This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Redaxscript\Controller; |
||
3 | |||
4 | use Redaxscript\Filter; |
||
5 | use Redaxscript\Hash; |
||
6 | use Redaxscript\Html\Element; |
||
7 | use Redaxscript\Mailer; |
||
8 | use Redaxscript\Model; |
||
9 | use Redaxscript\Validator; |
||
10 | use function sha1; |
||
11 | |||
12 | /** |
||
13 | * children class to process the reset request |
||
14 | * |
||
15 | * @since 3.0.0 |
||
16 | * |
||
17 | * @package Redaxscript |
||
18 | * @category Controller |
||
19 | * @author Henry Ruhs |
||
20 | * @author Balázs Szilágyi |
||
21 | */ |
||
22 | |||
23 | class Reset extends ControllerAbstract |
||
24 | { |
||
25 | /** |
||
26 | * process the class |
||
27 | * |
||
28 | * @since 3.0.0 |
||
29 | * |
||
30 | * @return string |
||
31 | */ |
||
32 | |||
33 | 5 | public function process() : string |
|
34 | { |
||
35 | 5 | $passwordHash = new Hash(); |
|
36 | 5 | $postArray = $this->_normalizePost($this->_sanitizePost()); |
|
37 | 5 | $validateArray = $this->_validatePost($postArray); |
|
38 | 5 | $user = $this->_getUser($postArray); |
|
39 | |||
40 | /* validate post */ |
||
41 | |||
42 | 5 | if ($validateArray) |
|
43 | { |
||
44 | 3 | return $this->_error( |
|
45 | [ |
||
46 | 3 | 'route' => 'login/recover', |
|
47 | 3 | 'message' => $validateArray |
|
48 | ]); |
||
49 | } |
||
50 | |||
51 | /* handle reset */ |
||
52 | |||
53 | 2 | $passwordHash->init($postArray['password']); |
|
54 | $resetArray = |
||
55 | [ |
||
56 | 2 | 'id' => $user?->id, |
|
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
57 | 2 | 'password' => $passwordHash->getHash() |
|
58 | ]; |
||
59 | 2 | if (!$this->_reset($resetArray)) |
|
60 | { |
||
61 | return $this->_error( |
||
62 | [ |
||
63 | 'route' => 'login/recover' |
||
64 | ]); |
||
65 | } |
||
66 | |||
67 | /* handle mail */ |
||
68 | |||
69 | $mailArray = |
||
70 | [ |
||
71 | 2 | 'name' => $user->name, |
|
72 | 2 | 'user' => $user->user, |
|
73 | 2 | 'email' => $user->email |
|
74 | ]; |
||
75 | 2 | if (!$this->_mail($mailArray)) |
|
76 | { |
||
77 | 1 | return $this->_error( |
|
78 | [ |
||
79 | 1 | 'route' => 'login/recover', |
|
80 | 1 | 'message' => $this->_language->get('email_failed') |
|
81 | ]); |
||
82 | } |
||
83 | |||
84 | /* handle success */ |
||
85 | |||
86 | 1 | return $this->_success( |
|
87 | [ |
||
88 | 1 | 'route' => 'login', |
|
89 | 1 | 'timeout' => 2, |
|
90 | 1 | 'message' => $this->_language->get('password_changed') |
|
91 | ]); |
||
92 | } |
||
93 | |||
94 | /** |
||
95 | * sanitize the post |
||
96 | * |
||
97 | * @since 4.0.0 |
||
98 | * |
||
99 | * @return array |
||
100 | */ |
||
101 | |||
102 | 5 | protected function _sanitizePost() : array |
|
103 | { |
||
104 | 5 | $numberFilter = new Filter\Number(); |
|
105 | 5 | $passwordFilter = new Filter\Password(); |
|
106 | 5 | $textFilter = new Filter\Text(); |
|
107 | 5 | $specialFilter = new Filter\Special(); |
|
108 | |||
109 | /* sanitize post */ |
||
110 | |||
111 | return |
||
112 | [ |
||
113 | 5 | 'id' => $numberFilter->sanitize($this->_request->getPost('id')), |
|
114 | 5 | 'password' => $passwordFilter->sanitize($this->_request->getPost('password')), |
|
115 | 5 | 'passwordHash' => $specialFilter->sanitize($this->_request->getPost('password-hash')), |
|
116 | 5 | 'task' => $numberFilter->sanitize($this->_request->getPost('task')), |
|
117 | 5 | 'solution' => $textFilter->sanitize($this->_request->getPost('solution')) |
|
118 | ]; |
||
119 | } |
||
120 | |||
121 | /** |
||
122 | * validate the post |
||
123 | * |
||
124 | * @since 3.0.0 |
||
125 | * |
||
126 | * @param array $postArray array of the post |
||
127 | * |
||
128 | * @return array |
||
129 | */ |
||
130 | |||
131 | 5 | protected function _validatePost(array $postArray = []) : array |
