Index: admin/system_presets/simple/users_u.php
===================================================================
--- admin/system_presets/simple/users_u.php (revision 14446)
+++ admin/system_presets/simple/users_u.php (working copy)
@@ -71,8 +71,7 @@
$hidden_fields = Array (
/* 'PortalUserId', 'Login', 'Password', 'FirstName','LastName', 'Company', 'Email', 'CreatedOn',
'Phone', 'Fax', 'Street', 'Street2', 'City', 'State' , 'Zip', 'Country', 'ResourceId', 'Status',
- 'Modified', 'dob', 'tz', 'ip', 'IsBanned', 'PassResetTime', 'PwResetConfirm', 'PwRequestTime',
- 'MinPwResetDelay', */
+ 'Modified', 'dob', 'tz', 'ip', 'IsBanned', 'PwResetConfirm', 'PwRequestTime',*/
);
// virtual fields to hide
@@ -84,8 +83,7 @@
$required_fields = Array (
/*'PortalUserId',*/ 'Login', /*'Password', 'FirstName', 'LastName', 'Company', */'Email', /*'CreatedOn',
'Phone', 'Fax', 'Street', 'Street2', 'City', 'State' , 'Zip', 'Country', 'ResourceId', 'Status',
- 'Modified', 'dob', 'tz', 'ip', 'IsBanned', 'PassResetTime', 'PwResetConfirm', 'PwRequestTime',
- 'MinPwResetDelay'*/
+ 'Modified', 'dob', 'tz', 'ip', 'IsBanned', 'PwResetConfirm', 'PwRequestTime',*/
);
// virtual fields to make required
Index: core/install/english.lang
===================================================================
--- core/install/english.lang (revision 14469)
+++ core/install/english.lang (working copy)
@@ -1590,8 +1590,6 @@
<EVENT MessageType="html" Event="USER.MEMBERSHIP.EXPIRED" Type="0">U3ViamVjdDogWW91ciBNZW1iZXJzaGlwIEV4cGlyZWQKCllvdXIgbWVtYmVyc2hpcCBvbiA8aW5wMjptX0Jhc2VVcmwvPiB3ZWJzaXRlIGhhcyBleHBpcmVkLg==</EVENT>
<EVENT MessageType="html" Event="USER.MEMBERSHIP.EXPIRED" Type="1">U3ViamVjdDogVXNlcidzIE1lbWJlcnNoaXAgRXhwaXJlZCAgKCA8aW5wMjp1X0ZpZWxkIG5hbWU9IkxvZ2luIi8+KQoKVXNlcidzICg8aW5wMjp1X0ZpZWxkIG5hbWU9IkxvZ2luIi8+KSBtZW1iZXJzaGlwIG9uIDxpbnAyOm1fQmFzZVVybC8+IHdlYnNpdGUgaGFzIGV4cGlyZWQu</EVENT>
<EVENT MessageType="text" Event="USER.NEW.PASSWORD" Type="0">U3ViamVjdDogTmV3IHBhc3N3b3JkIGdlbmVyYXRlZAoKRGVhciA8aW5wMjp1X0ZpZWxkIG5hbWU9IkZpcnN0TmFtZSIvPiwNCg0KQSBuZXcgcGFzc3dvcmQgaGFzIGJlZW4gZ2VuZXJhdGVkIGZvciB5b3VyIHVzZXIuDQoNCk5vdyB5b3UgY2FuIGxvZ2luIHVzaW5nIHRoZSBmb2xsb3dpbmcgY3JlZGVudGlhbHM6DQoNCjxpbnAyOm1faWYgY2hlY2s9InVfRmllbGQiIG5hbWU9IkxvZ2luIj5Vc2VybmFtZTogPGlucDI6dV9GaWVsZCBuYW1lPSJMb2dpbiIvPjxpbnAyOm1fZWxzZS8+RS1tYWlsOiA8aW5wMjp1X0ZpZWxkIG5hbWU9IkVtYWlsIi8+PC9pbnAyOm1faWY+IA0KUGFzc3dvcmQ6IDxpbnAyOnVfRmllbGQgbmFtZT0iUGFzc3dvcmRfcGxhaW4iLz4g</EVENT>
