diff options
Diffstat (limited to 'application')
-rw-r--r-- | application/Functions.php | 4 | ||||
-rw-r--r-- | application/models/DbTable/PasswordRecovery.php | 10 | ||||
-rw-r--r-- | application/models/PasswordRecovery.php | 98 | ||||
-rw-r--r-- | application/models/PasswordRecoveryMapper.php | 103 | ||||
-rw-r--r-- | application/modules/dev/controllers/AuthController.php | 104 | ||||
-rw-r--r-- | application/modules/dev/forms/NewPassword.php | 37 | ||||
-rw-r--r-- | application/modules/user/controllers/AuthController.php | 105 | ||||
-rw-r--r-- | application/modules/user/forms/NewPassword.php | 38 |
8 files changed, 450 insertions, 49 deletions
diff --git a/application/Functions.php b/application/Functions.php index 3ffc39b..6535404 100644 --- a/application/Functions.php +++ b/application/Functions.php @@ -1,11 +1,11 @@ <?php -function random($name_laenge) { +function randomString($name_laenge = 16) { $zeichen = "abcedfghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRTSUVWXYZ0123456789"; $name_neu = ""; mt_srand ((double) microtime() * 1000000); for ($i = 0; $i < $name_laenge; $i++ ) { - $name_neu .= $zeichen{mt_rand (0,strlen($zeichen))}; + $name_neu .= $zeichen{mt_rand (0,strlen($zeichen) - 1)}; } return $name_neu; } diff --git a/application/models/DbTable/PasswordRecovery.php b/application/models/DbTable/PasswordRecovery.php new file mode 100644 index 0000000..4b8bc76 --- /dev/null +++ b/application/models/DbTable/PasswordRecovery.php @@ -0,0 +1,10 @@ +<?php + +class Application_Model_DbTable_PasswordRecovery extends Zend_Db_Table_Abstract +{ + + protected $_name = 'pbs_passwordrecovery'; + + +} + diff --git a/application/models/PasswordRecovery.php b/application/models/PasswordRecovery.php new file mode 100644 index 0000000..df307d4 --- /dev/null +++ b/application/models/PasswordRecovery.php @@ -0,0 +1,98 @@ +<?php + +class Application_Model_PasswordRecovery +{ + protected $_personID; + protected $_recoveryID; + + public function __construct(array $options = null) + { + if (is_array($options)) { + $this->setOptions($options); + } + } + + public function __set($name, $value) + { + $method = 'set' . $name; + if (('mapper' == $name) || !method_exists($this, $method)) { + throw new Exception('Invalid passwordrecovery property'); + } + $this->$method($value); + } + + public function __get($name) + { + $method = 'get' . $name; + if (('mapper' == $name) || !method_exists($this, $method)) { + throw new Exception('Invalid membership property'); + } + return $this->$method(); + } + + public function setOptions(array $options) + { + $methods = get_class_methods($this); + foreach ($options as $key => $value) { + $method = 'set' . ucfirst($key); + if (in_array($method, $methods)) { + $this->$method($value); + } + } + return $this; + } + public function getID() + { + return $this->_personID; + } + public function setID($_personID) + { + $this->_personID = $_personID; + return $this; + } + + public function getRecoveryID() + { + return $this->_recoveryID; + } + public function setRecoveryID($_recoveryID) + { + $this->_recoveryID = $_recoveryID; + return $this; + } + /** + * Returns current data as associative array using ReflectionClass + * + * @return array Returns associative array containing model data + * If "get"-method not available (our primary keys) the function getID() is called + */ + public function toArray() + { + $reflectionClass = new ReflectionClass($this); + $properties = $reflectionClass->getProperties(); + $result = array(); + foreach ($properties as $property) { + $key = $property->name; + if (substr($key, 0, 1) != '_' && $this->$key !== null) { + $method = 'get' . ucfirst($key); + if ($reflectionClass->hasMethod($method)) { + $result[$key] = $this->$method(); + } else { + $result[$key] = $this->$key; + } + } + elseif(substr($key, 0, 1) == '_' && $this->$key !== null) { + $key = substr($key, 1); + $method = 'get' . ucfirst($key); + if ($reflectionClass->hasMethod($method)) { + $result[$key] = $this->$method(); + }else{ + $result[$key] = $this->getID(); + } + + } + } + return $result; + } + +}
