}
if (!empty($_REQUEST['passwordRequest'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
-
- return $this->passwordRequest($_REQUEST['passwordRequest']);
-
- }
-
+ return $this->passwordRequest($_REQUEST['passwordRequest']);
+ }
+
+ if (!empty($_REQUEST['ResetPassword'])) {
+ if (empty($_REQUEST['id']) ||
+ empty($_REQUEST['ts']) ||
+ empty($_REQUEST['key']) ||
+ empty($_REQUEST['password1']) ||
+ empty($_REQUEST['password2']) ||
+ ($_REQUEST['password1'] != $_REQUEST['password2'])
+ ) {
+ $this->jerr("Invalid request to reset password");
+ }
+
+ $this->resetPassword($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key'], $_REQUEST['password1'] );
+ }
+
+ // this is 'classic' change password...
if (!empty($_REQUEST['changePassword'])) {
return $this->changePassword($_REQUEST);
}
$this->rcpts = $u->getEmailFrom();
- $mailer = $core_email->toMailer($this, false);
+ $mailer = $cm->toMailer($this, false);
if (is_a($mailer,'PEAR_Error') ) {
$this->addEvent('SYSERR',false, $mailer->getMessage());
$this->jerr($mailer->getMessage());
}
+
+ function resetPassword($id,$t, $key, $newpass =false)
+ {
+
+ $au = $this->getAuthUser();
+ if ($au) {
+ return "Already Logged in - no need to use Password Reset";
+ }
+
+ $u = DB_DataObject::factory('core_person');
+ //$u->company_id = $this->company->id;
+ $u->active = 1;
+ if (!$u->get($id) || !strlen($u->passwd)) {
+ $this->jerr("Password reset link is not valid (id)");
+ }
+
+ // validate key..
+ if ($key != $u->genPassKey($t)) {
+ $this->jerr("Password reset link is not valid ($key)");
+ }
+
+ if ($t < strtotime("NOW - 1 DAY")) {
+ $this->jerr("Password reset link has expired");
+ }
+
+ $uu = clone($u);
+ $u->no_reset_sent = 0;
+ if ($newpass != false) {
+ $u->setPassword($newpass);
+ }
+ $u->update($uu);
+ $u->login();
+ $this->jok("Password has been Updated");
+ }
+
+
function changePassword($r)
{
$au = $this->getAuthUser();