[Sommaire] [Imprimer]

   1  <?php
   2  
   3      
   4      lt_include( PLOG_CLASS_PATH."class/mail/emailmessage.class.php" );
   5      lt_include( PLOG_CLASS_PATH."class/mail/emailservice.class.php" );
   6      lt_include( PLOG_CLASS_PATH."class/dao/users.class.php" );
   7  
   8      class SummaryTools 
   9      {
  10          
  11          /**
  12           * returns the url that will effectively allow users to enter a new
  13           * password
  14           */
  15  		function calculatePasswordResetHash( $userInfo ) 
  16          {
  17              $string = $userInfo->getPassword().$userInfo->getEmail().$userInfo->getId();
  18              $requestHash = md5($string);
  19              
  20              return $requestHash;
  21          }
  22          
  23          /**
  24           * sends the email with the request
  25           * @private
  26           */
  27  		function sendResetEmail( $userInfo, $url )
  28          {
  29              // prepare the template
  30              $templateService = new TemplateService();
  31              $template = $templateService->Template( "resetpasswordemail", "summary" );
  32              $template->assign( "locale", $this->_locale );
  33              $template->assign( "reseturl", $url );
  34              
  35              // render it and keep its contents
  36              $emailBody = $template->fetch();
  37              
  38              $message = new EmailMessage();
  39              $config =& Config::getConfig();
  40              $message->setFrom( $config->getValue( "post_notification_source_address" ));
  41              $message->addTo( $userInfo->getEmail());
  42              // get the default locale
  43              $locale =& Locales::getLocale();
  44              $message->setSubject( $locale->tr("password_reset_subject"));
  45              $message->setBody( $emailBody );
  46  
  47  //            print_r($message);
  48  
  49              $service = new EmailService();
  50              return $service->sendMessage( $message );
  51          }
  52          
  53  		function verifyRequest( $userNameHash, $requestHash )
  54          {        
  55              // make sure that the request is correct
  56              lt_include( PLOG_CLASS_PATH."class/database/db.class.php" );
  57              $users = new Users();
  58  
  59              $db =& Db::getDb();
  60              $prefix = Db::getPrefix();
  61              
  62              $query = "SELECT id, user, password, email, about, full_name, properties, 
  63                        site_admin, resource_picture_id, status
  64                        FROM {$prefix}users 
  65                        WHERE MD5(user) = '".Db::qstr($userNameHash)."'
  66                        AND status = ".USER_STATUS_ACTIVE;
  67                                          
  68              $result = $db->Execute( $query );
  69              if( !$result )
  70                  return false;
  71                  
  72              $row = $result->FetchRow();
  73              $userInfo = $users->mapRow( $row );
  74              
  75              // try to see if we can load the user...
  76              if( !$userInfo ) 
  77                  return false;
  78  
  79              // and if so, validate the hash
  80              $originalRequestHash = SummaryTools::calculatePasswordResetHash( $userInfo );
  81              if( $requestHash != $originalRequestHash )
  82                  return false;
  83                  
  84              return $userInfo;
  85          }
  86      }
  87  ?>