- <EVENT MessageType="html" Event="USER.PSWD" Type="0">U3ViamVjdDogUGFzc3dvcmQgUmVjb3ZlcnkKCllvdXIgbG9zdCBwYXNzd29yZCBoYXMgYmVlbiByZXNldC4gPGJyLz48YnIvPg0KWW91ciBuZXcgcGFzc3dvcmQgaXM6ICI8aW5wMjp1X0ZvcmdvdHRlblBhc3N3b3JkIC8+Ii4=</EVENT>
- <EVENT MessageType="html" Event="USER.PSWD" Type="1">U3ViamVjdDogUGFzc3dvcmQgUmVjb3ZlcnkgZm9yICI8aW5wMjp1X0ZpZWxkIG5hbWU9IkxvZ2luIiAvPiIKCkxvc3QgcGFzc3dvcmQgaGFzIGJlZW4gcmVzZXQgZm9yICI8aW5wMjp1X0ZpZWxkIG5hbWU9IkxvZ2luIiAvPiIgdXNlci4gPGJyLz48YnIvPg0KTmV3IHBhc3N3b3JkIGlzOiAiPGlucDI6dV9Gb3Jnb3R0ZW5QYXNzd29yZCAvPiIu</EVENT>
<EVENT MessageType="html" Event="USER.PSWDC" Type="0">U3ViamVjdDogUmVzZXQgUGFzc3dvcmQgQ29uZmlybWF0aW9uCgpIZWxsbyw8YnIvPjxici8+DQoNCkl0IHNlZW1zIHRoYXQgeW91IGhhdmUgcmVxdWVzdGVkIGEgcGFzc3dvcmQgcmVzZXQgZm9yIHlvdXIgSW4tcG9ydGFsIGFjY291bnQuIElmIHlvdSB3b3VsZCBsaWtlIHRvIHByb2NlZWQgYW5kIGNoYW5nZSB0aGUgcGFzc3dvcmQsIHBsZWFzZSBjbGljayBvbiB0aGUgbGluayBiZWxvdzo8YnIvPjxici8+DQoNCjxhIGhyZWY9IjxpbnAyOnVfQ29uZmlybVBhc3N3b3JkTGluayBub19hbXA9IjEiLz4iPjxpbnAyOnVfQ29uZmlybVBhc3N3b3JkTGluayBub19hbXA9IjEiLz48L2E+PGJyLz48YnIvPg0KDQpZb3Ugd2lsbCByZWNlaXZlIGEgc2Vjb25kIGVtYWlsIHdpdGggeW91ciBuZXcgcGFzc3dvcmQgc2hvcnRseS48YnIvPjxici8+DQoNCklmIHlvdSBiZWxpZXZlIHlvdSBoYXZlIHJlY2VpdmVkIHRoaXMgZW1haWwgaW4gZXJyb3IsIHBsZWFzZSBpZ25vcmUgdGhpcyBlbWFpbC4gWW91ciBwYXNzd29yZCB3aWxsIG5vdCBiZSBjaGFuZ2VkIHVubGVzcyB5b3UgaGF2ZSBjbGlja2VkIG9uIHRoZSBhYm92ZSBsaW5rLg0K</EVENT>
<EVENT MessageType="html" Event="USER.SUBSCRIBE" Type="0">U3ViamVjdDogU3Vic2NyaWJlZCB0byBhIE1haWxpbmcgTGlzdCBvbiA8aW5wMjptX0Jhc2VVcmwvPgoKWW91IGhhdmUgc3Vic2NyaWJlZCB0byBhIG1haWxpbmcgbGlzdCBvbiA8aW5wMjptX0Jhc2VVcmwvPiB3ZWJzaXRlLg==</EVENT>
<EVENT MessageType="html" Event="USER.SUBSCRIBE" Type="1">U3ViamVjdDogTmV3IFVzZXIgaGFzIFN1YnNjcmliZWQgdG8gYSBNYWxsaW5nIExpc3QKCk5ldyB1c2VyIDxpbnAyOnVfRmllbGQgbmFtZT0iRW1haWwiLz4gaGFzIHN1YnNjcmliZWQgdG8gYSBtYWlsaW5nIGxpc3Qgb24gPGEgaHJlZj0iPGlucDI6bV9CYXNlVXJsLz4iPjxpbnAyOm1fQmFzZVVybC8+PC9hPiB3ZWJzaXRlLg==</EVENT>
Index: core/install/install_data.sql
===================================================================
--- core/install/install_data.sql (revision 14469)
+++ core/install/install_data.sql (working copy)
@@ -141,8 +141,6 @@
INSERT INTO Events (EventId, Event, ReplacementTags, Enabled, FrontEndOnly, Module, Description, Type, AllowChangingSender, AllowChangingRecipient) VALUES(DEFAULT, 'USER.VALIDATE', NULL, 1, 1, 'Core', 'Validate User', 1, 1, 1);
INSERT INTO Events (EventId, Event, ReplacementTags, Enabled, FrontEndOnly, Module, Description, Type, AllowChangingSender, AllowChangingRecipient) VALUES(DEFAULT, 'USER.DENY', NULL, 1, 0, 'Core', 'Deny User', 0, 1, 1);