|
132 | { |
||
133 | 5 | $passwordValidator = new Validator\Password(); |
|
134 | 5 | $captchaValidator = new Validator\Captcha(); |
|
135 | 5 | $user = $this->_getUser($postArray); |
|
136 | 5 | $validateArray = []; |
|
137 | |||
138 | /* validate post */ |
||
139 | |||
140 | 5 | if (!$postArray['id']) |
|
141 | { |
||
142 | 1 | $validateArray[] = $this->_language->get('user_empty'); |
|
143 | } |
||
144 | 4 | else if (!$user?->id) |
|
145 | { |
||
146 | 1 | $validateArray[] = $this->_language->get('user_incorrect'); |
|
147 | } |
||
148 | 5 | if (!$postArray['password']) |
|
149 | { |
||
150 | 1 | $validateArray[] = $this->_language->get('password_empty'); |
|
151 | } |
||
152 | 4 | else if (!$passwordValidator->validate($postArray['password'])) |
|
153 | { |
||
154 | 1 | $validateArray[] = $this->_language->get('password_incorrect'); |
|
155 | } |
||
156 | 3 | else if ($postArray['passwordHash'] !== sha1($user->password)) |
|
157 | { |
||
158 | 1 | $validateArray[] = $this->_language->get('token_incorrect'); |
|
159 | } |
||
160 | 5 | if (!$captchaValidator->validate($postArray['task'], $postArray['solution'])) |
|
161 | { |
||
162 | $validateArray[] = $this->_language->get('captcha_incorrect'); |
||
163 | } |
||
164 | 5 | return $validateArray; |
|
165 | } |
||
166 | |||
167 | /** |
||
168 | * get the user |
||
169 | * |
||
170 | * @since 4.0.0 |
||
171 | * |
||
172 | * @param array $postArray array of the post |
||
173 | * |
||
174 | * @return object|null |
||
175 | */ |
||
176 | |||
177 | 5 | protected function _getUser(array $postArray = []) : ?object |
|
178 | { |
||
179 | 5 | $userModel = new Model\User(); |
|
180 | 5 | return $userModel->getById($postArray['id']); |
|
181 | } |
||
182 | |||
183 | /** |
||
184 | * reset the password |
||
185 | * |
||
186 | * @since 3.0.0 |
||
187 | * |
||
188 | * @param array $resetArray array of the reset |
||
189 | * |
||
190 | * @return bool |
||
191 | */ |
||
192 | |||
193 | 2 | protected function _reset(array $resetArray = []) : bool |
|
194 | { |
||
195 | 2 | $userModel = new Model\User(); |
|
196 | 2 | return $userModel->resetPasswordById($resetArray['id'], $resetArray['password']); |
|
197 | } |
||
198 | |||
199 | /** |
||
200 | * send the mail |
||
201 | * |
||
202 | * @since 3.0.0 |
||
203 | * |
||
204 | * @param array $mailArray array of the mail |
||
205 | * |
||
206 | * @return bool |
||
207 | */ |
||
208 | |||
209 | 1 | protected function _mail(array $mailArray = []) : bool |
|
210 | { |
||
211 | 1 | $settingModel = new Model\Setting(); |
|
212 | 1 | $urlLogin = $this->_registry->get('root') . '/' . $this->_registry->get('parameterRoute') . 'login'; |
|
213 | |||
214 | /* html element */ |
||
215 | |||
216 | 1 | $linkElement = new Element(); |
|
217 | $linkElement |
||
218 | 1 | ->init('a', |
|
219 | [ |
||
220 | 1 | 'href' => $urlLogin |
|
221 | ]) |
||
222 | 1 | ->text($urlLogin); |
|
223 | |||
224 | /* prepare mail */ |
||
225 | |||
226 | $toArray = |
||
227 | [ |
||
228 | 1 | $mailArray['name'] => $mailArray['email'] |
|
229 | ]; |
||
230 | $fromArray = |
||
231 | [ |
||
232 | 1 | $settingModel->get('author') => $settingModel->get('email') |
|
233 | ]; |
||
234 | 1 | $subject = $this->_language->get('password_new'); |
|
235 | $bodyArray = |
||
236 | [ |
||
237 | 1 | $this->_language->get('user') . $this->_language->get('colon') . ' ' . $mailArray['user'], |
|
238 | 1 | '<br />', |
|
239 | 1 | $this->_language->get('login') . $this->_language->get('colon') . ' ' . $linkElement |
|
240 | ]; |
||
241 | |||
242 | /* send mail */ |
||
243 | |||
244 | 1 | $mailer = new Mailer(); |
|
245 | 1 | $mailer->init($toArray, $fromArray, $subject, $bodyArray); |
|
246 | 1 | return $mailer->send(); |
|
247 | } |
||
248 | } |
||
249 |