fixed: misc: ValidateEmail() buffer overflow

added: notifications for resetting a user's password (there is no a winix function for this yet) git-svn-id: svn://ttmath.org/publicrep/winix/trunk@817 e52654a7-88a9-db11-a3e9-0013d4bc506e
2012-03-09 22:56:54 +00:00
parent 489310ba1c
commit b7007da5a9
27 changed files with 540 additions and 145 deletions
--- a/functions/pw.cpp
+++ b/functions/pw.cpp
@@ -10,6 +10,7 @@
 #include "pw.h"
 #include "core/log.h"
 #include "core/misc.h"
+#include "functions/functions.h"


 namespace Fun
@@ -38,9 +39,10 @@ bool Pw::ActivateAccount(User * puser, long code, bool use_ses_log)
 		{
 			if( db->ChangeUserStatus(puser->id, WINIX_ACCOUNT_READY) == WINIX_ERR_OK )
 			{
-				// !! IMPROVE ME
-				// remove 'activation_code' value from admin environment for the user
+				puser->aenv.Remove(L"activation_code");
+				db->ChangeUserAdminEnv(puser->id, puser->aenv);
 				puser->status = WINIX_ACCOUNT_READY;
+
 				log << log2 << "Pw: account: " << puser->name << " activated" << logend;

 				if( use_ses_log )
@@ -113,10 +115,138 @@ void Pw::ActivateAccount()



+bool Pw::SetNewPassword(User * puser, bool use_ses_log)
+{
+bool result = false;
+
+	const std::wstring & pass      = cur->request->PostVar(L"passwordnew");
+	const std::wstring & pass_conf = cur->request->PostVar(L"passwordconfirm");
+
+	if( functions->fun_passwd.IsPasswordCorrect(pass, pass_conf, use_ses_log) )
+	{
+		if( functions->fun_passwd.ChangePassword(puser->id, pass) )
+		{
+			result = true;
+
+			if( use_ses_log )
+				slog << loginfo << T("pw_password_changed") << logend;
+		}
+		else
+		{
+			if( use_ses_log )
+				slog << logerror << T("service_unavailable") << logend;
+		}
+	}
+
+return result;
+}
+
+
+
+bool Pw::ResetPassword(User * puser, long code, bool use_ses_log, bool only_check_access)
+{
+	std::wstring * user_code_str = puser->aenv.GetValue(L"password_change_code");
+
+	if( user_code_str )
+	{
+		if( Tol(*user_code_str) == code )
+		{
+			if( only_check_access )
+				return true;
+			else
+				return SetNewPassword(puser, use_ses_log);
+		}
+		else
+		{
+			log << log2 << "Pw: incorrect change password code" << logend;
+
+			if( use_ses_log )
+				slog << logerror << T(L"incorrect_change_password_code") << logend;
+		}
+	}
+	else
+	{
+		log << log1 << "Pw: there is no change password code in admin environment" << logend;
+
+		if( use_ses_log )
+			slog << loginfo << T(L"password_cannot_be_changed") << logend;
+	}
+
+return false;
+}
+
+
+bool Pw::ResetPassword(const std::wstring & login, long code, bool use_ses_log, bool only_check_access)
+{
+	bool result  = false;
+	User * puser = system->users.GetUser(login);
+
+	if( puser )
+	{
+		long t = static_cast<long>(cur->request->start_time);
+
+		if( puser->aenv.Long(L"password_change_time") + config->reset_password_code_expiration_time > t )
+		{
+			result = ResetPassword(puser, code, use_ses_log, only_check_access);
+		}
+		else
+		{
+			log << log2 << "Pw: the code has expired" << logend;
+
+			if( use_ses_log )
+				slog << logerror << T(L"code_expired") << logend;
+		}
+	}
+	else
+	{
+		log << log1 << "Pw: there is no a user: " << login << logend;
+	}
+
+return result;
+}
+
+
+void Pw::ResetPassword()
+{
+	const std::wstring & login = cur->request->PostVar(L"login");
+	long code = Tol(cur->request->PostVar(L"code"));
+	
+	ResetPassword(login, code, true, false);
+	system->RedirectToLastItem();
+}
+
+
+void Pw::ShowResetPasswordForm()
+{
+	const std::wstring & login = cur->request->ParamValue(L"login");
+	long code = Tol(cur->request->ParamValue(L"code"));
+	
+	if( !login.empty() )
+	{
+		if( !ResetPassword(login, code, true, true) )
+			system->RedirectToLastItem();
+	}
+	else
+	{
+		system->RedirectToLastItem();
+	}
+}
+
+
+void Pw::MakePost()
+{
+	if( cur->request->IsParam(L"resetpassword") )
+		ResetPassword();
+}
+
+
 void Pw::MakeGet()
 {
 	if( cur->request->IsParam(L"activate") )
 		ActivateAccount();
+	else
+	if( cur->request->IsParam(L"resetpassword") )
+		ShowResetPasswordForm();
 }