INSERT INTO Events (EventId, Event, ReplacementTags, Enabled, FrontEndOnly, Module, Description, Type, AllowChangingSender, AllowChangingRecipient) VALUES(DEFAULT, 'USER.DENY', NULL, 1, 1, 'Core', 'Deny User', 1, 1, 1);
-INSERT INTO Events (EventId, Event, ReplacementTags, Enabled, FrontEndOnly, Module, Description, Type, AllowChangingSender, AllowChangingRecipient) VALUES(DEFAULT, 'USER.PSWD', NULL, 1, 1, 'Core', 'Forgot Password', 1, 1, 1);
-INSERT INTO Events (EventId, Event, ReplacementTags, Enabled, FrontEndOnly, Module, Description, Type, AllowChangingSender, AllowChangingRecipient) VALUES(DEFAULT, 'USER.PSWD', NULL, 1, 0, 'Core', 'Forgot Password', 0, 1, 1);
INSERT INTO Events (EventId, Event, ReplacementTags, Enabled, FrontEndOnly, Module, Description, Type, AllowChangingSender, AllowChangingRecipient) VALUES(DEFAULT, 'USER.ADD.PENDING', NULL, 1, 0, 'Core', 'Add Pending User', 0, 1, 1);
INSERT INTO Events (EventId, Event, ReplacementTags, Enabled, FrontEndOnly, Module, Description, Type, AllowChangingSender, AllowChangingRecipient) VALUES(DEFAULT, 'USER.ADD.PENDING', NULL, 1, 1, 'Core', 'Add Pending User', 1, 1, 1);
INSERT INTO Events (EventId, Event, ReplacementTags, Enabled, FrontEndOnly, Module, Description, Type, AllowChangingSender, AllowChangingRecipient) VALUES(DEFAULT, 'CATEGORY.ADD', NULL, 1, 0, 'Core', 'Add Category', 0, 1, 1);
Index: core/install/install_schema.sql
===================================================================
--- core/install/install_schema.sql (revision 14468)
+++ core/install/install_schema.sql (working copy)
@@ -259,10 +259,8 @@
tz int(11) DEFAULT NULL,
ip varchar(20) NOT NULL DEFAULT '',
IsBanned tinyint(1) NOT NULL DEFAULT '0',
- PassResetTime int(11) unsigned DEFAULT NULL,
- PwResetConfirm varchar(255) DEFAULT NULL,
+ PwResetConfirm varchar(255) NOT NULL,
PwRequestTime int(11) unsigned DEFAULT NULL,
- MinPwResetDelay int(11) NOT NULL DEFAULT '1800',
AdminLanguage int(11) DEFAULT NULL,
DisplayToPublic text,
UserType tinyint(4) NOT NULL,
Index: core/install/upgrades.sql
===================================================================
--- core/install/upgrades.sql (revision 14469)
+++ core/install/upgrades.sql (working copy)
@@ -2026,4 +2026,17 @@
UPDATE PortalUser
SET OldStyleLogin = 1
-WHERE (Login <> '') AND (Login NOT REGEXP '^[A-Z0-9_\\-\\.]+$');
\ No newline at end of file
+WHERE (Login <> '') AND (Login NOT REGEXP '^[A-Z0-9_\\-\\.]+$');
+
+DELETE FROM Events WHERE Event = 'USER.PSWD';
+
+UPDATE Phrase
+SET l<%PRIMARY_LANGUAGE%>_Translation = 'Your password has been reset.'
