1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2008 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Password_Controller extends Controller {
public function reset() {
if (request::method() == "post") {
$this->_send_reset();
} else {
// @todo validate the query key parmeter
print $this->_reset_form();
}
}
public function do_reset() {
if (request::method() == "post") {
$this->_change_password();
} else {
print $this->_new_password_form();
}
}
private function _send_reset() {
$form = $this->_reset_form();
$valid = $form->validate();
if ($valid) {
$user = ORM::factory("user")->where("name", $form->reset->inputs["name"]->value)->find();
if (!$user->loaded || empty($user->email)) {
$form->reset->inputs["name"]->add_error("no_email", 1);
$valid = false;
}
}
if ($valid) {
try {
$md5 = md5("$user->name; $user->full_name; $user->login_count; $user->last_login");
$message = new View("reset_password.html");
$message->url = url::abs_site("password/do_reset?key=$md5");
$message->name = $user->full_name;
$message->title = t("Password Reset Request");
Sendmail::factory()
->to($user->email)
->subject(t("Password Reset Request"))
->header("Mime-Version", "1.0")
->header("Content-type", "text/html; charset=iso-8859-1")
->message($message->render())
->send();
} catch (Exception $e) {
Kohana::log("error", $e->getMessage() . "\n" . $e->getTraceAsString());
}
message::success(t("Password reset email sent"), null);
print json_encode(
array("result" => "success"));
} else {
print json_encode(
array("result" => "error",
"form" => $form->__toString()));
}
}
private function _reset_form() {
$form = new Forge(url::current(true), "", "post", array("id" => "gResetForm"));
$group = $form->group("reset")->label(t("Reset Password"));
$group->input("name")->label(t("Name"))->id("gName")->class(null)->rules("required");
$group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
$group->submit("")->value(t("Reset"));
return $form;
}
private function _new_password_form() {
$form = new Forge("password/do_reset", "", "post", array("id" => "gChangePasswordForm"));
$group = $form->group("reset")->label(t("Change Password"));
$group->password("password")->label(t("Password"))->id("gPassword");
$group->password("password2")->label(t("Confirm Password"))->id("gPassword2");
$group->inputs["password2"]->error_messages(
"mistyped", t("The password and the confirm password must match"));
$group->submit("")->value(t("Update"));
return $form;
}
}
|
