| [ Index ] |
PHP Cross Reference of Joomla 2.5.4 DE |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * @package Joomla.Site 4 * @subpackage com_users 5 * @copyright Copyright (C) 2005 - 2012 Open Source Matters, Inc. All rights reserved. 6 * @license GNU General Public License version 2 or later; see LICENSE.txt 7 */ 8 9 defined('_JEXEC') or die; 10 11 jimport('joomla.application.component.modelform'); 12 jimport('joomla.event.dispatcher'); 13 14 /** 15 * Rest model class for Users. 16 * 17 * @package Joomla.Site 18 * @subpackage com_users 19 * @since 1.5 20 */ 21 class UsersModelReset extends JModelForm 22 { 23 /** 24 * Method to get the password reset request form. 25 * 26 * @param array $data Data for the form. 27 * @param boolean $loadData True if the form is to load its own data (default case), false if not. 28 * @return JForm A JForm object on success, false on failure 29 * @since 1.6 30 */ 31 public function getForm($data = array(), $loadData = true) 32 { 33 // Get the form. 34 $form = $this->loadForm('com_users.reset_request', 'reset_request', array('control' => 'jform', 'load_data' => $loadData)); 35 if (empty($form)) { 36 return false; 37 } 38 39 return $form; 40 } 41 42 /** 43 * Method to get the password reset complete form. 44 * 45 * @param array $data Data for the form. 46 * @param boolean $loadData True if the form is to load its own data (default case), false if not. 47 * @return JForm A JForm object on success, false on failure 48 * @since 1.6 49 */ 50 public function getResetCompleteForm($data = array(), $loadData = true) 51 { 52 // Get the form. 53 $form = $this->loadForm('com_users.reset_complete', 'reset_complete', $options = array('control' => 'jform')); 54 if (empty($form)) { 55 return false; 56 } 57 58 return $form; 59 } 60 61 /** 62 * Method to get the password reset confirm form. 63 * 64 * @param array $data Data for the form. 65 * @param boolean $loadData True if the form is to load its own data (default case), false if not. 66 * @return JForm A JForm object on success, false on failure 67 * @since 1.6 68 */ 69 public function getResetConfirmForm($data = array(), $loadData = true) 70 { 71 // Get the form. 72 $form = $this->loadForm('com_users.reset_confirm', 'reset_confirm', $options = array('control' => 'jform')); 73 if (empty($form)) { 74 return false; 75 } 76 77 return $form; 78 } 79 80 /** 81 * Override preprocessForm to load the user plugin group instead of content. 82 * 83 * @param object A form object. 84 * @param mixed The data expected for the form. 85 * @throws Exception if there is an error in the form event. 86 * @since 1.6 87 */ 88 protected function preprocessForm(JForm $form, $data, $group = 'user') 89 { 90 parent::preprocessForm($form, $data, $group); 91 } 92 93 /** 94 * Method to auto-populate the model state. 95 * 96 * Note. Calling getState in this method will result in recursion. 97 * 98 * @since 1.6 99 */ 100 protected function populateState() 101 { 102 // Get the application object. 103 $params = JFactory::getApplication()->getParams('com_users'); 104 105 // Load the parameters. 106 $this->setState('params', $params); 107 } 108 109 /** 110 * @since 1.6 111 */ 112 function processResetComplete($data) 113 { 114 // Get the form. 115 $form = $this->getResetCompleteForm(); 116 117 // Check for an error. 118 if ($form instanceof Exception) { 119 return $form; 120 } 121 122 // Filter and validate the form data. 123 $data = $form->filter($data); 124 $return = $form->validate($data); 125 126 // Check for an error. 127 if ($return instanceof Exception) { 128 return $return; 129 } 130 131 // Check the validation results. 