forked from kimai/kimai1
-
Notifications
You must be signed in to change notification settings - Fork 0
/
forgotPassword.php
85 lines (71 loc) · 2.43 KB
/
forgotPassword.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
/**
* This file is part of
* Kimai - Open Source Time Tracking // https://www.kimai.org
* (c) Kimai-Development-Team since 2006
*
* Kimai is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; Version 3, 29 June 2007
*
* Kimai is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Kimai; If not, see <http://www.gnu.org/licenses/>.
*/
/**
* Show an login window or process the login request. On succes the user
* will be redirected to core/kimai.php.
*/
if (!isset($_REQUEST['a'])) {
$_REQUEST['a'] = '';
}
if (!isset($_REQUEST['name']) || is_array($_REQUEST['name'])) {
$name = '';
} else {
$name = $_REQUEST['name'];
}
if (!isset($_REQUEST['key']) || is_array($_REQUEST['key'])) {
$key = 'nokey'; // will never match since hash values are either NULL or 32 characters
} else {
$key = $_REQUEST['key'];
}
require 'includes/basics.php';
$database = Kimai_Registry::getDatabase();
$view = new Zend_View();
$view->setBasePath(WEBROOT . 'templates');
$authPlugin = Kimai_Registry::getAuthenticator();
$view->assign('kga', $kga);
// current database setup correct?
checkDBversion(".");
// processing login and displaying either login screen or errors
$name = htmlspecialchars(trim($name));
$is_customer = $database->is_customer_name($name);
if ($is_customer) {
$id = $database->customer_nameToID($name);
$customer = $database->customer_get_data($id);
$keyCorrect = $key === $customer['passwordResetHash'];
} else {
$id = $database->user_name2id($name);
$user = $database->user_get_data($id);
$keyCorrect = $key === $user['passwordResetHash'];
}
switch ($_REQUEST['a'])
{
case "request":
Kimai_Logger::logfile("password reset: " . $name . ($is_customer ? " as customer" : " as user"));
break;
// Show password reset page
default:
$view->assign('devtimespan', '2006-' . date('y'));
$view->assign('keyCorrect', $keyCorrect);
$view->assign('requestData', [
'key' => $key,
'name' => $name
]);
echo $view->render('login/forgotPassword.php');
break;
}