\ No newline at end of file diff --git a/application/models/PasswordRecoveryMapper.php b/application/models/PasswordRecoveryMapper.php new file mode 100644 index 0000000..bfe16e8 --- /dev/null +++ b/application/models/PasswordRecoveryMapper.php @@ -0,0 +1,103 @@ +<?php + +class Application_Model_PasswordRecoveryMapper +{ + protected $_dbTable; + + public function findBy($criteria, $value) + { + try{ + $db = Zend_Db_Table::getDefaultAdapter(); + $select = $this->getDbTable()->select() + ->from($this->_dbTable) + ->where($criteria . ' = ?', $value); + $stmt = $select->query(); + $result = $stmt->fetchAll(); + return $result; + }catch (Zend_Exception $e) { + echo "Error message 2: " . $e->getMessage() . "\n"; + } + } + + public function setDbTable($dbTable) + { + if (is_string($dbTable)) { + $dbTable = new $dbTable(); + } + + if (!$dbTable instanceof Zend_Db_Table_Abstract) { + throw new Exception('Invalid table data gateway provided'); + } + + $this->_dbTable = $dbTable; + + return $this; + } + + public function getDbTable() + { + if (null === $this->_dbTable) { + $this->setDbTable('Application_Model_DbTable_PasswordRecovery'); + } + + return $this->_dbTable; + } + + public function save(Application_Model_PasswordRecovery $passwordrecovery) + { + + $data = array('personID'=> $passwordrecovery->getID() ,'recoveryID'=> $passwordrecovery->getRecoveryID() ); + + if (null === ($id = $passwordrecovery->getID()) ) { + return; + } else { + $passwordRecoveryFound = $this->find($passwordrecovery->getID()); + if(is_object($passwordRecoveryFound)) { + $personIDFound = $passwordRecoveryFound->getID(); + } + if(isset($personIDFound)) { + $this->getDbTable()->update($data, array('personID = ?' => $passwordrecovery->getID())); + } else { + $this->getDbTable()->insert($data); + } + } + } + + public function delete(Application_Model_PasswordRecovery $passwordrecovery) + { + if (null === ($id = $passwordrecovery->getID()) ) { + return; + } else { + $this->getDbTable()->delete(array('personID = ?' => $id)); + } + } + + public function find($id) + { + $result = $this->getDbTable()->find($id); + if (0 == count($result)) { + return; + } + + $row = $result->current(); + + $passwordrecovery = new Application_Model_PasswordRecovery(); + $passwordrecovery->setID($row->personID)->setRecoveryID($row->recoveryID); + return $passwordrecovery; + } + + public function fetchAll() + { + $resultSet = $this->getDbTable()->fetchAll(); + $entries = array(); + foreach ($resultSet as $row) { + $entry = new Application_Model_PasswordRecovery(); + + $entry->setID($row->personID)->setRecoveryID($row->recoveryID); + + $entries[] = $entry; + } + return $entries; + } +} + diff --git a/application/modules/dev/controllers/AuthController.php b/application/modules/dev/controllers/AuthController.php index b237e38..41952a2 100644 --- a/application/modules/dev/controllers/AuthController.php +++ b/application/modules/dev/controllers/AuthController.php @@ -117,31 +117,89 @@ class dev_AuthController extends Zend_Controller_Action public function recoverpasswordAction() { - if (!isset($_POST["recoverPassword"])){ - $recoverPasswordForm = new dev_Form_AuthRecoverPassword(); + if (isset($_POST["savePassword"])){ + $personID = $_POST['personID']; + $recoverPasswordForm = new dev_Form_NewPassword(array("personID" => $personID, $_POST)); + if ($recoverPasswordForm->isValid($_POST)) { + $this->personmapper = new Application_Model_PersonMapper(); + $person = $this->personmapper->find($personID); + $date = new