summaryrefslogtreecommitdiffstats
path: root/application
diff options
context:
space:
mode:
Diffstat (limited to 'application')
-rw-r--r--application/Functions.php4
-rw-r--r--application/models/DbTable/PasswordRecovery.php10
-rw-r--r--application/models/PasswordRecovery.php98
-rw-r--r--application/models/PasswordRecoveryMapper.php103
-rw-r--r--application/modules/dev/controllers/AuthController.php104
-rw-r--r--application/modules/dev/forms/NewPassword.php37
-rw-r--r--application/modules/user/controllers/AuthController.php105
-rw-r--r--application/modules/user/forms/NewPassword.php38
8 files changed, 450 insertions, 49 deletions
diff --git a/application/Functions.php b/application/Functions.php
index 3ffc39b..6535404 100644
--- a/application/Functions.php
+++ b/application/Functions.php
@@ -1,11 +1,11 @@
<?php
-function random($name_laenge) {
+function randomString($name_laenge = 16) {
$zeichen = "abcedfghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRTSUVWXYZ0123456789";
$name_neu = "";
mt_srand ((double) microtime() * 1000000);
for ($i = 0; $i < $name_laenge; $i++ ) {
- $name_neu .= $zeichen{mt_rand (0,strlen($zeichen))};
+ $name_neu .= $zeichen{mt_rand (0,strlen($zeichen) - 1)};
}
return $name_neu;
}
diff --git a/application/models/DbTable/PasswordRecovery.php b/application/models/DbTable/PasswordRecovery.php
new file mode 100644
index 0000000..4b8bc76
--- /dev/null
+++ b/application/models/DbTable/PasswordRecovery.php
@@ -0,0 +1,10 @@
+<?php
+
+class Application_Model_DbTable_PasswordRecovery extends Zend_Db_Table_Abstract
+{
+
+ protected $_name = 'pbs_passwordrecovery';
+
+
+}
+
diff --git a/application/models/PasswordRecovery.php b/application/models/PasswordRecovery.php
new file mode 100644
index 0000000..df307d4
--- /dev/null
+++ b/application/models/PasswordRecovery.php
@@ -0,0 +1,98 @@
+<?php
+
+class Application_Model_PasswordRecovery
+{
+ protected $_personID;
+ protected $_recoveryID;
+
+ public function __construct(array $options = null)
+ {
+ if (is_array($options)) {
+ $this->setOptions($options);
+ }
+ }
+
+ public function __set($name, $value)
+ {
+ $method = 'set' . $name;
+ if (('mapper' == $name) || !method_exists($this, $method)) {
+ throw new Exception('Invalid passwordrecovery property');
+ }
+ $this->$method($value);
+ }
+
+ public function __get($name)
+ {
+ $method = 'get' . $name;
+ if (('mapper' == $name) || !method_exists($this, $method)) {
+ throw new Exception('Invalid membership property');
+ }
+ return $this->$method();
+ }
+
+ public function setOptions(array $options)
+ {
+ $methods = get_class_methods($this);
+ foreach ($options as $key => $value) {
+ $method = 'set' . ucfirst($key);
+ if (in_array($method, $methods)) {
+ $this->$method($value);
+ }
+ }
+ return $this;
+ }
+ public function getID()
+ {
+ return $this->_personID;
+ }
+ public function setID($_personID)
+ {
+ $this->_personID = $_personID;
+ return $this;
+ }
+
+ public function getRecoveryID()
+ {
+ return $this->_recoveryID;
+ }
+ public function setRecoveryID($_recoveryID)
+ {
+ $this->_recoveryID = $_recoveryID;
+ return $this;
+ }
+ /**
+ * Returns current data as associative array using ReflectionClass
+ *
+ * @return array Returns associative array containing model data
+ * If "get"-method not available (our primary keys) the function getID() is called
+ */
+ public function toArray()
+ {
+ $reflectionClass = new ReflectionClass($this);
+ $properties = $reflectionClass->getProperties();
+ $result = array();
+ foreach ($properties as $property) {
+ $key = $property->name;
+ if (substr($key, 0, 1) != '_' && $this->$key !== null) {
+ $method = 'get' . ucfirst($key);
+ if ($reflectionClass->hasMethod($method)) {
+ $result[$key] = $this->$method();
+ } else {
+ $result[$key] = $this->$key;
+ }
+ }
+ elseif(substr($key, 0, 1) == '_' && $this->$key !== null) {