+WHERE PhraseKey = 'LU_TEXT_FORGOTPASSHASBEENRESET' AND l<%PRIMARY_LANGUAGE%>_Translation = 'Your password has been reset. The new password has been sent to your e-mail address. You may now login with the new password.';
+
+ALTER TABLE PortalUser
+ DROP MinPwResetDelay,
+ DROP PassResetTime,
+ CHANGE PwResetConfirm PwResetConfirm VARCHAR(255) NOT NULL;
+
+UPDATE PortalUser SET PwRequestTime = NULL WHERE PwRequestTime = 0;
\ No newline at end of file
Index: core/units/helpers/user_helper.php
===================================================================
--- core/units/helpers/user_helper.php (revision 14468)
+++ core/units/helpers/user_helper.php (working copy)
@@ -441,4 +441,38 @@
return !$found;
}
+
+ public function validateUserCode($user_code, $code_type, $expiration_timeout = null)
+ {
+ $expiration_timeouts = Array (
+ 'forgot_password' => 'config:Users_AllowReset',
+ 'activation' => 'config:UserEmailActivationTimeout',
+ 'custom' => '',
+ );
+
+ if ( !$user_code ) {
+ return 'code_is_not_valid';
+ }
+
+ $sql = 'SELECT PwRequestTime, PortalUserId
+ FROM ' . TABLE_PREFIX . 'PortalUser
+ WHERE PwResetConfirm = ' . $this->Conn->qstr( trim($user_code) );
+ $user_info = $this->Conn->GetRow($sql);
+
+ if ( $user_info === false ) {
+ return 'code_is_not_valid';
+ }
+
+ $expiration_timeout = isset($expiration_timeout) ? $expiration_timeout : $expiration_timeouts[$code_type];
+
+ if ( preg_match('/^config:(.*)$/', $expiration_timeout, $regs) ) {
+ $expiration_timeout = $this->Application->ConfigValue( $regs[1] );
+ }
+
+ if ( $expiration_timeout && $user_info['PwRequestTime'] < strtotime('-' . $expiration_timeout . ' minutes') ) {
+ return 'code_expired';
+ }
+
+ return $user_info['PortalUserId'];
+ }
}
Index: core/units/users/users_config.php
===================================================================
--- core/units/users/users_config.php (revision 14468)
+++ core/units/users/users_config.php (working copy)
@@ -383,10 +383,8 @@
'tz' => Array('type' => 'int', 'default' => NULL),
'ip' => Array('type' => 'string', 'not_null' => 1, 'default' => ''),
'IsBanned' => Array('type' => 'int','not_null' => 1, 'default' => 0),
- 'PassResetTime' => Array('type' => 'int','default' => NULL),
- 'PwResetConfirm' => Array('type' => 'string','default' => NULL),
- 'PwRequestTime' => Array('type' => 'int','default' => NULL),
- 'MinPwResetDelay' => Array('type' => 'int', 'formatter' => 'kOptionsFormatter', 'options' => Array(300 => '5', 600 => '10', 900 => '15', 1800 => '30', 3600 => '60'), 'use_phrases' => 0, 'not_null' => '1', 'default' => 1800),
+ 'PwResetConfirm' => Array('type' => 'string', 'not_null' => 1, 'default' => ''),
+ 'PwRequestTime' => Array('type' => 'int', 'formatter' => 'kDateFormatter', 'default' => NULL),
'AdminLanguage' => Array (
'type' => 'int',
'formatter' => 'kOptionsFormatter', 'options_sql' => 'SELECT %s FROM ' . TABLE_PREFIX . 'Language ORDER BY PackName', 'option_key_field' => 'LanguageId', 'option_title_field' => 'LocalName',
Index: core/units/users/users_event_handler.php
===================================================================
--- core/units/users/users_event_handler.php (revision 14468)
+++ core/units/users/users_event_handler.php (working copy)
@@ -35,8 +35,6 @@
'OnRefreshForm' => Array('self' => true),
'OnForgotPassword' => Array('self' => true),
- 'OnResetPassword' => Array('self' => true),
- 'OnResetPasswordConfirmed' => Array('self' => true),
'OnSubscribeQuery' => Array('self' => true),
'OnSubscribeUser' => Array('self' => true),
@@ -52,6 +50,23 @@
}
/**
+ * Builds item (loads if needed)
+ *
+ * Pattern: Prototype Manager
+ *
+ * @param kEvent $event
+ * @access protected
+ */
+ function OnItemBuild(&$event)
+ {
+ parent::OnItemBuild($event);
+
+ if ($event->Special == 'forgot') {
+ $this->_makePasswordRequired($event);
+ }
+ }
+
+ /**
* Shows only admins when required
*
* @param kEvent $event
@@ -117,6 +132,7 @@
if ($event->Name == 'OnUpdate' && $user_id > 0) {
$user_dummy =& $this->Application->recallObject($event->Prefix.'.-item', null, Array('skip_autoload' => true));
+
foreach ($items_info as $id => $field_values) {
if ($id != $user_id) {
// registered users can update their record only
@@ -136,9 +152,15 @@
return false;
}
}
+
return true;
}
+ if ( $event->Name == 'OnResetLostPassword' && $event->Special == 'forgot' && $user_id == USER_GUEST ) {
+ // non-logged in users can reset their password, when reset code is valid
+ return is_numeric( $this->getPassedID($event) );
+ }
+
if ($event->Name == 'OnUpdate' && $user_id <= 0) {
// guests are not allowed to update their record, because they don't have it :)
return false;
@@ -814,152 +836,65 @@
$user_current_object =& $this->Application->recallObject('u', null, Array('skip_autoload' => true)); // TODO: change theme too
/* @var $user_current_object UsersItem */
- $username = $this->Application->GetVar('username');
+ $found = $allow_reset = false;
$email = $this->Application->GetVar('email');
- $found = false;
- $allow_reset = true;
+ $username = $this->Application->GetVar('username');
- if (strlen($username)) {
+ if ( strlen($username) ) {
$user_object->Load($username, 'Login');
- if ($user_object->isLoaded()) {
- $found = ($user_object->GetDBField("Login")==$username && $user_object->GetDBField("Status")==1) && strlen($user_object->GetDBField("Password"));
- }
}
- else if(strlen($email)) {
+ elseif( strlen($email) ) {
$user_object->Load($email, 'Email');
- if ($user_object->isLoaded()) {
- $found = ($user_object->GetDBField("Email")==$email && $user_object->GetDBField("Status")==1) && strlen($user_object->GetDBField("Password"));
- }
}
- if ($user_object->isLoaded()) {
- $PwResetConfirm = $user_object->GetDBField('PwResetConfirm');
- $PwRequestTime = $user_object->GetDBField('PwRequestTime');
- $PassResetTime = $user_object->GetDBField('PassResetTime');
- //$MinPwResetDelay = $user_object->GetDBField('MinPwResetDelay');
- $MinPwResetDelay = $this->Application->ConfigValue('Users_AllowReset');
+ if ( $user_object->isLoaded() ) {
+ $min_pwd_reset_delay = $this->Application->ConfigValue('Users_AllowReset');
+ $found = ($user_object->GetDBField('Status') == STATUS_ACTIVE) && strlen( $user_object->GetDBField('Password') );
- $allow_reset = (strlen($PwResetConfirm) ?
- adodb_mktime() > $PwRequestTime + $MinPwResetDelay :
- adodb_mktime() > $PassResetTime + $MinPwResetDelay);
+ if ( !$user_object->GetDBField('PwResetConfirm') ) {
+ // no reset made -> allow
+ $allow_reset = true;
+ }
+ else {
+ // reset made -> wait N minutes, then allow
+ $allow_reset = adodb_mktime() > $user_object->GetDBField('PwRequestTime') + $min_pwd_reset_delay;
+ }
}
if ($found && $allow_reset) {
- $this->Application->StoreVar('tmp_user_id', $user_object->GetDBField("PortalUserId"));
- $this->Application->StoreVar('tmp_email', $user_object->GetDBField("Email"));
+ $this->Application->EmailEventUser('USER.PSWDC', $user_object->GetID());
- $confirm_template = $this->Application->GetVar('reset_confirm_template');
- if (!$confirm_template) {
- $this->Application->SetVar('reset_confirm_template', 'platform/login/forgotpass_reset');
- }
- $this->Application->EmailEventUser('USER.PSWDC', $user_object->GetDBField('PortalUserId'));
-
$event->redirect = $this->Application->GetVar('template_success');
+
+ return ;
}
- else {
- if (!strlen($username) && !strlen($email)) {
- $user_current_object->SetError('Login', 'forgotpw_nodata', 'lu_ferror_forgotpw_nodata');
- $user_current_object->SetError('Email', 'forgotpw_nodata', 'lu_ferror_forgotpw_nodata');
- }
- else {
- if ($allow_reset) {
- if (strlen($username)) {
- $user_current_object->SetError('Login', 'unknown_username', 'lu_ferror_unknown_username');
- }
- if (strlen($email)) {
- $user_current_object->SetError('Email', 'unknown_email', 'lu_ferror_unknown_email');
- }
- }
- else {
- if (strlen($username)) {
- $user_current_object->SetError('Login', 'reset_denied', 'lu_ferror_reset_denied');
- }
- if (strlen($email)) {
- $user_current_object->SetError('Email', 'reset_denied', 'lu_ferror_reset_denied');
- }
- }
+ if ( !strlen($username) && !strlen($email) ) {
+ $user_current_object->SetError('Login', 'forgotpw_nodata', 'lu_ferror_forgotpw_nodata');
+ $user_current_object->SetError('Email', 'forgotpw_nodata', 'lu_ferror_forgotpw_nodata');
+ }
+ elseif ( !$found ) {
+ if ( strlen($username) ) {
+ $user_current_object->SetError('Login', 'unknown_username', 'lu_ferror_unknown_username');
}
- if ( $user_current_object->HasErrors() ) {
- $event->redirect = false;
+ if ( strlen($email) ) {
+ $user_current_object->SetError('Email', 'unknown_email', 'lu_ferror_unknown_email');
}
}
- }
+ elseif ( !$allow_reset ) {
+ if ( strlen($username) ) {
+ $user_current_object->SetError('Login', 'reset_denied', 'lu_ferror_reset_denied');
+ }
- /**
- * Enter description here...
- *
- * @param kEvent $event
- */
- function OnResetPassword(&$event)
- {
- $user_object =& $this->Application->recallObject('u.forgot');
-
- if($user_object->Load($this->Application->RecallVar('tmp_user_id'))){
-
- $this->Application->EmailEventUser('USER.PSWDC', $user_object->GetDBField("PortalUserId"));
- $event->redirect = $this->Application->GetVar('template_success');
-
- $m_cat_id = $this->Application->findModule('Name', 'In-Commerce', 'RootCat');
- $this->Application->SetVar('m_cat_id', $m_cat_id);
- $event->SetRedirectParam('pass', 'm');
+ if ( strlen($email) ) {
+ $user_current_object->SetError('Email', 'reset_denied', 'lu_ferror_reset_denied');
+ }
}
- }
- function OnResetPasswordConfirmed(&$event)
- {
- // used for error reporting only -> rewrite code + theme (by Alex)
- $user_current_object =& $this->Application->recallObject('u', null, Array('skip_autoload' => true));// TODO: change theme too
- /* @var $user_current_object UsersItem */
-
- $passed_key = trim($this->Application->GetVar('user_key'));
-
- if (!$passed_key) {
- $event->setRedirectParams(Array('opener' => 's', 'pass' => 'all'), true);
+ if ( $user_current_object->HasErrors() ) {
$event->redirect = false;
-
- $user_current_object->SetError('PwResetConfirm', 'code_is_not_valid', 'lu_code_is_not_valid');
- }
-
- $user_object =& $this->Application->recallObject('u.forgot', null, Array('skip_autoload' => true));
- /* @var $user_object UsersItem */
-
- $user_object->Load($passed_key, 'PwResetConfirm');
-
- if ($user_object->isLoaded()) {
- $exp_time = $user_object->GetDBField('PwRequestTime') + 3600;
- $user_object->SetDBField('PwResetConfirm', '');
- $user_object->SetDBField('PwRequestTime', 0);
-
- if ($exp_time > adodb_mktime()) {
- $newpw = $user_object->generatePassword();
- $this->Application->StoreVar('password', $newpw);
-
- $user_object->SetDBField('PassResetTime', adodb_mktime());
- $user_object->SetDBField('PwResetConfirm', '');
- $user_object->SetDBField('PwRequestTime', 0);
- $user_object->Update();
-
- $this->Application->SetVar('ForgottenPassword', $newpw);
-
- $email_event_user =& $this->Application->EmailEventUser('USER.PSWD', $user_object->GetDBField('PortalUserId'));
- $email_event_admin =& $this->Application->EmailEventAdmin('USER.PSWD');
-
- $this->Application->DeleteVar('ForgottenPassword');
-
- if ($email_event_user->status == kEvent::erSUCCESS) {
- $event->setRedirectParams(array('opener' => 's', 'pass' => 'all'), true);
- $event->redirect = $this->Application->GetVar('template_success');
- }
- } else {
- $user_current_object->SetError('PwResetConfirm', 'code_expired', 'lu_code_expired');
- $event->redirect = false;
- }
- } else {
- $user_current_object->SetError('PwResetConfirm', 'code_is_not_valid', 'lu_code_is_not_valid');
- $event->redirect = false;
- }
+ }
}
function OnUpdate(&$event)
@@ -983,6 +918,15 @@
$cs_helper->CheckStateField($event, 'State', 'Country');
$cs_helper->PopulateStates($event, 'State', 'Country');
+
+ if ($event->Special == 'forgot') {
+ $object =& $event->getObject();
+ /* @var $object kDBItem */
+
+ $object->SetDBField('PwResetConfirm', '');
+ $object->SetDBField('PwRequestTime_date', NULL);
+ $object->SetDBField('PwRequestTime_time', NULL);
+ }
}
/**
@@ -1104,23 +1048,33 @@
$order =& $this->Application->recallObject('ord');
/* @var $order OrdersItem */
- $id = $order->GetDBField('PortalUserId');
+ return $order->GetDBField('PortalUserId');
break;
case 'profile':
$id = $this->Application->GetVar('user_id');
+
if (!$id) {
// if none user_id given use current user id
$id = $this->Application->RecallVar('user_id');
}
+
+ return $id;
break;
- default:
- $id = parent::getPassedID($event);
+ case 'forgot':
+ $user_helper =& $this->Application->recallObject('UserHelper');
+ /* @var $user_helper UserHelper */
+
+ $id = $user_helper->validateUserCode( $this->Application->GetVar('user_key'), 'forgot_password' );
+
+ if ( is_numeric($id) ) {
+ return $id;
+ }
break;
}
- return $id;
+ return parent::getPassedID($event);
}
/**
@@ -1731,4 +1685,29 @@
echo kUtil::generatePassword();
}
}
+
+ /**
+ * Changes user's password and logges him in
+ *
+ * @param kEvent $event
+ */
+ function OnResetLostPassword(&$event)
+ {
+ $object =& $event->getObject();
+ /* @var $object kDBItem */
+
+ $event->CallSubEvent('OnUpdate');
+
+ if ( $event->status == kEvent::erSUCCESS ) {
+ $user_helper =& $this->Application->recallObject('UserHelper');
+ /* @var $user_helper UserHelper */
+
+ $user =& $user_helper->getUserObject();
+ $user->Load( $object->GetID() );
+
+ if ( $user_helper->checkLoginPermission() ) {
+ $user_helper->loginUserById( $user->GetID() );
+ }
+ }
+ }
}
Index: core/units/users/users_tag_processor.php
===================================================================
--- core/units/users/users_tag_processor.php (revision 14469)
+++ core/units/users/users_tag_processor.php (working copy)
@@ -41,18 +41,22 @@
function ConfirmPasswordLink($params)
{
+ $user =& $this->Application->recallObject($this->Prefix . '.email-to');
+ /* @var $user UsersItem */
+
$code = $this->getCachedCode();
+ $user->SetDBField('PwResetConfirm', $code);
+ $user->SetDBField('PwRequestTime_date', adodb_mktime());
+ $user->SetDBField('PwRequestTime_time', adodb_mktime());
- $fields_hash = Array (
- 'PwResetConfirm' => $code,
- 'PwRequestTime' => adodb_mktime(),
- );
+ if ( $user->GetChangedFields() ) {
+ // tag is called 2 times within USER.PWDC email event, so don't update user record twice
+ $user->Update();
+ }
- $user_id = $this->Application->RecallVar('tmp_user_id');
- $this->Conn->doUpdate($fields_hash, TABLE_PREFIX.'PortalUser', 'PortalUserId = '.$user_id);
-
$params['user_key'] = $code;
- if (!$this->SelectParam($params, 'template,t')) {
+
+ if ( !$this->SelectParam($params, 'template,t') ) {
$params['template'] = $this->Application->GetVar('reset_confirm_template');
}
@@ -68,7 +72,7 @@
{
static $code = null;
- if (!isset($code)) {
+ if ( !isset($code) ) {
$code = md5($this->GenerateCode());
}
@@ -77,35 +81,53 @@
function GenerateCode()
{
- list($usec, $sec) = explode(" ",microtime());
+ list($usec, $sec) = explode(" ",microtime());
- $id_part_1 = substr($usec, 4, 4);
- $id_part_2 = mt_rand(1,9);
- $id_part_3 = substr($sec, 6, 4);
- $digit_one = substr($id_part_1, 0, 1);
- if ($digit_one == 0) {
- $digit_one = mt_rand(1,9);
- $id_part_1 = preg_replace('/^0/', '', $id_part_1);
- $id_part_1=$digit_one.$id_part_1;
- }
- return $id_part_1.$id_part_2.$id_part_3;
- }
+ $id_part_1 = substr($usec, 4, 4);
+ $id_part_2 = mt_rand(1,9);
+ $id_part_3 = substr($sec, 6, 4);
+ $digit_one = substr($id_part_1, 0, 1);
- function ForgottenPassword($params)
- {
- return $this->Application->GetVar('ForgottenPassword');
+ if ($digit_one == 0) {
+ $digit_one = mt_rand(1,9);
+ $id_part_1 = preg_replace('/^0/', '', $id_part_1);
+ $id_part_1=$digit_one.$id_part_1;
+ }
+
+ return $id_part_1.$id_part_2.$id_part_3;
}
function TestCodeIsValid($params)
{
- $passed_key = trim($this->Application->GetVar('user_key'));
+ $user_helper =& $this->Application->recallObject('UserHelper');
+ /* @var $user_helper UserHelper */
