| [ Index ] |
PHP Cross Reference of Joomla 1.5.26 DE |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * @version $Id: reset.php 21046 2011-03-31 16:11:40Z dextercowley $ 4 * @package Joomla 5 * @subpackage User 6 * @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved. 7 * @license GNU/GPL, see LICENSE.php 8 * Joomla! is free software. This version may have been modified pursuant to the 9 * GNU General Public License, and as distributed it includes or is derivative 10 * of works licensed under the GNU General Public License or other free or open 11 * source software licenses. See COPYRIGHT.php for copyright notices and 12 * details. 13 */ 14 15 // No direct access 16 defined('_JEXEC') or die; 17 18 jimport('joomla.application.component.model'); 19 20 /** 21 * User Component Reset Model 22 * 23 * @package Joomla 24 * @subpackage User 25 * @since 1.5 26 */ 27 class UserModelReset extends JModel 28 { 29 /** 30 * Registry namespace prefix 31 * 32 * @var string 33 */ 34 var $_namespace = 'com_user.reset.'; 35 36 /** 37 * Verifies the validity of a username/e-mail address 38 * combination and creates a token to verify the request 39 * was initiated by the account owner. The token is 40 * sent to the account owner by e-mail 41 * 42 * @since 1.5 43 * @param string Username string 44 * @param string E-mail address 45 * @return bool True on success/false on failure 46 */ 47 function requestReset($email) 48 { 49 jimport('joomla.mail.helper'); 50 jimport('joomla.user.helper'); 51 52 $db = &JFactory::getDBO(); 53 54 // Make sure the e-mail address is valid 55 if (!JMailHelper::isEmailAddress($email)) 56 { 57 $this->setError(JText::_('INVALID_EMAIL_ADDRESS')); 58 return false; 59 } 60 61 // Build a query to find the user 62 $query = 'SELECT id FROM #__users' 63 . ' WHERE email = '.$db->Quote($email) 64 . ' AND block = 0'; 65 66 $db->setQuery($query); 67 68 // Check the results 69 if (!($id = $db->loadResult())) 70 { 71 $this->setError(JText::_('COULD_NOT_FIND_USER')); 72 return false; 73 } 74 75 // Generate a new token 76 $token = JUtility::getHash(JUserHelper::genRandomPassword()); 77 $salt = JUserHelper::getSalt('crypt-md5'); 78 $hashedToken = md5($token.$salt).':'.$salt; 79 80 $query = 'UPDATE #__users' 81 . ' SET activation = '.$db->Quote($hashedToken) 82 . ' WHERE id = '.(int) $id 83 . ' AND block = 0'; 84 85 $db->setQuery($query); 86 87 // Save the token 88 if (!$db->query()) 89 { 90 $this->setError(JText::_('DATABASE_ERROR')); 91 return false; 92 } 93 94 // Send the token to the user via e-mail 95 if (!$this->_sendConfirmationMail($email, $token)) 96 { 97 return false; 98 } 99 100 return true; 101 } 102 103 /** 104 * Checks a user supplied token for validity 105 * If the token is valid, it pushes the token 106 * and user id into the session for security checks. 107 * 108 * @since 1.5 109 * @param token An md5 hashed randomly generated string 110 * @return bool True on success/false on failure 111 */ 112 function confirmReset($token, $username) 113 { 114 global $mainframe; 115 116 jimport('joomla.user.helper'); 117 118 if(strlen($token) != 32) { 119 $this->setError(JText::_('INVALID_TOKEN')); 120 return false; 121 } 122 123 $db = &JFactory::getDBO(); 124 $db->setQuery('SELECT id, activation FROM #__users WHERE block = 0 AND username = '.$db->Quote($username)); 125 126 $row = $db->loadObject(); 127 128 // Verify the token 129 if (!$row) 130 { 131 $this->setError(JText::_('INVALID_TOKEN')); 132 return false; 133 } 134 135 $parts = explode( ':', $row->activation ); 136 $crypt = $parts[0]; 137 if (!isset($parts[1])) { 138 $this->setError(JText::_('INVALID_TOKEN')); 139 return false; 140 } 141 $salt = $parts[1]; 142 $testcrypt = JUserHelper::getCryptedPassword($token, $salt); 143 144 // Verify the token 145 if (!