+ $key = substr($key, 1);
+ $method = 'get' . ucfirst($key);
+ if ($reflectionClass->hasMethod($method)) {
+ $result[$key] = $this->$method();
+ }else{
+ $result[$key] = $this->getID();
+ }
+
+ }
+ }
+ return $result;
+ }
+
+} \ No newline at end of file
diff --git a/application/models/PasswordRecoveryMapper.php b/application/models/PasswordRecoveryMapper.php
new file mode 100644
index 0000000..bfe16e8
--- /dev/null
+++ b/application/models/PasswordRecoveryMapper.php
@@ -0,0 +1,103 @@
+<?php
+
+class Application_Model_PasswordRecoveryMapper
+{
+ protected $_dbTable;
+
+ public function findBy($criteria, $value)
+ {
+ try{
+ $db = Zend_Db_Table::getDefaultAdapter();
+ $select = $this->getDbTable()->select()
+ ->from($this->_dbTable)
+ ->where($criteria . ' = ?', $value);
+ $stmt = $select->query();
+ $result = $stmt->fetchAll();
+ return $result;
+ }catch (Zend_Exception $e) {
+ echo "Error message 2: " . $e->getMessage() . "\n";
+ }
+ }
+
+ public function setDbTable($dbTable)
+ {
+ if (is_string($dbTable)) {
+ $dbTable = new $dbTable();
+ }
+
+ if (!$dbTable instanceof Zend_Db_Table_Abstract) {
+ throw new Exception('Invalid table data gateway provided');
+ }
+
+ $this->_dbTable = $dbTable;
+
+ return $this;
+ }
+
+ public function getDbTable()
+ {
+ if (null === $this->_dbTable) {
+ $this->setDbTable('Application_Model_DbTable_PasswordRecovery');
+ }
+
+ return $this->_dbTable;
+ }
+
+ public function save(Application_Model_PasswordRecovery $passwordrecovery)
+ {
+
+ $data = array('personID'=> $passwordrecovery->getID() ,'recoveryID'=> $passwordrecovery->getRecoveryID() );
+
+ if (null === ($id = $passwordrecovery->getID()) ) {
+ return;
+ } else {
+ $passwordRecoveryFound = $this->find($passwordrecovery->getID());
+ if(is_object($passwordRecoveryFound)) {
+ $personIDFound = $passwordRecoveryFound->getID();
+ }
+ if(isset($personIDFound)) {
+ $this->getDbTable()->update($data, array('personID = ?' => $passwordrecovery->getID()));
+ } else {
+ $this->getDbTable()->insert($data);
+ }
+ }
+ }
+
+ public function delete(Application_Model_PasswordRecovery $passwordrecovery)
+ {
+ if (null === ($id = $passwordrecovery->getID()) ) {
+ return;
+ } else {
+ $this->getDbTable()->delete(array('personID = ?' => $id));
+ }
+ }
+
+ public function find($id)
+ {
+ $result = $this->getDbTable()->find($id);
+ if (0 == count($result)) {
+ return;
+ }
+
+ $row = $result->current();
+
+ $passwordrecovery = new Application_Model_PasswordRecovery();
+ $passwordrecovery->setID($row->personID)->setRecoveryID($row->recoveryID);
+ return $passwordrecovery;
+ }
+
+ public function fetchAll()
+ {
+ $resultSet = $this->getDbTable()->fetchAll();
+ $entries = array();
+ foreach ($resultSet as $row) {
+ $entry = new Application_Model_PasswordRecovery();
+
+ $entry->setID($row->personID)->setRecoveryID($row->recoveryID);
+
+ $entries[] = $entry;
+ }
+ return $entries;
+ }
+}
+
diff --git a/application/modules/dev/controllers/AuthController.php b/application/modules/dev/controllers/AuthController.php
index b237e38..41952a2 100644
--- a/application/modules/dev/controllers/AuthController.php
+++ b/application/modules/dev/controllers/AuthController.php
@@ -117,31 +117,89 @@ class dev_AuthController extends Zend_Controller_Action
public function recoverpasswordAction()
{
- if (!isset($_POST["recoverPassword"])){
- $recoverPasswordForm = new dev_Form_AuthRecoverPassword();
+ if (isset($_POST["savePassword"])){
+ $personID = $_POST['personID'];
+ $recoverPasswordForm = new dev_Form_NewPassword(array("personID" => $personID, $_POST));
+ if ($recoverPasswordForm->isValid($_POST)) {
+ $this->personmapper = new Application_Model_PersonMapper();
+ $person = $this->personmapper->find($personID);
+ $date = new DateTime();
+ $person->setPassword($_POST['password']);
+ $person->setPasswordSalt(MD5($date->getTimestamp()));
