There are no available options for this view.

Parent Directory Parent Directory | Revision Log Revision Log

Revision 20992 - (show annotations) (download) (as text)
Sun Apr 1 20:10:53 2012 UTC (9 days, 20 hours ago) by bharat
File MIME type: text/x-povray
File size: 9293 byte(s)
Switch over to using Joomla's new random number implementation.
1 <?php
2 /*
3 * Gallery - a web based photo album viewer and editor
4 * Copyright (C) 2000-2008 Bharat Mediratta
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or (at
9 * your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
19 */
20
21 GalleryCoreApi::requireOnce('modules/core/classes/helpers/UserRecoverPasswordHelper_simple.class');
22
23 /**
24 * This controller will handle the recovery of passwords that have been lost or forgotten
25 * by the user.
26 * @package GalleryCore
27 * @subpackage UserInterface
28 * @author Jay Rossiter <cryptographite@users.sf.net>
29 * @version $Revision$
30 */
31 class UserRecoverPasswordController extends GalleryController {
32 /**
33 * ValidationPlugin instances to use when handling this request. Only used by test code.
34 *
35 * @var array (pluginId => ValidationPlugin) $_pluginInstances
36 * @access private
37 */
38 var $_pluginInstances;
39
40 /**
41 * Tests can use this method to hardwire a specific set of plugin instances to use.
42 * This avoids situations where some of the option instances will do unpredictable
43 * things and derail the tests.
44 *
45 * @param array $pluginInstances of GalleryValidationPlugin
46 */
47 function setPluginInstances($pluginInstances) {
48 $this->_pluginInstances = $pluginInstances;
49 }
50
51 /**
52 * @see GalleryController::handleRequest
53 */
54 function handleRequest($form) {
55 global $gallery;
56
57 $status = $error = $results = array();
58
59 $phpVm = $gallery->getPhpVm();
60 if (isset($form['action']['recover'])) {
61 $form['userName'] = is_string($form['userName']) ? $form['userName'] : null;
62 if (empty($form['userName'])) {
63 $error[] = 'form[error][userName][missing]';
64 }
65
66 /* If no errors have been detected, let the validation plugins do their work */
67 if (empty($error)) {
68 if (isset($this->_pluginInstances)) {
69 $pluginInstances = $this->_pluginInstances;
70 } else {
71 /* Get all the validation plugins */
72 list ($ret, $pluginInstances) =
73 GalleryCoreApi::getAllFactoryImplementationIds('GalleryValidationPlugin');
74 if ($ret) {
75 return array($ret, null);
76 }
77
78 foreach (array_keys($pluginInstances) as $pluginId) {
79 list ($ret, $pluginInstances[$pluginId]) =
80 GalleryCoreApi::newFactoryInstanceById('GalleryValidationPlugin',
81 $pluginId);
82 if ($ret) {
83 return array($ret, null);
84 }
85 }
86 }
87
88 /* Let each plugin do its verification */
89 foreach ($pluginInstances as $plugin) {
90 list ($ret, $pluginErrors, $continue) = $plugin->performValidation($form);
91 if ($ret) {
92 return array($ret, null);
93 }
94
95 $error = array_merge($error, $pluginErrors);
96 if (!$continue) {
97 break;
98 }
99 }
100 }
101
102 /*
103 * Still no errors? Check the DB for a previous request and then
104 * update, reject or add based on the results.
105 */
106 $shouldSendEmail = false;
107 if (empty($error)) {
108 list ($ret, $user) = GalleryCoreApi::fetchUserByUsername($form['userName']);
109 if ($ret && !($ret->getErrorCode() & ERROR_MISSING_OBJECT)) {
110 return array($ret, null);
111 }
112
113 if (isset($user) && $user->getEmail() != '') {
114 /* Generate a unique auth string based on userName, time of request and IP */
115 $authString = $this->_generateAuthString();
116
117 /* Generate the request expiration: Now + 7 Days */
118 $requestExpires = mktime(date('G'), date('i'), date('s'),
119 date('m'), date('d')+7, date('Y'));
120
121 /*
122 * Check the database to see if a previous request.
123 * If a request exists, check the timestamp to see if a new
124 * request can be generated, or if they will be denied
125 * because the window is too small.
126 */
127 list ($ret, $lastRequest) = UserRecoverPasswordHelper_simple::getRequestExpires(
128 $user->getUserName(), null);
129 if ($ret) {
130 return array($ret, null);
131 }
132
133 /*
134 * This request was made less than 20 minutes ago. Don't update the auth
135 * string. We'll silently succeed to thwart phishing attempts.
136 */
137 if (!empty($lastRequest)) {
138 if (($lastRequest - (7 * 24 * 60 * 60) + (20 * 60)) < time()) {
139 $ret = GalleryCoreApi::updateMapEntry(
140 'GalleryRecoverPasswordMap',
141 array('userName' => $user->getUserName()),
142 array('authString' => $authString,