132 if ($return === false) { 133 // Get the validation messages from the form. 134 foreach ($form->getErrors() as $message) { 135 $this->setError($message); 136 } 137 return false; 138 } 139 140 // Get the token and user id from the confirmation process. 141 $app = JFactory::getApplication(); 142 $token = $app->getUserState('com_users.reset.token', null); 143 $userId = $app->getUserState('com_users.reset.user', null); 144 145 // Check the token and user id. 146 if (empty($token) || empty($userId)) { 147 return new JException(JText::_('COM_USERS_RESET_COMPLETE_TOKENS_MISSING'), 403); 148 } 149 150 // Get the user object. 151 $user = JUser::getInstance($userId); 152 153 // Check for a user and that the tokens match. 154 if (empty($user) || $user->activation !== $token) { 155 $this->setError(JText::_('COM_USERS_USER_NOT_FOUND')); 156 return false; 157 } 158 159 // Make sure the user isn't blocked. 160 if ($user->block) { 161 $this->setError(JText::_('COM_USERS_USER_BLOCKED')); 162 return false; 163 } 164 165 // Generate the new password hash. 166 $salt = JUserHelper::genRandomPassword(32); 167 $crypted = JUserHelper::getCryptedPassword($data['password1'], $salt); 168 $password = $crypted.':'.$salt; 169 170 // Update the user object. 171 $user->password = $password; 172 $user->activation = ''; 173 $user->password_clear = $data['password1']; 174 175 // Save the user to the database. 176 if (!$user->save(true)) { 177 return new JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()), 500); 178 } 179 180 // Flush the user data from the session. 181 $app->setUserState('com_users.reset.token', null); 182 $app->setUserState('com_users.reset.user', null); 183 184 return true; 185 } 186 187 /** 188 * @since 1.6 189 */ 190 function processResetConfirm($data) 191 { 192 // Get the form. 193 $form = $this->getResetConfirmForm(); 194 195 // Check for an error. 196 if ($form instanceof Exception) { 197 return $form; 198 } 199 200 // Filter and validate the form data. 201 $data = $form->filter($data); 202 $return = $form->validate($data); 203 204 // Check for an error. 205 if ($return instanceof Exception) { 206 return $return; 207 } 208 209 // Check the validation results. 210 if ($return === false) { 211 // Get the validation messages from the form. 212 foreach ($form->getErrors() as $message) { 213 $this->setError($message); 214 } 215 return false; 216 } 217 218 // Find the user id for the given token. 219 $db = $this->getDbo(); 220 $query = $db->getQuery(true); 221 $query->select('activation'); 222 $query->select('id'); 223 $query->select('block'); 224 $query->from($db->quoteName('#__users')); 225 $query->where($db->quoteName('username').' = '.$db->Quote($data['username'])); 226 227 // Get the user id. 228 $db->setQuery((string) $query); 229 $user = $db->loadObject(); 230 231 // Check for an error. 232 if ($db->getErrorNum()) { 233 return new JException(JText::sprintf('COM_USERS_DATABASE_ERROR', $db->getErrorMsg()), 500); 234 } 235 236 // Check for a user. 237 if (empty($user)) { 238 $this->setError(JText::_('COM_USERS_USER_NOT_FOUND')); 239 return false; 240 } 241 242 $parts = explode( ':', $user->activation ); 243 $crypt = $parts[0]; 244 if (!isset($parts[1])) { 245 $this->setError(JText::_('COM_USERS_USER_NOT_FOUND')); 246 return false; 247 } 248 $salt = $parts[1]; 249 $testcrypt = JUserHelper::getCryptedPassword($data['token'], $salt); 250 251 // Verify the token 252 if (!($crypt == $testcrypt)) 253 { 254 $this->setError(JText::_('COM_USERS_USER_NOT_FOUND')); 255 return false; 256 } 257 258 // Make sure the user isn't blocked. 259 if ($user->block) { 260 $this->setError(JText::_('COM_USERS_USER_BLOCKED')); 261 return false; 262 } 263 264 // Push the user data into the session. 265 $app = JFactory::getApplication(); 266 $app->setUserState('com_users.reset.token', $crypt.':'.