Pman/Login.php

[Pman.Base] / Pman / Login.php
diff --git a/Pman/Login.php b/Pman/Login.php

index 676a80e..b99f8ea 100644 (file)
--- a/Pman/Login.php
+++ b/Pman/Login.php
@@ -129,16 +129,20 @@ class Pman_Login extends Pman
          $tbl = empty($ff->Pman['authTable']) ? 'core_person' : $ff->Pman['authTable'];
          
          $u = DB_DataObject::factory($tbl);
-        $s = DB_DataObject::Factory('core_setting');
-        $oath_require_val = 1;
-        $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
+        $s = DB_DataObject::factory('core_setting');
+        $require_oath_val = 1;
+        $require_oath = $s->lookup('core', 'two_factor_auth_required');
+        if(!empty($require_oath)) {
+            if($require_oath->val == 0) {
+                $require_oath_val = 0;
+            }
+        } 
          
          if (!$u->isAuth()) {
              $this->jok(array(
-                'id' => 0,
-                'require_oath' => empty($oath_require) || $oath_require->val == 1 ? 1 : 0
-             ));
-             exit;
+                'id' => 0
+            ));
+            exit;
          }
          
          //die("got here?");
@@ -322,9 +326,12 @@ class Pman_Login extends Pman
          }
          
          if(
-            !empty($u->oath_key) && 
-            !$u->checkTwoFactorAuthentication($_REQUEST['oath_password'])
-        ){
+            !empty($u->oath_key) &&
+           (
+               empty($_REQUEST['oath_password']) ||
+               !$u->checkTwoFactorAuthentication($_REQUEST['oath_password'])
+           )
+        ) {
              $this->jerror('LOGIN-BAD', 'You typed the wrong Username or Password  (3)');
              exit;
          }
@@ -409,13 +416,18 @@ class Pman_Login extends Pman
          $this->bcc = $bcc;
          $this->rcpts = $u->getEmailFrom();
          
-        $ret = $cm->send($this);
-        //$this->jerr(print_r($r->toData(),true));
-        
-        if (is_object($ret)) {
-            $this->addEvent('SYSERR',false, $ret->getMessage());
+       
+       $mailer = $cm->toMailer($this, false);
+       if (is_a($mailer,'PEAR_Error') ) {
+           $this->addEvent('SYSERR',false, $mailer->getMessage());
+           $this->jerr($mailer->getMessage());
+       }
+        $sent = $mailer->send();
+       if (is_a($sent,'PEAR_Error') ) {
+           $this->addEvent('SYSERR',false, $sent->getMessage());
              $this->jerr($ret->getMessage());
          }
+       
          $this->addEvent('PASSREQ',$u, $u->email);
          $uu = clone($u);
          $uu->no_reset_sent++;
@@ -424,6 +436,38 @@ class Pman_Login extends Pman
          
      }
      
+    
+    function resetPassword($id,$t, $key)
+    {
+        
+        $au = $this->getAuthUser();
+        if ($au) {
+            return "Already Logged in - no need to use Password Reset";
+        }
+        
+        $u = DB_DataObject::factory('core_person');
+        //$u->company_id = $this->company->id;
+        $u->active = 1;
+        if (!$u->get($id) || !strlen($u->passwd)) {
+            return "invalid id";
+        }
+        
+        // validate key.. 
+        if ($key != $u->genPassKey($t)) {
+            return "invalid key";
+        }
+        $uu = clone($u);
+        $u->no_reset_sent = 0;
+        $u->update($uu);
+        
+        if ($t < strtotime("NOW - 1 DAY")) {
+            return "expired";
+        }
+        $this->showNewPass = implode("/", array($id,$t,$key));
+        return false;
+    }
+    
+    
      function changePassword($r)
      {   
          $au = $this->getAuthUser();