+ $person->setPassword(MD5($person->getPassword() . $person->getPasswordSalt()));
+ try {
+ $this->personmapper->save($person);
+ } catch(Zend_Exception $e)
+ {
+ echo "Caught exception: " . get_class($e) . "<br/>";
+ echo "Message: " . $e->getMessage() . "<br/>";
+ echo "Email Address already existing.";
+ return;
+ }
+ $this->_helper->redirector('login', 'auth');
+ return;
+ }
+ } else if(isset($_GET['recoveryid'])) {
+ $recoveryid = $_GET['recoveryid'];
+ $passwordRecoveryMapper = new Application_Model_PasswordRecoveryMapper();
+ $passwordRecovery = $passwordRecoveryMapper->findBy("recoveryID", $recoveryid);
+ if(count($passwordRecovery) > 0) {
+ $passwordRecoveryObject = new Application_Model_PasswordRecovery();
+ $passwordRecoveryObject->setID($passwordRecovery[0]['personID']);
+ $passwordRecoveryObject->setRecoveryID($passwordRecovery[0]['recoveryID']);
+ $personID = $passwordRecoveryObject->getID();
+ $recoverPasswordForm = new dev_Form_NewPassword(array("personID" => $personID));
+ try {
+ $passwordRecoveryMapper->delete($passwordRecoveryObject);
+ } catch(Zend_Exception $e)
+ {
+ echo "Caught exception: " . get_class($e) . "<br/>";
+ echo "Message: " . $e->getMessage() . "<br/>";
+ return;
+ }
+ } else {
+ $this->_helper->redirector('login', 'auth');
+ return;
+ }
} else {
- $recoverPasswordForm = new dev_Form_AuthRecoverPassword($_POST);
- # Wiederherstellung funktioniert noch nicht!!!
- /*if ($recoverPasswordForm->isValid($_POST)) {
- $recoverPasswordForm->getView()->url();
- $person = new Application_Model_Person($_POST);
- $this->personmapper = new Application_Model_PersonMapper();
-
- $result = $this->personmapper->findBy('email', $_POST['email']);
- $email = $result[0]['email'];
- $name = $result[0]['firstname'] . ' ' . $result[0]['name'];
- $url = $this->getRequest()->getScheme() . '://' . $this->getRequest()->getHttpHost() . $this->view->url();
- $recoverid = $this->random(100);
- $mailbody = 'Um das Passwort zu ändern klicken Sie auf folgenden Link<br /><br /><a href="'. $url . '/auth/recoverpassword/?recoverid='. $recoverid . '">Passwort ändern</a>';
- $mail = new Zend_Mail();
- $mail->setBodyHtml($mailbody, 'utf8');
- $mail->getBodyHtml()->getContent();
- $mail->setFrom('admin@local', 'Admin');
- $mail->addTo($email, $name);
- $mail->setSubject('Password Wiederherstellung Preboot Server');
- $mail->send();
+ if (!isset($_POST["recoverPassword"])){
+ $recoverPasswordForm = new dev_Form_AuthRecoverPassword();
+ } else {
+ $recoverPasswordForm = new dev_Form_AuthRecoverPassword($_POST);
+ if ($recoverPasswordForm->isValid($_POST)) {
+ $recoverPasswordForm->getView()->url();
+ $this->personmapper = new Application_Model_PersonMapper();
+ $result = $this->personmapper->findBy('email', $_POST['email']);
+ $person = new Application_Model_Person($result[0]);
+ $person->setID($result[0]['personID']);
+ $email = $person->getEmail();
+ $name = $person->getFirstname() . ' ' . $person->getName();
+ $url = $this->getRequest()->getScheme() . '://' . $this->getRequest()->getHttpHost() . $this->view->url();
+ $recoveryid = randomString(100);
+ $mailbody = 'Um das Passwort zu ändern klicken Sie auf folgenden Link<br /><br /><a href="'. $url . '/auth/recoverpassword/?recoveryid='. $recoveryid . '">Passwort ändern</a>';
+ $mail = new Zend_Mail();
+ $mail->setBodyHtml($mailbody, 'utf8');
+ $mail->getBodyHtml()->getContent();
+ $mail->setFrom('admin@local', 'Admin');
+ $mail->addTo($email, $name);
+ $mail->setSubject('Password Wiederherstellung Preboot Server');
+ $passwordRecoveryMapper = new Application_Model_PasswordRecoveryMapper();
+ $passwordRecoveryObject = new Application_Model_PasswordRecovery();
+ $passwordRecoveryObject->setID($person->getID());
+ $passwordRecoveryObject->setRecoveryID($recoveryid);
+ try {
+ $passwordRecoveryMapper->save($passwordRecoveryObject);
+ $mail->send();
