stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-02-05 07:55:25 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
2e420522ece22942a9b3b6ee413ca0e1dfa76148
gallery3/modules/user/controllers/password.php
Bharat Mediratta 2e420522ec Preliminary work to cut over to Kohana 2.4 
- Kohana::log() -> Kohana_Log::add()
- Kohana::config_XXX -> Kohana_Config::instance()->XXX
- Implement View::set_global in MY_View
- Updated Cache_Database_Driver to latest APIs
- ORM::$loaded -> ORM::loaded()
- Updated item::viewable() to use K2.4 parenthesization
2009-11-25 13:22:24 -08:00

135 lines
4.7 KiB
PHP
Raw Blame History

<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2009 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Password_Controller extends Controller {
public function reset() {
if (request::method() == "post") {
// @todo separate the post from get parts of this function
access::verify_csrf();
$this->_send_reset();
} else {
print $this->_reset_form();
}
}
public function do_reset() {
if (request::method() == "post") {
$this->_change_password();
} else {
$user = user::lookup_by_hash(Input::instance()->get("key"));
if (!empty($user)) {
print $this->_new_password_form($user->hash);
} else {
throw new Exception("@todo FORBIDDEN", 503);
}
}
}
private function _send_reset() {
$form = $this->_reset_form();
$valid = $form->validate();
if ($valid) {
$user = user::lookup_by_name($form->reset->inputs["name"]->value);
if (!$user->loaded() || empty($user->email)) {
$form->reset->inputs["name"]->add_error("no_email", 1);
$valid = false;
}
}
if ($valid) {
$user->hash = md5(rand());
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
$message->user = $user;
Sendmail::factory()
->to($user->email)
->subject(t("Password Reset Request"))
->header("Mime-Version", "1.0")
->header("Content-type", "text/html; charset=iso-8859-1")
->message($message->render())
->send();
log::success(
"user",
t("Password reset email sent for user %name", array("name" => $user->name)));
} else {
// Don't include the username here until you're sure that it's XSS safe
log::warning(
"user", "Password reset email requested for bogus user");
}
message::success(t("Password reset email sent"));
print json_encode(
array("result" => "success"));
}
private function _reset_form() {
$form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
$group = $form->group("reset")->label(t("Reset Password"));
$group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
$group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
$group->submit("")->value(t("Reset"));
return $form;
}
private function _new_password_form($hash=null) {
$template = new Theme_View("page.html", "other", "reset");
$form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
$group = $form->group("reset")->label(t("Change Password"));
$hidden = $group->hidden("hash");
if (!empty($hash)) {
$hidden->value($hash);
}
$minimum_length = module::get_var("user", "mininum_password_length", 5);
$input_password = $group->password("password")->label(t("Password"))->id("g-password")
->rules($minimum_length ? "required|length[$minimum_length, 40]" : "length[40]");
$group->password("password2")->label(t("Confirm Password"))->id("g-password2")
->matches($group->password);
$group->inputs["password2"]->error_messages(
"mistyped", t("The password and the confirm password must match"));
$group->submit("")->value(t("Update"));
$template->content = new View("user_form.html");
$template->content->form = $form;
return $template;
}
private function _change_password() {
$view = $this->_new_password_form();
if ($view->content->form->validate()) {
$user = user::lookup_by_hash(Input::instance()->post("hash"));
if (empty($user)) {
throw new Exception("@todo FORBIDDEN", 503);
}
$user->password = $view->content->form->reset->password->value;
$user->hash = null;
$user->save();
message::success(t("Password reset successfully"));
url::redirect(item::root()->abs_url());
} else {
print $view;
}
}
}
Reference in New Issue View Git Blame Copy Permalink