1<?php 2/* 3 * Gallery - a web based photo album viewer and editor 4 * Copyright (C) 2000-2008 Bharat Mediratta 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or (at 9 * your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, but 12 * WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. 19 */ 20 21GalleryCoreApi::requireOnce('modules/core/classes/helpers/UserRecoverPasswordHelper_simple.class'); 22 23/** 24 * This controller will handle the recovery of passwords that have been lost or forgotten 25 * by the user. 26 * @package GalleryCore 27 * @subpackage UserInterface 28 * @author Jay Rossiter <cryptographite@users.sf.net> 29 * @version $Revision: 17580 $ 30 */ 31class UserRecoverPasswordConfirmController extends GalleryController { 32 33 /** 34 * @see GalleryController::handleRequest 35 */ 36 function handleRequest($form) { 37 global $gallery; 38 39 $status = $results = $error = array(); 40 41 if (isset($form['action']['submit'])) { 42 if (empty($form['userName'])) { 43 $error[] = 'form[error][userName][missing]'; 44 } 45 46 if (empty($form['authString'])) { 47 $error[] = 'form[error][authString][missing]'; 48 } 49 50 if (empty($form['password1']) || empty($form['password2'])) { 51 $error[] = 'form[error][password][missing]'; 52 } else if ($form['password1'] != $form['password2']) { 53 $error[] = 'form[error][password][mismatch]'; 54 } 55 56 /* No errors? Check the DB for the request and then update the user's password */ 57 if (empty($error)) { 58 list ($ret, $user) = GalleryCoreApi::fetchUserByUsername($form['userName']); 59 if ($ret && !($ret->getErrorCode() & ERROR_MISSING_OBJECT)) { 60 return array($ret, null); 61 } 62 /* 63 * Check the database to see if a previous request. 64 * If a request exists, check the timestamp to see if a new request can be 65 * generated, or if they will be denied because the window is too small. 66 */ 67 list ($ret, $requestExpires) = UserRecoverPasswordHelper_simple::getRequestExpires( 68 $form['userName'], $form['authString']); 69 if ($ret) { 70 return array($ret, null); 71 } 72 73 if ($user && !empty($requestExpires)) { 74 if ($requestExpires < time()) { 75 /* 76 * This request was made more than 7 days ago 77 * purge it from the system and redirect to the request page 78 */ 79 $error[] = 'form[error][request][tooOld]'; 80 } else if (!empty($user)) { 81 list ($ret, $lockId) = GalleryCoreApi::acquireWriteLock($user->getId()); 82 if ($ret) { 83 return array($ret, null); 84 } 85 86 list ($ret, $user) = $user->refresh(); 87 if ($ret) { 88 return array($ret, null); 89 } 90 91 $user->changePassword($form['password1']); 92 93 $ret = $user->save(); 94 if ($ret) { 95 return array($ret, null); 96 } 97 98 $ret = GalleryCoreApi::releaseLocks($lockId); 99 if ($ret) { 100 return array($ret, null); 101 } 102 103 $ret = GalleryCoreApi::removeMapEntry( 104 'FailedLoginsMap', 105 array('userName' => $user->getUserName())); 106 if ($ret) { 107 return array($ret, null); 108 } 109 110 $status['passwordRecovered'] = 1; 111 } 112 $ret = GalleryCoreApi::removeMapEntry( 113 'GalleryRecoverPasswordMap', 114 array('userName' => $user->getUserName())); 115 if ($ret) { 116 return array($ret, null); 117 } 118 } else { 119 /* There is no matching request for this userName and authString combo */ 120 $error[] = 'form[error][request][missing]'; 121 } 122 } 123 } else if (isset($form['action']['cancel'])) { 124 $results['return'] = 1; 125 } 126 127 if (empty($error) && !empty($status)) { 128 $results['redirect']['view'] = 'core.UserAdmin'; 129 $results['redirect']['subView'] = 'core.UserLogin'; 130 $results['return'] = 0; 131 } else { 132 $results['delegate']['view'] = 'core.UserAdmin'; 133 $results['delegate']['subView'] = 'core.UserRecoverPasswordConfirm'; 134 } 135 136 $results['status'] = $status; 137 $results['error'] = $error; 138 139 return array(null, $results); 140 } 141} 142 143/** 144 * This view shows information about password recovery 145 */ 146class UserRecoverPasswordConfirmView extends GalleryView { 147 148 /** 149 * @see GalleryView::loadTemplate 150 */ 151 function loadTemplate(&$template, &$form) { 152 global $gallery; 153 154 if ($form['formName'] == 'UserRecoverPasswordConfirm') { 155 if (empty($form['password1']) || empty($form['password2'])) { 156 $form['error']['password']['missing'] = 1; 157 } 158 } else { 159 $form['userName'] = GalleryUtilities::getRequestVariables('userName'); 160 $form['authString'] = GalleryUtilities::getRequestVariables('authString'); 161 $form['formName'] = 'UserRecoverPasswordConfirm'; 162 } 163 164 list ($ret, $requestExpires) = UserRecoverPasswordHelper_simple::getRequestExpires( 165 $form['userName'], $form['authString']); 166 if ($ret) { 167 return array($ret, null); 168 } 169 170 if (empty($requestExpires)) { 171 return array(null, 172 array('redirect' => array('view' => 'core.UserAdmin', 173 'subView' => 'core.UserRecoverPassword'))); 174 } else { 175 $UserRecoverPasswordConfirm = array(); 176 $template->setVariable('UserRecoverPasswordConfirm', $UserRecoverPasswordConfirm); 177 $template->setVariable('controller', 'core.UserRecoverPasswordConfirm'); 178 return array(null, 179 array('body' => 'modules/core/templates/UserRecoverPasswordConfirm.tpl')); 180 } 181 } 182} 183?> 184