loginresetdispatcher.php

来自「PHP 知识管理系统（基于树结构的知识管理系统）, 英文原版的PHP源码。」· PHP 代码 · 共 419 行 · 第 1/2 页

        if (PEAR::isError($oUser) || ($oUser === false)) {
            if (is_a($oUser, 'ktentitynoobjects')) {
                loginUtil::handleUserDoesNotExist($username, $password, $aExtra);
            }
            $this->simpleRedirectToMain(_kt('Login failed.  Please check your username and password, and try again.'), $url, $queryParams);
            exit(0);
        }

        if (empty($password)) {
            $this->simpleRedirectToMain(_kt('Please enter your password.'), $url, $queryParams);
        }

        $authenticated = KTAuthenticationUtil::checkPassword($oUser, $password);

        if (PEAR::isError($authenticated)) {
            $this->simpleRedirectToMain(_kt('Authentication failure.  Please try again.'), $url, $queryParams);
            exit(0);
        }

        if ($authenticated !== true) {
            $this->simpleRedirectToMain(_kt('Login failed.  Please check your username and password, and try again.'), $url, $queryParams);
            exit(0);
        }

        $res = loginUtil::performLogin($oUser);

        if ($res) {
            $this->simpleRedirectToMain($res->getMessage(), $url, $queryParams);
            exit(0);
        }
    }

    function do_autoSignup() {
        $oSource =& $this->oValidator->validateAuthenticationSource($_REQUEST['source_id']);
        $oProvider =& KTAuthenticationUtil::getAuthenticationProviderForSource($oSource);
        $oDispatcher = $oProvider->getSignupDispatcher($oSource);
        $oDispatcher->subDispatch($this);
        exit(0);
    }

    function do_checkCookie() {
        $cookieTest = KTUtil::arrayGet($_COOKIE, "CookieTestCookie", null);
        $cookieVerify = KTUtil::arrayGet($_REQUEST, 'cookieVerify', null);

        $url = $_SERVER["PHP_SELF"];
        $queryParams = array();
        $redirect = KTUtil::arrayGet($_REQUEST, 'redirect');

        if ($redirect !== null) {
            $queryParams[] = 'redirect='. urlencode($redirect);
        }

        if ($cookieTest !== $cookieVerify) {
            Session::destroy();
            $this->simpleRedirectToMain(_kt('You must have cookies enabled to use the document management system.'), $url, $queryParams);
            exit(0);
        }

        // check for a location to forward to
        if ($redirect !== null) {
            $url = $redirect;
        // else redirect to the dashboard if there is none
        } else {
            $url = KTUtil::kt_url();

            $config = KTConfig::getSingleton();
            $redirectToBrowse = $config->get('KnowledgeTree/redirectToBrowse', false);
            $redirectToDashboardList = $config->get('KnowledgeTree/redirectToBrowseExceptions', '');

            if ($redirectToBrowse)
            {
                $exceptionsList = explode(',', str_replace(' ','',$redirectToDashboardList));
                $user = User::get($_SESSION['userID']);
                $username = $user->getUserName();
                $url .= (in_array($username, $exceptionsList))?'/dashboard.php':'/browse.php';
            }
            else
            {
                $url .=  '/dashboard.php';
            }
        }
        exit(redirect($url));
    }

    function checkReset() {
        $resetKey = (isset($_REQUEST['pword_reset'])) ? $_REQUEST['pword_reset'] : '';
        if(!empty($resetKey)){
            // Get the user id from the key
            $aKey = explode('_', $resetKey);
            $id = isset($aKey[1]) ? $aKey[1] : '';