DateTime(); + $person->setPassword($_POST['password']); + $person->setPasswordSalt(MD5($date->getTimestamp())); + $person->setPassword(MD5($person->getPassword() . $person->getPasswordSalt())); + try { + $this->personmapper->save($person); + } catch(Zend_Exception $e) + { + echo "Caught exception: " . get_class($e) . "<br/>"; + echo "Message: " . $e->getMessage() . "<br/>"; + echo "Email Address already existing."; + return; + } + $this->_helper->redirector('login', 'auth'); + return; + } + } else if(isset($_GET['recoveryid'])) { + $recoveryid = $_GET['recoveryid']; + $passwordRecoveryMapper = new Application_Model_PasswordRecoveryMapper(); + $passwordRecovery = $passwordRecoveryMapper->findBy("recoveryID", $recoveryid); + if(count($passwordRecovery) > 0) { + $passwordRecoveryObject = new Application_Model_PasswordRecovery(); + $passwordRecoveryObject->setID($passwordRecovery[0]['personID']); + $passwordRecoveryObject->setRecoveryID($passwordRecovery[0]['recoveryID']); + $personID = $passwordRecoveryObject->getID(); + $recoverPasswordForm = new dev_Form_NewPassword(array("personID" => $personID)); + try { + $passwordRecoveryMapper->delete($passwordRecoveryObject); + } catch(Zend_Exception $e) + { + echo "Caught exception: " . get_class($e) . "<br/>"; + echo "Message: " . $e->getMessage() . "<br/>"; + return; + } + } else { + $this->_helper->redirector('login', 'auth'); + return; + } } else { - $recoverPasswordForm = new dev_Form_AuthRecoverPassword($_POST); - # Wiederherstellung funktioniert noch nicht!!! - /*if ($recoverPasswordForm->isValid($_POST)) { - $recoverPasswordForm->getView()->url(); - $person = new Application_Model_Person($_POST); - $this->personmapper = new Application_Model_PersonMapper(); - - $result = $this->personmapper->findBy('email', $_POST['email']); - $email = $result[0]['email']; - $name = $result[0]['firstname'] . ' ' . $result[0]['name']; - $url = $this->getRequest()->getScheme() . '://' . $this->getRequest()->getHttpHost() . $this->view->url(); - $recoverid = $this->random(100); - $mailbody = 'Um das Passwort zu ändern klicken Sie auf folgenden Link<br /><br /><a href="'. $url . '/auth/recoverpassword/?recoverid='. $recoverid . '">Passwort ändern</a>'; - $mail = new Zend_Mail(); - $mail->setBodyHtml($mailbody, 'utf8'); - $mail->getBodyHtml()->getContent(); - $mail->setFrom('admin@local', 'Admin'); - $mail->addTo($email, $name); - $mail->setSubject('Password Wiederherstellung Preboot Server'); - $mail->send(); + if (!isset($_POST["recoverPassword"])){ + $recoverPasswordForm = new dev_Form_AuthRecoverPassword(); + } else { + $recoverPasswordForm = new dev_Form_AuthRecoverPassword($_POST); + if ($recoverPasswordForm->isValid($_POST)) { + $recoverPasswordForm->getView()->url(); + $this->personmapper = new Application_Model_PersonMapper(); + $result = $this->personmapper->findBy('email', $_POST['email']); + $person = new Application_Model_Person($result[0]); + $person->setID($result[0]['personID']); + $email = $person->getEmail(); + $name = $person->getFirstname() . ' ' . $person->getName(); + $url = $this->getRequest()->getScheme() . '://' . $this->getRequest()->getHttpHost() . $this->view->url(); + $recoveryid = randomString(100); + $mailbody = 'Um das Passwort zu ändern klicken Sie auf folgenden Link<br /><br /><a href="'. $url . '/auth/recoverpassword/?recoveryid='. $recoveryid . '">Passwort ändern</a>'; + $mail = new Zend_Mail(); + $mail->setBodyHtml($mailbody, 'utf8'); + $mail->getBodyHtml()->getContent(); + $mail->setFrom('admin@local', 'Admin'); + $mail->addTo($email, $name); + $mail->setSubject('Password Wiederherstellung Preboot Server'); + $passwordRecoveryMapper = new Application_Model_PasswordRecoveryMapper(); + $passwordRecoveryObject = new Application_Model_PasswordRecovery(); + $passwordRecoveryObject->setID($person->getID()); + $passwordRecoveryObject->setRecoveryID($recoveryid); + try { + $passwordRecoveryMapper->save($passwordRecoveryObject); + $mail->send(); + }catch(Zend_Exception $e) + { + echo "Caught exception: " . get_class($e) . "<br/>"; + echo "Message: " . $e->getMessage() . "<br/>"; + return; + } + $this->_helper->redirector('login', 'auth'); + return; + } } - */ } $this->view->recoverPasswordForm = $recoverPasswordForm; } diff --git a/application/modules/dev/forms/NewPassword.php b/application/modules/dev/forms/NewPassword.php new file mode 100644 index 0000000..1023708 --- /dev/null +++ b/application/modules/dev/forms/NewPassword.php @@ -0,0 +1,37 @@ +<?php + +class dev_Form_NewPassword extends Zend_Form +{ + private $personID; + + public function setPersonID($personID){ + $this->personID = $personID; + } + + public function init() + { + $this->setName("NewPassword"); + $this->setMethod('post'); + + $this->addElement('hidden', 'personID', array( + 'value' => $this->personID + )); + + $this->addElement('password', 'password', array( + 'filters' => array('StringTrim'), + 'validators' => array( + array('StringLength', false, array(0, 50)), + ), + 'required' => true, + 'label' => 'Password:', + )); + + $this->addElement('submit', 'savePassword', array( + 'required' => false, + 'ignore' => true, + 'label' => 'Save', + )); + } + + +}
\ No newline at end of file diff --git a/application/modules/user/controllers/AuthController.php b/application/modules/user/controllers/AuthController.php index ff5893f..4bfc093 100644 --- a/application/modules/user/controllers/AuthController.php +++ b/application/modules/user/controllers/AuthController.php @@ -15,7 +15,6 @@ class User_AuthController extends Zend_Controller_Action public function indexAction() { - // action body $membershipID = $this->_request->getParam('membershipID'); if($membershipID == ''){ $_SESSION['membershipID'] = 1; @@ -150,31 +149,89 @@ class User_AuthController extends Zend_Controller_Action public function recoverpasswordAction() { - if (!isset($_POST["recoverPassword"])){ - $recoverPasswordForm = new user_Form_RecoverPassword(); + if (isset($_POST["savePassword"])){ + $personID = $_POST['personID']; + $recoverPasswordForm = new user_Form_NewPassword(array("personID" => $personID, $_POST)); + if ($recoverPasswordForm->isValid($_POST)) { + $this->personmapper = new Application_Model_PersonMapper(); + $person = $this->personmapper->find($personID); + $date = new DateTime(); + $person->setPassword($_POST['password']); + $person->setPasswordSalt(MD5($date->getTimestamp())); + $person->setPassword(MD5($person->getPassword() . $person->getPasswordSalt())); + try { + $this->personmapper->save($person); + } catch(Zend_Exception $e) + { + echo "Caught exception: " . get_class($e) . "<br/>"; + echo "Message: " . $e->getMessage() . "<br/>"; + echo "Email Address already existing."; + return; + } + $this->_helper->redirector('login', 'auth'); + return; + } + } else if(isset($_GET['recoveryid'])) { + $recoveryid = $_GET['recoveryid']; + $passwordRecoveryMapper = new Application_Model_PasswordRecoveryMapper(); + $passwordRecovery = $passwordRecoveryMapper->findBy("recoveryID", $recoveryid); + if(count($passwordRecovery) > 0) { + $passwordRecoveryObject = new Application_Model_PasswordRecovery(); + $passwordRecoveryObject->setID($passwordRecovery[0]['personID']); + $passwordRecoveryObject->setRecoveryID($passwordRecovery[0]['recoveryID']); + $personID = $passwordRecoveryObject->getID(); + $recoverPasswordForm = new user_Form_NewPassword(array("personID" => $personID)); + try { + $passwordRecoveryMapper->delete($passwordRecoveryObject); + } catch(Zend_Exception $e) + { + echo "Caught exception: " . get_class($e) . "<br/>"; + echo "Message: " . $e->getMessage() . "<br/>"; + return; + } + } else { + $this->_helper->redirector('login', 