These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Redaxscript\Controller; |
||
3 | |||
4 | use Redaxscript\Filter; |
||
5 | use Redaxscript\Hash; |
||
6 | use Redaxscript\Html\Element; |
||
7 | use Redaxscript\Mailer; |
||
8 | use Redaxscript\Model; |
||
9 | use Redaxscript\Validator; |
||
10 | use function sha1; |
||
11 | use function uniqid; |
||
12 | |||
13 | /** |
||
14 | * children class to process the reset request |
||
15 | * |
||
16 | * @since 3.0.0 |
||
17 | * |
||
18 | * @package Redaxscript |
||
19 | * @category Controller |
||
20 | * @author Henry Ruhs |
||
21 | * @author Balázs Szilágyi |
||
22 | */ |
||
23 | |||
24 | class Reset extends ControllerAbstract |
||
25 | { |
||
26 | /** |
||
27 | * process the class |
||
28 | * |
||
29 | * @since 3.0.0 |
||
30 | * |
||
31 | * @return string |
||
32 | */ |
||
33 | |||
34 | 4 | public function process() : string |
|
35 | { |
||
36 | 4 | $passwordHash = new Hash(); |
|
37 | 4 | $passwordHash->init(uniqid()); |
|
38 | 4 | $postArray = $this->_normalizePost($this->_sanitizePost()); |
|
39 | 4 | $validateArray = $this->_validatePost($postArray); |
|
40 | 4 | $user = $this->_getUser($postArray); |
|
41 | |||
42 | /* validate post */ |
||
43 | |||
44 | 4 | if ($validateArray) |
|
45 | { |
||
46 | 2 | return $this->_error( |
|
47 | [ |
||
48 | 2 | 'route' => 'login/recover', |
|
49 | 2 | 'message' => $validateArray |
|
50 | ]); |
||
51 | } |
||
52 | |||
53 | /* handle reset */ |
||
54 | |||
55 | $resetArray = |
||
56 | [ |
||
57 | 2 | 'id' => $user->id, |
|
58 | 2 | 'password' => $passwordHash->getHash() |
|
59 | ]; |
||
60 | 2 | if (!$this->_reset($resetArray)) |
|
61 | { |
||
62 | return $this->_error( |
||
63 | [ |
||
64 | 'route' => 'login/recover' |
||
65 | ]); |
||
66 | } |
||
67 | |||
68 | /* handle mail */ |
||
69 | |||
70 | $mailArray = |
||
71 | [ |
||
72 | 2 | 'name' => $user->name, |
|
73 | 2 | 'email' => $user->email, |
|
74 | 2 | 'password' => $passwordHash->getRaw() |
|
75 | ]; |
||
76 | 2 | if (!$this->_mail($mailArray)) |
|
77 | { |
||
78 | 1 | return $this->_error( |
|
79 | [ |
||
80 | 1 | 'route' => 'login/recover', |
|
81 | 1 | 'message' => $this->_language->get('email_failed') |
|
82 | ]); |
||
83 | } |
||
84 | |||
85 | /* handle success */ |
||
86 | |||
87 | 1 | return $this->_success( |
|
88 | [ |
||
89 | 1 | 'route' => 'login', |
|
90 | 1 | 'timeout' => 2, |
|
91 | 1 | 'message' => $this->_language->get('password_sent') |
|
92 | ]); |
||
93 | } |
||
94 | |||
95 | /** |
||
96 | * sanitize the post |
||
97 | * |
||
98 | * @since 4.0.0 |
||
99 | * |
||
100 | * @return array |
||
101 | */ |
||
102 | |||
103 | 4 | protected function _sanitizePost() : array |
|
104 | { |
||
105 | 4 | $numberFilter = new Filter\Number(); |
|
106 | 4 | $specialFilter = new Filter\Special(); |
|
107 | |||
108 | /* sanitize post */ |
||
109 | |||
110 | return |
||
111 | [ |
||
112 | 4 | 'id' => $numberFilter->sanitize($this->_request->getPost('id')), |
|
113 | 4 | 'password' => $specialFilter->sanitize($this->_request->getPost('password')), |
|
114 | 4 | 'task' => $numberFilter->sanitize($this->_request->getPost('task')), |
|
115 | 4 | 'solution' => $this->_request->getPost('solution') |
|
116 | ]; |
||
117 | } |
||
118 | |||
119 | /** |
||
120 | * validate the post |
||
121 | * |
||
122 | * @since 3.0.0 |
||
123 | * |
||
124 | * @param array $postArray array of the post |
||
125 | * |
||
126 | * @return array |
||
127 | */ |
||
128 | |||
129 | 4 | protected function _validatePost(array $postArray = []) : array |
|
130 | { |
||
131 | 4 | $captchaValidator = new Validator\Captcha(); |
