These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Redaxscript\Controller; |
||
3 | |||
4 | use Redaxscript\Filter; |
||
5 | use Redaxscript\Hash; |
||
6 | use Redaxscript\Html\Element; |
||
7 | use Redaxscript\Mailer; |
||
8 | use Redaxscript\Model; |
||
9 | use Redaxscript\Validator; |
||
10 | use function sha1; |
||
11 | |||
12 | /** |
||
13 | * children class to process the reset request |
||
14 | * |
||
15 | * @since 3.0.0 |
||
16 | * |
||
17 | * @package Redaxscript |
||
18 | * @category Controller |
||
19 | * @author Henry Ruhs |
||
20 | * @author Balázs Szilágyi |
||
21 | */ |
||
22 | |||
23 | class Reset extends ControllerAbstract |
||
24 | { |
||
25 | /** |
||
26 | * process the class |
||
27 | * |
||
28 | * @since 3.0.0 |
||
29 | * |
||
30 | * @return string |
||
31 | */ |
||
32 | |||
33 | public function process() : string |
||
34 | 4 | { |
|
35 | $passwordHash = new Hash(); |
||
36 | 4 | $postArray = $this->_normalizePost($this->_sanitizePost()); |
|
37 | 4 | $validateArray = $this->_validatePost($postArray); |
|
38 | 4 | $user = $this->_getUser($postArray); |
|
39 | 4 | ||
40 | 4 | /* validate post */ |
|
41 | |||
42 | if ($validateArray) |
||
43 | { |
||
44 | 4 | return $this->_error( |
|
45 | [ |
||
46 | 2 | 'route' => 'login/recover', |
|
47 | 'message' => $validateArray |
||
48 | 2 | ]); |
|
49 | 2 | } |
|
50 | |||
51 | /* handle reset */ |
||
52 | |||
53 | $passwordHash->init($postArray['password']); |
||
54 | $resetArray = |
||
55 | [ |
||
56 | 'id' => $user->id, |
||
57 | 2 | 'password' => $passwordHash->getHash() |
|
58 | 2 | ]; |
|
59 | if (!$this->_reset($resetArray)) |
||
60 | 2 | { |
|
61 | return $this->_error( |
||
62 | [ |
||
63 | 'route' => 'login/recover' |
||
64 | ]); |
||
65 | } |
||
66 | |||
67 | /* handle mail */ |
||
68 | |||
69 | $mailArray = |
||
70 | [ |
||
71 | 'name' => $user->name, |
||
72 | 2 | 'user' => $user->user, |
|
73 | 2 | 'email' => $user->email |
|
74 | 2 | ]; |
|
75 | if (!$this->_mail($mailArray)) |
||
76 | 2 | { |
|
77 | return $this->_error( |
||
78 | 1 | [ |
|
79 | 'route' => 'login/recover', |
||
80 | 1 | 'message' => $this->_language->get('email_failed') |
|
81 | 1 | ]); |
|
82 | } |
||
83 | |||
84 | /* handle success */ |
||
85 | |||
86 | return $this->_success( |
||
87 | 1 | [ |
|
88 | 'route' => 'login', |
||
89 | 1 | 'timeout' => 2, |
|
90 | 1 | 'message' => $this->_language->get('password_changed') |
|
91 | 1 | ]); |
|
92 | } |
||
93 | |||
94 | /** |
||
95 | * sanitize the post |
||
96 | * |
||
97 | * @since 4.0.0 |
||
98 | * |
||
99 | * @return array |
||
100 | */ |
||
101 | |||
102 | protected function _sanitizePost() : array |
||
103 | 4 | { |
|
104 | $numberFilter = new Filter\Number(); |
||
105 | 4 | $specialFilter = new Filter\Special(); |
|
106 | 4 | ||
107 | /* sanitize post */ |
||
108 | |||
109 | return |
||
110 | [ |
||
111 | 'id' => $numberFilter->sanitize($this->_request->getPost('id')), |
||
112 | 4 | 'password' => $specialFilter->sanitize($this->_request->getPost('password')), |
|
0 ignored issues
–
show
|
|||
113 | 4 | 'passwordHash' => $specialFilter->sanitize($this->_request->getPost('password-hash')), |
|
114 | 4 | 'task' => $numberFilter->sanitize($this->_request->getPost('task')), |
|
115 | 4 | 'solution' => $this->_request->getPost('solution') |
|
116 | ]; |
||
117 | } |
||
118 | |||
119 | /** |
||
120 | * validate the post |
||
121 | * |
||
122 | * @since 3.0.0 |
||
123 | * |
||
124 | * @param array $postArray array of the post |
||
125 | * |
||
126 | * @return array |
||
127 | */ |
||
128 | |||
129 | 4 | protected function _validatePost(array $postArray = []) : array |
|
130 | { |
||
131 | 4 | $passwordValidator = new Validator\Password(); |
|
132 | 4 | $captchaValidator = new Validator\Captcha(); |
|
133 | 4 | $user = $this->_getUser($postArray); |
|
134 | $validateArray = []; |
||
135 | |||
136 | /* validate post */ |
||
137 | 4 | ||
138 | if (!$postArray['id']) |
||
139 | 1 | { |
|
140 | $validateArray[] = $this->_language->get('user_empty'); |
||
141 | 3 | } |
|
142 | else if (!$user->id) |
||
143 | 1 | { |
|
144 | $validateArray[] = $this->_language->get('user_incorrect'); |
||
145 | 4 | } |
|
146 | if (!$postArray['password']) |
||
147 | 1 | { |
|
148 | $validateArray[] = $this->_language->get('password_empty'); |
||
149 | 3 | } |
|
150 | else if (!$passwordValidator->validate($postArray['password'])) |
||
151 | 1 | { |
|
152 | $validateArray[] = $this->_language->get('password_incorrect'); |
||
153 | 4 | } |
|
154 | else if ($postArray['passwordHash'] !== sha1($user->password)) |
||
155 | 1 | { |
|
156 | $validateArray[] = $this->_language->get('token_incorrect'); |
||
157 | 4 | } |
|
158 | if (!$captchaValidator->validate($postArray['task'], $postArray['solution'])) |
||
159 | { |
||
160 | $validateArray[] = $this->_language->get('captcha_incorrect'); |
||
161 | } |
||
162 | return $validateArray; |
||
163 | } |
||
164 | |||
165 | /** |
||
166 | * get the user |
||
167 | * |
||
168 | * @since 4.0.0 |
||
169 | * |
||
170 | 4 | * @param array $postArray array of the post |
|
171 | * |
||
172 | 4 | * @return object|null |
|
173 | 4 | */ |
|
174 | |||
175 | protected function _getUser(array $postArray = []) : ?object |
||
176 | { |
||
177 | $userModel = new Model\User(); |
||
178 | return $userModel->getById($postArray['id']); |
||
179 | } |
||
180 | |||
181 | /** |
||
182 | * reset the password |
||
183 | * |
||
184 | * @since 3.0.0 |
||
185 | * |
||
186 | 2 | * @param array $resetArray array of the reset |
|
187 | * |
||
188 | 2 | * @return bool |
|
189 | 2 | */ |
|
190 | |||
191 | protected function _reset(array $resetArray = []) : bool |
||
192 | { |
||
193 | $userModel = new Model\User(); |
||
194 | return $userModel->resetPasswordById($resetArray['id'], $resetArray['password']); |
||
195 | } |
||
196 | |||
197 | /** |
||
198 | * send the mail |
||
199 | * |
||
200 | * @since 3.0.0 |
||
201 | * |
||
202 | 1 | * @param array $mailArray array of the mail |
|
203 | * |
||
204 | 1 | * @return bool |
|
205 | 1 | */ |
|
206 | |||
207 | protected function _mail(array $mailArray = []) : bool |
||
208 | { |
||
209 | 1 | $settingModel = new Model\Setting(); |
|
210 | $urlLogin = $this->_registry->get('root') . '/' . $this->_registry->get('parameterRoute') . 'login'; |
||
211 | 1 | ||
212 | /* html element */ |
||
213 | 1 | ||
214 | $linkElement = new Element(); |
||
215 | 1 | $linkElement |
|
216 | ->init('a', |
||
217 | [ |
||
218 | 'href' => $urlLogin |
||
219 | ]) |
||
220 | ->text($urlLogin); |
||
221 | 1 | ||
222 | /* prepare mail */ |
||
223 | |||
224 | $toArray = |
||
225 | 1 | [ |
|
226 | $mailArray['name'] => $mailArray['email'] |
||
227 | 1 | ]; |
|
228 | $fromArray = |
||
229 | [ |
||
230 | 1 | $settingModel->get('author') => $settingModel->get('email') |
|
231 | 1 | ]; |
|
232 | 1 | $subject = $this->_language->get('password_new'); |
|
233 | $bodyArray = |
||
234 | [ |
||
235 | $this->_language->get('user') . $this->_language->get('colon') . ' ' . $mailArray['user'], |
||
236 | '<br />', |
||
237 | 1 | $this->_language->get('login') . $this->_language->get('colon') . ' ' . $linkElement |
|
238 | 1 | ]; |
|
239 | 1 | ||
240 | /* send mail */ |
||
241 | |||
242 | $mailer = new Mailer(); |
||
243 | $mailer->init($toArray, $fromArray, $subject, $bodyArray); |
||
244 | return $mailer->send(); |
||
245 | } |
||
246 | } |
||
247 |
This check looks at variables that are passed out again to other methods.
If the outgoing method call has stricter type requirements than the method itself, an issue is raised.
An additional type check may prevent trouble.