1: <?php
2:
3: /*****************************************************************************************
4: * X2Engine Open Source Edition is a customer relationship management program developed by
5: * X2Engine, Inc. Copyright (C) 2011-2016 X2Engine Inc.
6: *
7: * This program is free software; you can redistribute it and/or modify it under
8: * the terms of the GNU Affero General Public License version 3 as published by the
9: * Free Software Foundation with the addition of the following permission added
10: * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11: * IN WHICH THE COPYRIGHT IS OWNED BY X2ENGINE, X2ENGINE DISCLAIMS THE WARRANTY
12: * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
13: *
14: * This program is distributed in the hope that it will be useful, but WITHOUT
15: * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16: * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
17: * details.
18: *
19: * You should have received a copy of the GNU Affero General Public License along with
20: * this program; if not, see http://www.gnu.org/licenses or write to the Free
21: * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
22: * 02110-1301 USA.
23: *
24: * You can contact X2Engine, Inc. P.O. Box 66752, Scotts Valley,
25: * California 95067, USA. or at email address [email protected].
26: *
27: * The interactive user interfaces in modified source and object code versions
28: * of this program must display Appropriate Legal Notices, as required under
29: * Section 5 of the GNU Affero General Public License version 3.
30: *
31: * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32: * these Appropriate Legal Notices must retain the display of the "Powered by
33: * X2Engine" logo. If the display of the logo is not reasonably feasible for
34: * technical reasons, the Appropriate Legal Notices must display the words
35: * "Powered by X2Engine".
36: *****************************************************************************************/
37:
38: /**
39: * The "Enter a New Password" form model for password resetting.
40: *
41: * @package application.modules.users.models
42: * @author Demitri Morgan <[email protected]>
43: */
44: class PasswordResetForm extends CFormModel {
45:
46: const N_CHAR_CLASS_SECURE = 2;
47: const N_CHAR_TOTAL_SECURE = 5;
48:
49: public $password;
50: public $confirm;
51:
52: /**
53: * User active record to be updated
54: *
55: * @var User
56: */
57: public $userModel;
58:
59: public function attributeLabels(){
60: return array(
61: 'password' => Yii::t('users','Password'),
62: 'confirm' => Yii::t('users','Confirm Password'),
63: );
64: }
65:
66: public function attributeNames(){
67: return array('password','confirm');
68: }
69:
70: public function rules() {
71: $passwordResetRules = array(
72: array('password,confirm','required'),
73: array('password','securePassword'),
74: array('confirm','compare','compareAttribute'=>'password','message'=>Yii::t('users','Passwords do not match.')),
75: );
76:
77: return $passwordResetRules;
78: }
79:
80: public function __construct(User $userModel,$scenario = ''){
81: $this->userModel = $userModel;
82: parent::__construct($scenario);
83: }
84:
85: /**
86: * Save the associated user model
87: *
88: * Also, this clears out all password resets associated with the given user,
89: * if successful.
90: * @return type
91: */
92: public function save() {
93: if($this->validate()) {
94: $this->userModel->password = PasswordUtil::createHash($this->password);
95: PasswordReset::model()->deleteAllByAttributes(array('userId'=>$this->userModel->id));
96: return $this->userModel->update(array('password'));
97: }
98: return false;
99: }
100:
101: /**
102: * Validation rule that prompts user for a more secure password
103: *
104: * @param type $attribute
105: * @param type $params
106: */
107: public function securePassword($attribute,$params=array()) {
108: $nClass = 0;
109: if(strlen($this->$attribute) < self::N_CHAR_TOTAL_SECURE) {
110: $this->addError($attribute,Yii::t('users','{attribute} is not secure enough (minimum length: {l})', array(
111: '{attribute}' => $this->getAttributeLabel($attribute),
112: '{l}' => self::N_CHAR_TOTAL_SECURE
113: )));
114: }
115: foreach(array('[0-9]','[a-z]','[A-Z]','\W','\s') as $characterClass) {
116: if(preg_match('/'.$characterClass.'/',$this->$attribute)) {
117: $nClass++;
118: }
119: }
120: if($nClass < self::N_CHAR_CLASS_SECURE){
121: $this->addError($attribute, Yii::t('users', '{attribute} is not secure enough; it must contain at least {n} types of characters (upper case, lower case, number, etc)', array(
122: '{attribute}' => $this->getAttributeLabel($attribute),
123: '{n}' => self::N_CHAR_CLASS_SECURE
124: )));
125: }
126: }
127: }
128:
129: ?>
130: