LoginPasswordAction.class.php (1676B)
1 <?php 2 namespace cms\action\login; 3 use cms\action\LoginAction; 4 use cms\action\Method; 5 use cms\base\Configuration; 6 use cms\base\DB; 7 use cms\model\User; 8 use language\Messages; 9 use logger\Logger; 10 use security\Password; 11 use util\exception\ValidationException; 12 use util\mail\Mail; 13 use util\Session; 14 15 16 class LoginPasswordAction extends LoginAction implements Method { 17 public function view() { 18 // TODO: Attribut "Password" abfragen 19 20 $this->setTemplateVar( 'dbids',$this->getSelectableDatabases() ); 21 22 $db = DB::get(); 23 24 if ( is_object($db) ) 25 $this->setTemplateVar('actdbid',$db->id); 26 else 27 $this->setTemplateVar('actdbid', Configuration::subset('database-default')->get('default-id','')); 28 } 29 30 31 32 33 34 public function post() { 35 $username = $this->request->getText('username'); 36 if ( ! $username ) 37 throw new ValidationException('username'); 38 39 $user = User::loadWithName( $username,User::AUTH_TYPE_INTERNAL ); 40 41 Password::delay(); // Crypto-Wait 42 43 if ( $user ) 44 { 45 srand ((double)microtime()*1000003); 46 $code = rand(); 47 Session::set(Session::KEY_PASSWORD_COMMIT_CODE,$code); 48 49 $eMail = new Mail($user->mail,Messages::MAIL_SUBJECT_PASSWORD_COMMIT_CODE,Messages::MAIL_TEXT_PASSWORD_COMMIT_CODE); 50 $eMail->setVar('name',$user->getName()); 51 $eMail->setVar('code',$code); 52 53 try { 54 $eMail->send(); 55 Session::set(Session::KEY_PASSWORD_COMMIT_NAME,$user->name); 56 } 57 catch( \Exception $e ) { 58 Logger::warn( $e ); 59 } 60 } 61 62 // For security reasons: 63 // Always display a message that a mail is sent. 64 // So no one is able to check if this username exists. 65 sleep(1); 66 $this->addNoticeFor( new User(), Messages::MAIL_SENT); 67 } 68 }