|
132 | 4 | $user = $this->_getUser($postArray); |
|
133 | 4 | $validateArray = []; |
|
134 | |||
135 | /* validate post */ |
||
136 | |||
137 | 4 | if (!$postArray['id']) |
|
138 | { |
||
139 | 1 | $validateArray[] = $this->_language->get('user_empty'); |
|
140 | } |
||
141 | 3 | else if (!$user->id) |
|
142 | { |
||
143 | 1 | $validateArray[] = $this->_language->get('user_incorrect'); |
|
144 | } |
||
145 | 4 | if (!$postArray['password']) |
|
146 | { |
||
147 | 1 | $validateArray[] = $this->_language->get('password_empty'); |
|
148 | } |
||
149 | 3 | else if (sha1($user->password) !== $postArray['password']) |
|
150 | { |
||
151 | 1 | $validateArray[] = $this->_language->get('password_incorrect'); |
|
152 | } |
||
153 | 4 | if (!$captchaValidator->validate($postArray['task'], $postArray['solution'])) |
|
154 | { |
||
155 | 1 | $validateArray[] = $this->_language->get('captcha_incorrect'); |
|
156 | } |
||
157 | 4 | return $validateArray; |
|
158 | } |
||
159 | |||
160 | /** |
||
161 | * get the user |
||
162 | * |
||
163 | * @since 4.0.0 |
||
164 | * |
||
165 | * @param array $postArray array of the post |
||
166 | * |
||
167 | * @return object|null |
||
168 | */ |
||
169 | |||
170 | 4 | protected function _getUser(array $postArray = []) : ?object |
|
171 | { |
||
172 | 4 | $userModel = new Model\User(); |
|
173 | 4 | return $userModel->getById($postArray['id']); |
|
174 | } |
||
175 | |||
176 | /** |
||
177 | * reset the password |
||
178 | * |
||
179 | * @since 3.0.0 |
||
180 | * |
||
181 | * @param array $resetArray array of the reset |
||
182 | * |
||
183 | * @return bool |
||
184 | */ |
||
185 | |||
186 | 2 | protected function _reset(array $resetArray = []) : bool |
|
187 | { |
||
188 | 2 | $userModel = new Model\User(); |
|
189 | 2 | return $userModel->resetPasswordById($resetArray['id'], $resetArray['password']); |
|
190 | } |
||
191 | |||
192 | /** |
||
193 | * send the mail |
||
194 | * |
||
195 | * @since 3.0.0 |
||
196 | * |
||
197 | * @param array $mailArray array of the mail |
||
198 | * |
||
199 | * @return bool |
||
200 | */ |
||
201 | |||
202 | 1 | protected function _mail(array $mailArray = []) : bool |
|
203 | { |
||
204 | 1 | $settingModel = new Model\Setting(); |
|
205 | 1 | $urlReset = $this->_registry->get('root') . '/' . $this->_registry->get('parameterRoute') . 'login'; |
|
206 | |||
207 | /* html element */ |
||
208 | |||
209 | 1 | $linkElement = new Element(); |
|
210 | $linkElement |
||
211 | 1 | ->init('a', |
|
212 | [ |
||
213 | 1 | 'href' => $urlReset |
|
214 | ]) |
||
215 | 1 | ->text($urlReset); |
|
216 | |||
217 | /* prepare mail */ |
||
218 | |||
219 | $toArray = |
||
220 | [ |
||
221 | 1 | $mailArray['name'] => $mailArray['email'] |
|
222 | ]; |
||
223 | $fromArray = |
||
224 | [ |
||
225 | 1 | $settingModel->get('author') => $settingModel->get('email') |
|
226 | ]; |
||
227 | 1 | $subject = $this->_language->get('password_new'); |
|
228 | $bodyArray = |
||
229 | [ |
||
230 | 1 | $this->_language->get('password_new') . $this->_language->get('colon') . ' ' . $mailArray['password'], |
|
231 | 1 | '<br />', |
|
232 | 1 | $this->_language->get('login') . $this->_language->get('colon') . ' ' . $linkElement |
|
233 | ]; |
||
234 | |||
235 | /* send mail */ |
||
236 | |||
237 | 1 | $mailer = new Mailer(); |
|
238 | 1 | $mailer->init($toArray, $fromArray, $subject, $bodyArray); |
|
0 ignored issues
–
show
|
|||
239 | 1 | return $mailer->send(); |
|
240 | } |
||
241 | } |
||
242 |
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check:
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.