            // Match the key to the one stored in the database and check the expiry date
            $storedKey = KTUtil::getSystemSetting('password_reset_key-'.$id);
            $expiry = KTUtil::getSystemSetting('password_reset_expire-'.$id);

            if($expiry < time()){
                $_REQUEST['errorMessage'] = _kt('The password reset key has expired, please send a new request.');
            }else if($storedKey != $resetKey){
                $_REQUEST['errorMessage'] = _kt('Unauthorised access denied.');
            }else{
                return true;
            }
        }
        return false;
    }

	function do_sendResetRequest(){
	    $email = $_REQUEST['email'];
	    $user = $_REQUEST['username'];

	    // Check that the user and email match up in the database
	    $sQuery = 'SELECT id FROM users WHERE username = ? AND email = ?';
        $aParams = array($user, $email);
        $id = DBUtil::getOneResultKey(array($sQuery, $aParams), 'id');

        if(!is_numeric($id) || $id < 1) {
            return _kt('Please check that you have entered a valid username and email address.');
        }

        // Generate a random key that expires after 24 hours
        $expiryDate = time()+86400;
        $randomKey = rand(20000, 100000)."_{$id}_".KTUtil::getSystemIdentifier();
        KTUtil::setSystemSetting('password_reset_expire-'.$id, $expiryDate);
        KTUtil::setSystemSetting('password_reset_key-'.$id, $randomKey);

        // Create the link to reset the password
        $query = 'pword_reset='.$randomKey;
        $url = KTUtil::addQueryStringSelf($query);
//        $url = KTUtil::kt_url() . '/login.php?' . $query;

        $subject = APP_NAME . ': ' . _kt('password reset request');

        $body = '<dd><p>';
        $body .= _kt('You have requested to reset the password for your account. To confirm that the request was submitted by you
        click on the link below, you will then be able to reset your password.');
        $body .= "</p><p><a href = '$url'>". _kt('Confirm password reset').'</a></p></dd>';

        $oEmail = new Email();
        $res = $oEmail->send($email, $subject, $body);

        if($res === true){
            return _kt('A verification email has been sent to your email address.');
        }

        return _kt('An error occurred while sending the email, please try again or contact the System Administrator.');
    }

    function do_resetPassword(){
	    $email = $_REQUEST['email'];
	    $user = $_REQUEST['username'];
	    $password = $_REQUEST['password'];
	    $confirm = $_REQUEST['confirm'];

	    if(!($password == $confirm)){
	        return _kt('The passwords do not match, please re-enter them.');
	    }
	    $password = md5($password);

        // Get user from db
        $sQuery = 'SELECT id FROM users WHERE username = ? AND email = ?';
        $aParams = array($user, $email);
        $id = DBUtil::getOneResultKey(array($sQuery, $aParams), 'id');

        if(!is_numeric($id) || $id < 1) { //PEAR::isError($res) || is_null($res)){
            return _kt('Please check that you have entered a valid username and email address.');
        }

        // Check expiry
        $expiry = KTUtil::getSystemSetting('password_reset_expire-'.$id);
        if($expiry < time()){
            return _kt('The password reset key has expired, please send a new request.');
        }

        // Update password
        $res = DBUtil::autoUpdate('users', array('password' => $password), $id);

        if(PEAR::isError($res) || is_null($res)){
            return _kt('Your password could not be reset, please try again.');
        }

        // Unset expiry date and key
        KTUtil::setSystemSetting('password_reset_expire-'.$id, '');
        KTUtil::setSystemSetting('password_reset_key-'.$id, '');

        // Email confirmation
        $url = KTUtil::addQueryStringSelf('');

        $subject = APP_NAME . ': ' . _kt('password successfully reset');

        $body = '<dd><p>';
        $body .= _kt('Your password has been successfully reset, click the link below to login.');
        $body .= "</p><p><a href = '$url'>". _kt('Login').'</a></p></dd>';

        $oEmail = new Email();
        $res = $oEmail->send($email, $subject, $body);

        if($res === true){
            return _kt('Your password has been successfully reset.');
        }

        return _kt('An error occurred while sending the email, please try again or contact the System Administrator.');
    }
}

$dispatcher = new loginResetDispatcher();
$dispatcher->dispatch();

?>