- // used for error reporting only -> rewrite code + theme (by Alex)
- $user_current_object =& $this->Application->recallObject('u', null, Array('skip_autoload' => true)); // TODO: change theme too
- /* @var $user_current_object UsersItem */
-
$code_type = isset($params['code_type']) ? $params['code_type'] : 'forgot_password';
+ $expiration_timeout = isset($params['expiration_timeout']) ? $params['expiration_timeout'] : null;
+ $user_id = $user_helper->validateUserCode($this->Application->GetVar('user_key'), $code_type, $expiration_timeout);
+ if ( !is_numeric($user_id) ) {
+ // used for error reporting only -> rewrite code + theme (by Alex)
+ $object =& $this->getObject( Array('skip_autoload' => true) ); // TODO: change theme too
+ /* @var $object UsersItem */
+
+ $object->SetError('PwResetConfirm', $user_id, $this->_getUserCodeErrorMsg($user_id, $code_type, $params));
+
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Returns error message set by given code type
+ *
+ * @param string $error_code
+ * @param Array $params
+ * @return string
+ */
+ function _getUserCodeErrorMsg($error_code, $code_type, $params)
+ {
$error_messages = Array (
'forgot_password' => Array (
'code_is_not_valid' => 'lu_code_is_not_valid',
@@ -126,45 +148,7 @@
);
}
- $expiration_timeouts = Array (
- 'forgot_password' => 'config:Users_AllowReset',
- 'activation' => 'config:UserEmailActivationTimeout',
- 'custom' => '',
- );
-
- if (!$passed_key) {
- $user_current_object->SetError('PwResetConfirm', 'code_is_not_valid', $error_messages[$code_type]['code_is_not_valid']);
-
- return false;
- }
-
- $user_object =& $this->Application->recallObject('u.forgot', null, Array('skip_autoload' => true));
- /* @var $user_object UsersItems */
-
- $user_object->Load($passed_key, 'PwResetConfirm');
-
- if ( !$user_object->isLoaded() ) {
- $user_current_object->SetError('PwResetConfirm', 'code_is_not_valid', $error_messages[$code_type]['code_is_not_valid']);
-
- return false;
- }
- else {
- $expiration_timeout = isset($params['expiration_timeout']) ? $params['expiration_timeout'] : $expiration_timeouts[$code_type];
-
- if ( preg_match('/^config:(.*)$/', $expiration_timeout, $regs) ) {
- $expiration_timeout = $this->Application->ConfigValue( $regs[1] );
- }
-
- if ( $expiration_timeout ) {
- if ( $user_object->GetDBField('PwRequestTime') < strtotime('-' . $expiration_timeout . ' minutes') ) {
- $user_current_object->SetError('PwResetConfirm', 'code_expired', $error_messages[$code_type]['code_expired']);
-
- return false;
- }
- }
- }
-
- return true;
+ return $error_messages[$code_type][$error_code];
}
/**
@@ -303,17 +287,14 @@
*/
function ActivationLink($params)
{
- $code = $this->getCachedCode();
-
- $fields_hash = Array (
- 'PwResetConfirm' => $code,
- 'PwRequestTime' => adodb_mktime(),
- );
-
$object =& $this->getObject($params);
/* @var $object kDBItem */
- $this->Conn->doUpdate($fields_hash, $object->TableName, $object->IDField . ' = ' . $object->GetID());
+ $code = $this->getCachedCode();
+ $object->SetDBField('PwResetConfirm', $code);
+ $object->SetDBField('PwRequestTime_date', adodb_mktime());
+ $object->SetDBField('PwRequestTime_time', adodb_mktime());
+ $object->Update();
$params['user_key'] = $code;
@@ -339,7 +320,8 @@
$user->SetDBField('Status', STATUS_ACTIVE);
$user->SetDBField('PwResetConfirm', '');
- $user->SetDBField('PwRequestTime', 0);
+ $user->SetDBField('PwRequestTime_date', NULL);
+ $user->SetDBField('PwRequestTime_time', NULL);
$user->Update();
$user_helper =& $this->Application->recallObject('UserHelper');