($crypt == $testcrypt)) 146 { 147 $this->setError(JText::_('INVALID_TOKEN')); 148 return false; 149 } 150 151 // Push the token and user id into the session 152 $mainframe->setUserState($this->_namespace.'token', $crypt.':'.$salt); 153 $mainframe->setUserState($this->_namespace.'id', $row->id); 154 155 return true; 156 } 157 158 /** 159 * Takes the new password and saves it to the database. 160 * It will only save the password if the user has the 161 * correct user id and token stored in her session. 162 * 163 * @since 1.5 164 * @param string New Password 165 * @param string New Password 166 * @return bool True on success/false on failure 167 */ 168 function completeReset($password1, $password2) 169 { 170 jimport('joomla.user.helper'); 171 172 global $mainframe; 173 174 // Make sure that we have a pasword 175 if ( ! $password1 ) 176 { 177 $this->setError(JText::_('MUST_SUPPLY_PASSWORD')); 178 return false; 179 } 180 181 // Verify that the passwords match 182 if ($password1 != $password2) 183 { 184 $this->setError(JText::_('PASSWORDS_DO_NOT_MATCH_LOW')); 185 return false; 186 } 187 188 // Get the necessary variables 189 $db = &JFactory::getDBO(); 190 $id = $mainframe->getUserState($this->_namespace.'id'); 191 $token = $mainframe->getUserState($this->_namespace.'token'); 192 $salt = JUserHelper::genRandomPassword(32); 193 $crypt = JUserHelper::getCryptedPassword($password1, $salt); 194 $password = $crypt.':'.$salt; 195 196 // Get the user object 197 $user = new JUser($id); 198 199 // Fire the onBeforeStoreUser trigger 200 JPluginHelper::importPlugin('user'); 201 $dispatcher =& JDispatcher::getInstance(); 202 $dispatcher->trigger('onBeforeStoreUser', array($user->getProperties(), false)); 203 204 // Build the query 205 $query = 'UPDATE #__users' 206 . ' SET password = '.$db->Quote($password) 207 . ' , activation = ""' 208 . ' WHERE id = '.(int) $id 209 . ' AND activation = '.$db->Quote($token) 210 . ' AND block = 0'; 211 212 $db->setQuery($query); 213 214 // Save the password 215 if (!$result = $db->query()) 216 { 217 $this->setError(JText::_('DATABASE_ERROR')); 218 return false; 219 } 220 221 // Update the user object with the new values. 222 $user->password = $password; 223 $user->activation = ''; 224 $user->password_clear = $password1; 225 226 // Fire the onAfterStoreUser trigger 227 $dispatcher->trigger('onAfterStoreUser', array($user->getProperties(), false, $result, $this->getError())); 228 229 // Flush the variables from the session 230 $mainframe->setUserState($this->_namespace.'id', null); 231 $mainframe->setUserState($this->_namespace.'token', null); 232 233 return true; 234 } 235 236 /** 237 * Sends a password reset request confirmation to the 238 * specified e-mail address with the specified token. 239 * 240 * @since 1.5 241 * @param string An e-mail address 242 * @param string An md5 hashed randomly generated string 243 * @return bool True on success/false on failure 244 */ 245 function _sendConfirmationMail($email, $token) 246 { 247 $config = &JFactory::getConfig(); 248 $uri = &JFactory::getURI(); 249 $url = JURI::base().'index.php?option=com_user&view=reset&layout=confirm'; 250 $sitename = $config->getValue('sitename'); 251 252 // Set the e-mail parameters 253 $from = $config->getValue('mailfrom'); 254 $fromname = $config->getValue('fromname'); 255 $subject = JText::sprintf('PASSWORD_RESET_CONFIRMATION_EMAIL_TITLE', $sitename); 256 $body = JText::sprintf('PASSWORD_RESET_CONFIRMATION_EMAIL_TEXT', $sitename, $token, $url); 257 258 // Send the e-mail 259 if (!JUtility::sendMail($from, $fromname, $email, $subject, $body)) 260 { 261 $this->setError('ERROR_SENDING_CONFIRMATION_EMAIL'); 262 return false; 263 } 264 265 return true; 266 } 267 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Mar 28 15:54:07 2012 | Cross-referenced by PHPXref 0.7.1 |