'auth'); + return; + } } else { - $recoverPasswordForm = new user_Form_RecoverPassword($_POST); - # Wiederherstellung funktioniert noch nicht!!! - /*if ($recoverPasswordForm->isValid($_POST)) { - $recoverPasswordForm->getView()->url(); - $person = new Application_Model_Person($_POST); - $this->personmapper = new Application_Model_PersonMapper(); - - $result = $this->personmapper->findBy('email', $_POST['email']); - $email = $result[0]['email']; - $name = $result[0]['firstname'] . ' ' . $result[0]['name']; - $url = $this->getRequest()->getScheme() . '://' . $this->getRequest()->getHttpHost() . $this->view->url(); - $recoverid = $this->random(100); - $mailbody = 'Um das Passwort zu ändern klicken Sie auf folgenden Link<br /><br /><a href="'. $url . '/auth/recoverpassword/?recoverid='. $recoverid . '">Passwort ändern</a>'; - $mail = new Zend_Mail(); - $mail->setBodyHtml($mailbody, 'utf8'); - $mail->getBodyHtml()->getContent(); - $mail->setFrom('admin@local', 'Admin'); - $mail->addTo($email, $name); - $mail->setSubject('Password Wiederherstellung Preboot Server'); - $mail->send(); + if (!isset($_POST["recoverPassword"])){ + $recoverPasswordForm = new user_Form_RecoverPassword(); + } else { + $recoverPasswordForm = new user_Form_RecoverPassword($_POST); + if ($recoverPasswordForm->isValid($_POST)) { + $recoverPasswordForm->getView()->url(); + $this->personmapper = new Application_Model_PersonMapper(); + $result = $this->personmapper->findBy('email', $_POST['email']); + $person = new Application_Model_Person($result[0]); + $person->setID($result[0]['personID']); + $email = $person->getEmail(); + $name = $person->getFirstname() . ' ' . $person->getName(); + $url = $this->getRequest()->getScheme() . '://' . $this->getRequest()->getHttpHost() . $this->view->url(); + $recoveryid = randomString(100); + $mailbody = 'Um das Passwort zu ändern klicken Sie auf folgenden Link<br /><br /><a href="'. $url . '/auth/recoverpassword/?recoveryid='. $recoveryid . '">Passwort ändern</a>'; + $mail = new Zend_Mail(); + $mail->setBodyHtml($mailbody, 'utf8'); + $mail->getBodyHtml()->getContent(); + $mail->setFrom('admin@local', 'Admin'); + $mail->addTo($email, $name); + $mail->setSubject('Password Wiederherstellung Preboot Server'); + $passwordRecoveryMapper = new Application_Model_PasswordRecoveryMapper(); + $passwordRecoveryObject = new Application_Model_PasswordRecovery(); + $passwordRecoveryObject->setID($person->getID()); + $passwordRecoveryObject->setRecoveryID($recoveryid); + try { + $passwordRecoveryMapper->save($passwordRecoveryObject); + $mail->send(); + }catch(Zend_Exception $e) + { + echo "Caught exception: " . get_class($e) . "<br/>"; + echo "Message: " . $e->getMessage() . "<br/>"; + return; + } + $this->_helper->redirector('login', 'auth'); + return; + } } - */ } $this->view->recoverPasswordForm = $recoverPasswordForm; } diff --git a/application/modules/user/forms/NewPassword.php b/application/modules/user/forms/NewPassword.php new file mode 100644 index 0000000..5b86eab --- /dev/null +++ b/application/modules/user/forms/NewPassword.php @@ -0,0 +1,38 @@ +<?php + +class user_Form_NewPassword extends Zend_Form +{ + private $personID; + + public function setPersonID($personID){ + $this->personID = $personID; + } + + public function init() + { + $this->setName("NewPassword"); + $this->setMethod('post'); + + $this->addElement('hidden', 'personID', array( + 'value' => $this->personID + )); + + $this->addElement('password', 'password', array( + 'filters' => array('StringTrim'), + 'validators' => array( + array('StringLength', false, array(0, 50)), + ), + 'required' => true, + 'label' => 'Password:', + )); + + $this->addElement('submit', 'savePassword', array( + 'required' => false, + 'ignore' => true, + 'label' => 'Save', + )); + } + + +} + |