+ }catch(Zend_Exception $e)
+ {
+ echo "Caught exception: " . get_class($e) . "<br/>";
+ echo "Message: " . $e->getMessage() . "<br/>";
+ return;
+ }
+ $this->_helper->redirector('login', 'auth');
+ return;
+ }
}
- */
}
$this->view->recoverPasswordForm = $recoverPasswordForm;
}
diff --git a/application/modules/dev/forms/NewPassword.php b/application/modules/dev/forms/NewPassword.php
new file mode 100644
index 0000000..1023708
--- /dev/null
+++ b/application/modules/dev/forms/NewPassword.php
@@ -0,0 +1,37 @@
+<?php
+
+class dev_Form_NewPassword extends Zend_Form
+{
+ private $personID;
+
+ public function setPersonID($personID){
+ $this->personID = $personID;
+ }
+
+ public function init()
+ {
+ $this->setName("NewPassword");
+ $this->setMethod('post');
+
+ $this->addElement('hidden', 'personID', array(
+ 'value' => $this->personID
+ ));
+
+ $this->addElement('password', 'password', array(
+ 'filters' => array('StringTrim'),
+ 'validators' => array(
+ array('StringLength', false, array(0, 50)),
+ ),
+ 'required' => true,
+ 'label' => 'Password:',
+ ));
+
+ $this->addElement('submit', 'savePassword', array(
+ 'required' => false,
+ 'ignore' => true,
+ 'label' => 'Save',
+ ));
+ }
+
+
+} \ No newline at end of file
diff --git a/application/modules/user/controllers/AuthController.php b/application/modules/user/controllers/AuthController.php
index ff5893f..4bfc093 100644
--- a/application/modules/user/controllers/AuthController.php
+++ b/application/modules/user/controllers/AuthController.php
@@ -15,7 +15,6 @@ class User_AuthController extends Zend_Controller_Action
public function indexAction()
{
- // action body
$membershipID = $this->_request->getParam('membershipID');
if($membershipID == ''){
$_SESSION['membershipID'] = 1;
@@ -150,31 +149,89 @@ class User_AuthController extends Zend_Controller_Action
public function recoverpasswordAction()
{
- if (!isset($_POST["recoverPassword"])){
- $recoverPasswordForm = new user_Form_RecoverPassword();
+ if (isset($_POST["savePassword"])){
+ $personID = $_POST['personID'];
+ $recoverPasswordForm = new user_Form_NewPassword(array("personID" => $personID, $_POST));
+ if ($recoverPasswordForm->isValid($_POST)) {
+ $this->personmapper = new Application_Model_PersonMapper();
+ $person = $this->personmapper->find($personID);
+ $date = new DateTime();
+ $person->setPassword($_POST['password']);
+ $person->setPasswordSalt(MD5($date->getTimestamp()));
+ $person->setPassword(MD5($person->getPassword() . $person->getPasswordSalt()));
+ try {
+ $this->personmapper->save($person);
+ } catch(Zend_Exception $e)
+ {
+ echo "Caught exception: " . get_class($e) . "<br/>";
+ echo "Message: " . $e->getMessage() . "<br/>";
+ echo "Email Address already existing.";
+ return;
+ }
+ $this->_helper->redirector('login', 'auth');
+ return;
+ }
+ } else if(isset($_GET['recoveryid'])) {
+ $recoveryid = $_GET['recoveryid'];
+ $passwordRecoveryMapper = new Application_Model_PasswordRecoveryMapper();
+ $passwordRecovery = $passwordRecoveryMapper->findBy("recoveryID", $recoveryid);
+ if(count($passwordRecovery) > 0) {
+ $passwordRecoveryObject = new Application_Model_PasswordRecovery();
+ $passwordRecoveryObject->setID($passwordRecovery[0]['personID']);
+ $passwordRecoveryObject->setRecoveryID($passwordRecovery[0]['recoveryID']);
+ $personID = $passwordRecoveryObject->getID();
+ $recoverPasswordForm = new user_Form_NewPassword(array("personID" => $personID));
+ try {
+ $passwordRecoveryMapper->delete($passwordRecoveryObject);
+ } catch(Zend_Exception $e)
+ {
+ echo "Caught exception: " . get_class($e) . "<br/>";
+ echo "Message: " . $e->getMessage() . "<br/>";
+ return;
+ }
+ } else {
+ $this->_helper->redirector('login', 'auth');
+ return;
+ }
} else {
- $recoverPasswordForm = new user_Form_RecoverPassword($_POST);
- # Wiederherstellung funktioniert noch nicht!!!