143 'requestExpires' => $requestExpires));
144 $shouldSendEmail = true;
145 }
146 } else {
147 /*
148 * Add the map entry before sending email to the user -
149 * We don't want to send them mail if the data never gets into the DB
150 */
151 $ret = GalleryCoreApi::addMapEntry(
152 'GalleryRecoverPasswordMap',
153 array('userName' => $form['userName'],
154 'authString' => $authString,
155 'requestExpires' => $requestExpires));
156 if ($ret) {
157 return array($ret, null);
158 }
159 $shouldSendEmail = true;
160 }
161
162 if (empty($error) && $shouldSendEmail) {
163 /* Generate baseUrl and recoverUrl for the email template */
164 $generator =& $gallery->getUrlGenerator();
165 $baseUrl = $generator->generateUrl(array(),
166 array('forceFullUrl' => true, 'htmlEntities' => false,
167 'forceSessionId' => false));
168 $recoverUrl = $generator->generateUrl(
169 array('view' => 'core.UserAdmin',
170 'subView' => 'core.UserRecoverPasswordConfirm',
171 'userName' => $user->getUserName(),
172 'authString' => $authString),
173 array('forceFullUrl' => true, 'htmlEntities' => false,
174 'forceSessionId' => false));
175
176 /* email template data */
177 $tplData = array('name' => $user->getfullName(),
178 'baseUrl' => $baseUrl,
179 'ip' => GalleryUtilities::getRemoteHostAddress(),
180 'date' => date('r'),
181 'userName' => $user->getUserName(),
182 'recoverUrl' => $recoverUrl,
183 );
184
185 /* Load core for translation */
186 list ($ret, $module) = GalleryCoreApi::loadPlugin('module', 'core');
187 if ($ret) {
188 return array($ret, null);
189 }
190
191 /* Send the user email based on our confirmation template */
192 $ret = GalleryCoreApi::sendTemplatedEmail(
193 'modules/core/templates/UserRecoverPasswordEmail.tpl',
194 $tplData, '', $user->getEmail(),
195 $module->translate('Password Recovery'));
196 if ($ret) {
197 return array($ret, null);
198 }
199 }
200
201 /* Set the recovered info flag */
202 $status['requestSent'] = 1;
203 } else {
204 /* Silently succeed; we don't reward phishing attempts */
205 /* Set the recovered info flag */
206 $status['requestSent'] = 1;
207 }
208 }
209 } else if (isset($form['action']['cancel'])) {
210 $results['return'] = 1;
211 }
212
213 if (empty($subView)) {
214 $subView = 'core.UserRecoverPassword';
215 }
216
217 if (empty($error)) {
218 $results['redirect']['view'] = 'core.UserAdmin';
219 $results['redirect']['subView'] = $subView;
220 } else {
221 $results['delegate']['view'] = 'core.UserAdmin';
222 $results['delegate']['subView'] = $subView;
223 }
224
225 $results['status'] = $status;
226 $results['error'] = $error;
227
228 return array(null, $results);
229 }
230
231 /**
232 * Generate the authorization string used for login.txt
233 * @access private
234 */
235 function _generateAuthString() {
236 GalleryCoreApi::requireOnce('lib/joomla/crypt.php');
237 $j = new JCrypt();
238 return md5($j->genRandomBytes(32));
239 }
240 }
241
242 /**
243 * This view shows information about password recovery
244 */
245 class UserRecoverPasswordView extends GalleryView {
246
247 /**
248 * @see GalleryView::loadTemplate
249 */
250 function loadTemplate(&$template, &$form) {
251 global $gallery;
252
253 if ($form['formName'] == 'UserRecoverPassword') {
254 if (empty($form['userName'])) {
255 $form['error']['userName']['missing'] = 1;
256 }
257 } else {
258 $form['userName'] = '';
259 $form['formName'] = 'UserRecoverPassword';
260 }
261
262 $UserRecoverPassword = array();
263
264 /* Get all the login plugins */
265 list ($ret, $allPluginIds) =
266 GalleryCoreApi::getAllFactoryImplementationIds('GalleryValidationPlugin');
267 if ($ret) {
268 return array($ret, null);
269 }
270
271 /* Let each plugin load its template data */
272 $UserRecoverPassword['plugins'] = array();
273 foreach (array_keys($allPluginIds) as $pluginId) {
274 list ($ret, $plugin) =
275 GalleryCoreApi::newFactoryInstanceById('GalleryValidationPlugin', $pluginId);
276 if ($ret) {
277 return array($ret, null);
278 }
279
280 list ($ret, $data['file'], $data['l10Domain']) = $plugin->loadTemplate($form);
281 if ($ret) {
282 return array($ret, null);
283 }
284
285 if (isset($data['file'])) {
286 $UserRecoverPassword['plugins'][] = $data;
287 }
288 }
289
290 $template->setVariable('UserRecoverPassword', $UserRecoverPassword);
291 $template->setVariable('controller', 'core.UserRecoverPassword');
292 return array(null, array('body' => 'modules/core/templates/UserRecoverPassword.tpl'));
293 }
294 }
295 ?>

Properties

Name Value
svn:eol-style native
svn:keywords Author Id Revision

Errore!