projects / Pman.Base / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Pman/Login.php
[Pman.Base] / Pman / Login.php
diff --git a/Pman/Login.php b/Pman/Login.php
index 2baaec7..ee798c1 100644 (file)
--- a/Pman/Login.php
+++ b/Pman/Login.php
@@ -254,11 +254,24 @@ class Pman_Login extends Pman
         }
         
         if (!empty($_REQUEST['passwordRequest'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
-            
-            return $this->passwordRequest($_REQUEST['passwordRequest']);
-            
-        }
-        
+            return $this->passwordRequest($_REQUEST['passwordRequest']);   
+        }
+        
+       if (!empty($_REQUEST['ResetPassword'])) {
+           if (empty($_REQUEST['id']) || 
+               empty($_REQUEST['ts']) ||
+               empty($_REQUEST['key']) ||
+               empty($_REQUEST['password1']) ||
+               empty($_REQUEST['password2']) ||
+               ($_REQUEST['password1'] != $_REQUEST['password2'])
+           ) {
+               $this->jerr("Invalid request to reset password");
+           }
+           
+           $this->resetPassword($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key'], $_REQUEST['password1'] );
+       }
+       
+       // this is 'classic' change password...
         if (!empty($_REQUEST['changePassword'])) {
             return $this->changePassword($_REQUEST);
         }
@@ -417,16 +430,17 @@ class Pman_Login extends Pman
         $this->rcpts = $u->getEmailFrom();
         
        
-       $mailer = $core_email->toMailer($this, false);
+       $mailer = $cm->toMailer($this, false);
        if (is_a($mailer,'PEAR_Error') ) {
-           $this->addEvent('SYSERR',false, $ret->getMessage());
+           $this->addEvent('SYSERR',false, $mailer->getMessage());
            $this->jerr($mailer->getMessage());
        }
         $sent = $mailer->send();
        if (is_a($sent,'PEAR_Error') ) {
-           $this->addEvent('SYSERR',false, $ret->getMessage());
+           $this->addEvent('SYSERR',false, $sent->getMessage());
             $this->jerr($ret->getMessage());
         }
+       
         $this->addEvent('PASSREQ',$u, $u->email);
         $uu = clone($u);
         $uu->no_reset_sent++;
@@ -435,6 +449,38 @@ class Pman_Login extends Pman
         
     }
     
+    
+    function resetPassword($id,$t, $key, $newpass =false)
+    {
+        
+        $au = $this->getAuthUser();
+        if ($au) {
+            return "Already Logged in - no need to use Password Reset";
+        }
+        
+        $u = DB_DataObject::factory('core_person');
+        //$u->company_id = $this->company->id;
+        $u->active = 1;
+        if (!$u->get($id) || !strlen($u->passwd)) {
+            return "invalid id";
+        }
+        
+        // validate key.. 
+        if ($key != $u->genPassKey($t)) {
+            return "invalid key";
+        }
+        $uu = clone($u);
+        $u->no_reset_sent = 0;
+        $u->update($uu);
+        
+        if ($t < strtotime("NOW - 1 DAY")) {
+            return "expired";
+        }
+        $this->showNewPass = implode("/", array($id,$t,$key));
+        return false;
+    }
+    
+    
     function changePassword($r)
     {   
         $au = $this->getAuthUser();
Pman (Base Files)