$salt); 267 $app->setUserState('com_users.reset.user', $user->id); 268 269 return true; 270 } 271 272 /** 273 * Method to start the password reset process. 274 * 275 * @since 1.6 276 */ 277 public function processResetRequest($data) 278 { 279 $config = JFactory::getConfig(); 280 281 // Get the form. 282 $form = $this->getForm(); 283 284 // Check for an error. 285 if ($form instanceof Exception) { 286 return $form; 287 } 288 289 // Filter and validate the form data. 290 $data = $form->filter($data); 291 $return = $form->validate($data); 292 293 // Check for an error. 294 if ($return instanceof Exception) { 295 return $return; 296 } 297 298 // Check the validation results. 299 if ($return === false) { 300 // Get the validation messages from the form. 301 foreach ($form->getErrors() as $message) { 302 $this->setError($message); 303 } 304 return false; 305 } 306 307 // Find the user id for the given email address. 308 $db = $this->getDbo(); 309 $query = $db->getQuery(true); 310 $query->select('id'); 311 $query->from($db->quoteName('#__users')); 312 $query->where($db->quoteName('email').' = '.$db->Quote($data['email'])); 313 314 // Get the user object. 315 $db->setQuery((string) $query); 316 $userId = $db->loadResult(); 317 318 // Check for an error. 319 if ($db->getErrorNum()) { 320 $this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR', $db->getErrorMsg()), 500); 321 return false; 322 } 323 324 // Check for a user. 325 if (empty($userId)) { 326 $this->setError(JText::_('COM_USERS_INVALID_EMAIL')); 327 return false; 328 } 329 330 // Get the user object. 331 $user = JUser::getInstance($userId); 332 333 // Make sure the user isn't blocked. 334 if ($user->block) { 335 $this->setError(JText::_('COM_USERS_USER_BLOCKED')); 336 return false; 337 } 338 339 // Make sure the user isn't a Super Admin. 340 if ($user->authorise('core.admin')) { 341 $this->setError(JText::_('COM_USERS_REMIND_SUPERADMIN_ERROR')); 342 return false; 343 } 344 345 // Set the confirmation token. 346 $token = JApplication::getHash(JUserHelper::genRandomPassword()); 347 $salt = JUserHelper::getSalt('crypt-md5'); 348 $hashedToken = md5($token.$salt).':'.$salt; 349 350 $user->activation = $hashedToken; 351 352 // Save the user to the database. 353 if (!$user->save(true)) { 354 return new JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()), 500); 355 } 356 357 // Assemble the password reset confirmation link. 358 $mode = $config->get('force_ssl', 0) == 2 ? 1 : -1; 359 $itemid = UsersHelperRoute::getLoginRoute(); 360 $itemid = $itemid !== null ? '&Itemid='.$itemid : ''; 361 $link = 'index.php?option=com_users&view=reset&layout=confirm'.$itemid; 362 363 // Put together the email template data. 364 $data = $user->getProperties(); 365 $data['fromname'] = $config->get('fromname'); 366 $data['mailfrom'] = $config->get('mailfrom'); 367 $data['sitename'] = $config->get('sitename'); 368 $data['link_text'] = JRoute::_($link, false, $mode); 369 $data['link_html'] = JRoute::_($link, true, $mode); 370 $data['token'] = $token; 371 372 $subject = JText::sprintf( 373 'COM_USERS_EMAIL_PASSWORD_RESET_SUBJECT', 374 $data['sitename'] 375 ); 376 377 $body = JText::sprintf( 378 'COM_USERS_EMAIL_PASSWORD_RESET_BODY', 379 $data['sitename'], 380 $data['token'], 381 $data['link_text'] 382 ); 383 384 // Send the password reset request email. 385 $return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $user->email, $subject, $body); 386 // Check for an error. 387 if ($return !== true) { 388 return new JException(JText::_('COM_USERS_MAIL_FAILED'), 500); 389 } 390 391 return true; 392 } 393 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Apr 3 11:40:28 2012 | Cross-referenced by PHPXref 0.7.1 |