- /*if ($recoverPasswordForm->isValid($_POST)) {
- $recoverPasswordForm->getView()->url();
- $person = new Application_Model_Person($_POST);
- $this->personmapper = new Application_Model_PersonMapper();
-
- $result = $this->personmapper->findBy('email', $_POST['email']);
- $email = $result[0]['email'];
- $name = $result[0]['firstname'] . ' ' . $result[0]['name'];
- $url = $this->getRequest()->getScheme() . '://' . $this->getRequest()->getHttpHost() . $this->view->url();
- $recoverid = $this->random(100);
- $mailbody = 'Um das Passwort zu ändern klicken Sie auf folgenden Link<br /><br /><a href="'. $url . '/auth/recoverpassword/?recoverid='. $recoverid . '">Passwort ändern</a>';
- $mail = new Zend_Mail();
- $mail->setBodyHtml($mailbody, 'utf8');
- $mail->getBodyHtml()->getContent();
- $mail->setFrom('admin@local', 'Admin');
- $mail->addTo($email, $name);
- $mail->setSubject('Password Wiederherstellung Preboot Server');
- $mail->send();
+ if (!isset($_POST["recoverPassword"])){
+ $recoverPasswordForm = new user_Form_RecoverPassword();
+ } else {
+ $recoverPasswordForm = new user_Form_RecoverPassword($_POST);
+ if ($recoverPasswordForm->isValid($_POST)) {
+ $recoverPasswordForm->getView()->url();
+ $this->personmapper = new Application_Model_PersonMapper();
+ $result = $this->personmapper->findBy('email', $_POST['email']);
+ $person = new Application_Model_Person($result[0]);
+ $person->setID($result[0]['personID']);
+ $email = $person->getEmail();
+ $name = $person->getFirstname() . ' ' . $person->getName();
+ $url = $this->getRequest()->getScheme() . '://' . $this->getRequest()->getHttpHost() . $this->view->url();
+ $recoveryid = randomString(100);
+ $mailbody = 'Um das Passwort zu ändern klicken Sie auf folgenden Link<br /><br /><a href="'. $url . '/auth/recoverpassword/?recoveryid='. $recoveryid . '">Passwort ändern</a>';
+ $mail = new Zend_Mail();
+ $mail->setBodyHtml($mailbody, 'utf8');
+ $mail->getBodyHtml()->getContent();
+ $mail->setFrom('admin@local', 'Admin');
+ $mail->addTo($email, $name);
+ $mail->setSubject('Password Wiederherstellung Preboot Server');
+ $passwordRecoveryMapper = new Application_Model_PasswordRecoveryMapper();
+ $passwordRecoveryObject = new Application_Model_PasswordRecovery();
+ $passwordRecoveryObject->setID($person->getID());
+ $passwordRecoveryObject->setRecoveryID($recoveryid);
+ try {
+ $passwordRecoveryMapper->save($passwordRecoveryObject);
+ $mail->send();
+ }catch(Zend_Exception $e)
+ {
+ echo "Caught exception: " . get_class($e) . "<br/>";
+ echo "Message: " . $e->getMessage() . "<br/>";
+ return;
+ }
+ $this->_helper->redirector('login', 'auth');
+ return;
+ }
}
- */
}
$this->view->recoverPasswordForm = $recoverPasswordForm;
}
diff --git a/application/modules/user/forms/NewPassword.php b/application/modules/user/forms/NewPassword.php
new file mode 100644
index 0000000..5b86eab
--- /dev/null
+++ b/application/modules/user/forms/NewPassword.php
@@ -0,0 +1,38 @@
+<?php
+
+class user_Form_NewPassword extends Zend_Form
+{
+ private $personID;
+
+ public function setPersonID($personID){
+ $this->personID = $personID;
+ }
+
+ public function init()
+ {
+ $this->setName("NewPassword");
+ $this->setMethod('post');
+
+ $this->addElement('hidden', 'personID', array(
+ 'value' => $this->personID
+ ));
+
+ $this->addElement('password', 'password', array(
+ 'filters' => array('StringTrim'),
+ 'validators' => array(
+ array('StringLength', false, array(0, 50)),
+ ),
+ 'required' => true,
+ 'label' => 'Password:',
+ ));
+
+ $this->addElement('submit', 'savePassword', array(
+ 'required' => false,
+ 'ignore' => true,
+ 'label' => 'Save',
+ ));
+ }
+
+
+}
+
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-07-01 21:14:44 +0200