1<?php 2/* 3 * Gallery - a web based photo album viewer and editor 4 * Copyright (C) 2000-2008 Bharat Mediratta 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or (at 9 * your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, but 12 * WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. 19 */ 20 21/** 22 * This controller will handle the recovery of passwords that have 23 * been lost or forgotten by the user. 24 * @package GalleryCore 25 * @subpackage UserInterface 26 * @author Jay Rossiter <cryptographite@users.sf.net> 27 * @version $Revision: 20996 $ 28 */ 29class UserRecoverPasswordAdminController extends GalleryController { 30 31 /** 32 * @see GalleryController::handleRequest 33 */ 34 function handleRequest($form) { 35 global $gallery; 36 $platform =& $gallery->getPlatform(); 37 $session =& $gallery->getSession(); 38 39 $status = $error = $results = array(); 40 41 if (isset($form['action']['recover'])) { 42 $authFile = GALLERY_CONFIG_DIR . '/login.txt'; 43 $authFromFile = $platform->is_readable($authFile) ? 44 trim($platform->file_get_contents($authFile)) : ''; 45 46 if ($session->get('core.UserRecoverPasswordAdminAuthKey') != $authFromFile) { 47 $error[] = 'form[error][authString][incorrect]'; 48 } 49 50 if (empty($error)) { 51 if (empty($form['userName'])) { 52 $error[] = 'form[error][userName][missing]'; 53 } 54 55 if (empty($form['password1']) || empty($form['password2'])) { 56 $error[] = 'form[error][password][missing]'; 57 } else if ($form['password1'] != $form['password2']) { 58 $error[] = 'form[error][password][mismatch]'; 59 } 60 } 61 62 if (empty($error)) { 63 list ($ret, $user) = GalleryCoreApi::fetchUserByUsername($form['userName']); 64 if ($ret && !($ret->getErrorCode() & ERROR_MISSING_OBJECT)) { 65 return array($ret, null); 66 } 67 68 if (isset($user)) { 69 list ($ret, $lockId) = GalleryCoreApi::acquireWriteLock($user->getId()); 70 if ($ret) { 71 return array($ret, null); 72 } 73 74 list ($ret, $user) = $user->refresh(); 75 if ($ret) { 76 return array($ret, null); 77 } 78 79 $user->changePassword($form['password1']); 80 81 $ret = $user->save(); 82 if ($ret) { 83 return array($ret, null); 84 } 85 86 $ret = GalleryCoreApi::releaseLocks($lockId); 87 if ($ret) { 88 return array($ret, null); 89 } 90 91 $ret = GalleryCoreApi::removeMapEntry( 92 'FailedLoginsMap', 93 array('userName' => $user->getUserName())); 94 if ($ret) { 95 return array($ret, null); 96 } 97 98 $status['passwordRecovered'] = 1; 99 100 /* 101 * Return 0 is essential - it prevents core.UserLogin from sending the 102 * user back to the recovery page after logging in 103 */ 104 $results['return'] = 0; 105 $subView = 'core.UserLogin'; 106 107 $session->remove('core.UserRecoverPasswordAdminAuthKey'); 108 } else { 109 $error[] = 'form[error][userName][incorrect]'; 110 } 111 } 112 } else if (isset($form['action']['cancel'])) { 113 $results['return'] = 1; 114 } 115 116 if (empty($subView)) { 117 $subView = 'core.UserRecoverPasswordAdmin'; 118 } 119 120 if (empty($error) && !isset($form['action']['refresh'])) { 121 $results['redirect']['view'] = 'core.UserAdmin'; 122 $results['redirect']['subView'] = $subView; 123 124 } else { 125 $results['delegate']['view'] = 'core.UserAdmin'; 126 $results['delegate']['subView'] = 'core.UserRecoverPasswordAdmin'; 127 } 128 129 $results['status'] = $status; 130 $results['error'] = $error; 131 132 return array(null, $results); 133 } 134} 135 136/** 137 * This view shows information about password recovery 138 */ 139class UserRecoverPasswordAdminView extends GalleryView { 140 141 /** 142 * @see GalleryView::loadTemplate 143 */ 144 function loadTemplate(&$template, &$form) { 145 global $gallery; 146 $platform =& $gallery->getPlatform(); 147 $session =& $gallery->getSession(); 148 149 $status = $error = array(); 150 $authFile = GALLERY_CONFIG_DIR . '/login.txt'; 151 152 if ($form['formName'] != 'UserRecoverPasswordAdmin') { 153 $form['formName'] = 'UserRecoverPasswordAdmin'; 154 155 /* Don't display the Authorization Incorrect error on first page load */ 156 $status['firstLoad'] = 1; 157 158 /* Generate the auth string on the first visit to this view */ 159 $this->_generateAuthString(); 160 } 161 162 $authString = $session->get('core.UserRecoverPasswordAdminAuthKey'); 163 164 if (!$platform->file_exists($authFile)) { 165 $error['authFile']['missing'] = 1; 166 } else if (!$platform->is_readable($authFile)) { 167 $error['authFile']['unreadable'] = 1; 168 } else { 169 $authStringFromFile = trim($platform->file_get_contents($authFile)); 170 if ($authStringFromFile == $authString) { 171 $status['authString']['correct'] = 1; 172 } else { 173 $error['authString']['incorrect'] = 1; 174 } 175 } 176 177 $status['userName'] = GalleryUtilities::getRequestVariables('userName'); 178 179 $UserRecoverPasswordAdmin['authString'] = $authString; 180 $UserRecoverPasswordAdmin['error'] = $error; 181 $UserRecoverPasswordAdmin['status'] = $status; 182 $template->setVariable('UserRecoverPasswordAdmin', $UserRecoverPasswordAdmin); 183 $template->setVariable('controller', 'core.UserRecoverPasswordAdmin'); 184 return array(null, array('body' => 'modules/core/templates/UserRecoverPasswordAdmin.tpl')); 185 } 186 187 /** 188 * Generate the authorization string used for login.txt 189 * @access private 190 */ 191 function _generateAuthString() { 192 global $gallery; 193 $session =& $gallery->getSession(); 194 195 GalleryCoreApi::requireOnce('lib/joomla/crypt.php'); 196 $j = new JCrypt(); 197 $rand = $j->genRandomBytes(32); 198 $session->put('core.UserRecoverPasswordAdminAuthKey', md5($rand)); 199 } 200} 201?> 202