr($mailer->getMessage());
+ }
+ $sent = $mailer->send();
+ if (is_a($sent,'PEAR_Error') ) {
+ $this->addEvent('SYSERR',false, $sent->getMessage());
$this->jerr($ret->getMessage());
}
+
$this->addEvent('PASSREQ',$u, $u->email);
$uu = clone($u);
$uu->no_reset_sent++;
}
+
+ function resetPassword($id,$t, $key)
+ {
+
+ $au = $this->getAuthUser();
+ if ($au) {
+ return "Already Logged in - no need to use Password Reset";
+ }
+
+ $u = DB_DataObject::factory('core_person');
+ //$u->company_id = $this->company->id;
+ $u->active = 1;
+ if (!$u->get($id) || !strlen($u->passwd)) {
+ return "invalid id";
+ }
+
+ // validate key..
+ if ($key != $u->genPassKey($t)) {
+ return "invalid key";
+ }
+ $uu = clone($u);
+ $u->no_reset_sent = 0;
+ $u->update($uu);
+
+ if ($t < strtotime("NOW - 1 DAY")) {
+ return "expired";
+ }
+ $this->showNewPass = implode("/", array($id,$t,$key));
+ return false;
+ }
+
+
function changePassword($r)
{
$au = $this->getAuthUser();