diff options
Diffstat (limited to 'mayor-orig/www/policy/public/password')
4 files changed, 155 insertions, 0 deletions
diff --git a/mayor-orig/www/policy/public/password/changeMyPassword-pre.php b/mayor-orig/www/policy/public/password/changeMyPassword-pre.php new file mode 100644 index 00000000..f7c68879 --- /dev/null +++ b/mayor-orig/www/policy/public/password/changeMyPassword-pre.php @@ -0,0 +1,69 @@ +<?php + + if (_RIGHTS_OK !== true) die(); + + $toPolicy = readVariable($_REQUEST['toPolicy'], 'enum', 'private', $POLICIES); + $userAccount = readVariable($_REQUEST['userAccount'], 'emptystringnull', (defined('_USERACCOUNT'))?_USERACCOUNT:null); + + if (file_exists(_CONFIGDIR."/$toPolicy-conf.php")) { + require_once(_CONFIGDIR."/$toPolicy-conf.php"); + } + + if ($AUTH[$toPolicy]['enableSelfPasswordChange']) { + + // Az elküldött név+jelszó ellenőrzése + if ($action == 'changePassword') { + + + require_once('include/modules/auth/base/login.php'); + + if (file_exists('include/backend/'.$AUTH[$toPolicy]['backend'].'/session/base.php')) { + require_once('include/backend/'.$AUTH[$toPolicy]['backend'].'/session/base.php'); + } + if (file_exists('include/backend/'.$AUTH[$toPolicy]['backend'].'/password/changePassword.php')) { + require_once('include/backend/'.$AUTH[$toPolicy]['backend'].'/password/changePassword.php'); + } + if (file_exists('include/backend/'.$AUTH[$toPolicy]['backend'].'/auth/login.php')) { + require_once('include/backend/'.$AUTH[$toPolicy]['backend'].'/auth/login.php'); + } + + $userPassword = readVariable($_POST['userPassword'], 'emptystringnull'); + $newPassword = readVariable($_POST['newPassword'], 'emptystringnull'); + $verification = readVariable($_POST['verification'], 'emptystringnull'); + + if ($verification == '' or $newPassword == '') { + $_SESSION['alert'][] = 'message:empty_field'; + } elseif ($verification != $newPassword) { + $_SESSION['alert'][] = 'message:pw_not_match'; + } elseif ($userPassword == $newPassword) { + $_SESSION['alert'][] = 'message:pw_not_changed'; + } else { + + $result = userAuthentication($userAccount, $userPassword, $accountInformation, $toPolicy); + if ($result >= _AUTH_FAILURE) { + $_SESSION['alert'][] = 'message:auth_failure'; // megj: a hibaüzenetet a userAuthentication egyébként generálja. kell ez? + } else { + + if (changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy)) { +// Újra be kell jelentkezni mindenképp... +// updateSessionPassword($userAccount, $toPolicy, $verification); +// if (validUser($sessionID,$policy)) +// header('Location: '.location("index.php?policy=$toPolicy&sessionID=".$sessionID, array('alert'))); +// else + header('Location: '.location("index.php?page=auth&f=login&toPolicy=$toPolicy", array('alert'))); + } else { + $_SESSION['alert'][] = 'message:pw_change_failed'; + } + } + + } + + } // action + + } else { + + $_SESSION['alert'][] = 'page:pw_change_disabled'; + + } + +?> diff --git a/mayor-orig/www/policy/public/password/changeMyPassword.php b/mayor-orig/www/policy/public/password/changeMyPassword.php new file mode 100644 index 00000000..29ebbf10 --- /dev/null +++ b/mayor-orig/www/policy/public/password/changeMyPassword.php @@ -0,0 +1,9 @@ +<?php + + if (_RIGHTS_OK !== true) die(); + + global $userAccount, $toPolicy; + + putChangePasswordForm($userAccount, $toPolicy); + +?> diff --git a/mayor-orig/www/policy/public/password/resetPassword-pre.php b/mayor-orig/www/policy/public/password/resetPassword-pre.php new file mode 100644 index 00000000..3590f27a --- /dev/null +++ b/mayor-orig/www/policy/public/password/resetPassword-pre.php @@ -0,0 +1,68 @@ +<?php + if (_RIGHTS_OK !== true) die(); + + $selector = readVariable($_POST['selector'], 'string', readVariable($_GET['selector'], 'hexa', null)); + $validator = readVariable($_POST['validator'], 'string', readVariable($_GET['validator'], 'hexa', null)); + + if ($validator!='') { + $q = "SELECT * FROM accountRecovery WHERE selector = '%s' AND expires >= NOW()"; + $r = db_query($q, array('debug'=>false,'fv'=>'getPasswordRecoveryRequest','modul'=>'login','result'=>'record','values'=>array($selector))); + } + if (!is_array($r)) { + $_SESSION['alert']['page'] = 'message:wrong_data:A jelszó-helyreállítási kérelem nem létezik, vagy lejárt!'; + } else { + + $calc = hash('sha256', hex2bin($validator)); + if (hash_equals($calc, $r['token'])) { + // The reset token is valid. Authenticate the user. + //dump($r); + $ADAT = $r; + $ADAT['validator'] = $validator; + + $toPolicy = $r['policy']; + $userAccount = $r['userAccount']; + + if (file_exists(_CONFIGDIR."/$toPolicy-conf.php")) { + require_once(_CONFIGDIR."/$toPolicy-conf.php"); + } + + if ($AUTH[$toPolicy]['enablePasswordReset']) { + + if ($action == 'resetPassword') { + + if (file_exists('include/backend/'.$AUTH[$toPolicy]['backend'].'/session/base.php')) { + require_once('include/backend/'.$AUTH[$toPolicy]['backend'].'/session/base.php'); + } + if (file_exists('include/backend/'.$AUTH[$toPolicy]['backend'].'/password/changePassword.php')) { + require_once('include/backend/'.$AUTH[$toPolicy]['backend'].'/password/changePassword.php'); + } + + $newPassword = readVariable($_POST['newPassword'], 'emptystringnull'); + $verification = readVariable($_POST['verification'], 'emptystringnull'); + + if ($verification == '' or $newPassword == '') { + $_SESSION['alert'][] = 'message:empty_field'; + } elseif ($verification != $newPassword) { + $_SESSION['alert'][] = 'message:pw_not_match'; + } else { + if (changePassword($userAccount, $newPassword, $toPolicy)) { + $q = "DELETE FROM accountRecovery WHERE userAccount = '%s'"; + db_query($q, array('debug'=>false,'fv'=>'getPasswordRecoveryRequest','modul'=>'login','result'=>'delete','values'=>array($userAccount))); + header('Location: '.location("index.php?page=auth&f=login&toPolicy=$toPolicy", array('alert'))); + } else { + $_SESSION['alert'][] = 'message:pw_change_failed'; + } + } + } + + } else { + $_SESSION['alert'][] = 'page:pw_reset_disabled'; + } + + } else { + $_SESSION['alert']['page'] = 'message:insufficient_access:A jelszó-helyreállítási kérelem nem érvényes!'; + } + + } + +?> diff --git a/mayor-orig/www/policy/public/password/resetPassword.php b/mayor-orig/www/policy/public/password/resetPassword.php new file mode 100644 index 00000000..eaefcc8c --- /dev/null +++ b/mayor-orig/www/policy/public/password/resetPassword.php @@ -0,0 +1,9 @@ +<?php + + if (_RIGHTS_OK !== true) die(); + + global $ADAT; + + if ($ADAT['userAccount']!='') putResetPasswordForm($ADAT); + +?> |