[Mapbender-commits] r5897 - branches/3_dev/core/lib

Sat Apr 10 11:55:05 EDT 2010

Author: verenadiewald
Date: 2010-04-10 11:55:04 -0400 (Sat, 10 Apr 2010)
New Revision: 5897

Modified:
   branches/3_dev/core/lib/class_User.php
Log:
new methods for setting password and password ticket

Modified: branches/3_dev/core/lib/class_User.php
===================================================================

--- branches/3_dev/core/lib/class_User.php	2010-04-10 15:39:18 UTC (rev 5896)
+++ branches/3_dev/core/lib/class_User.php	2010-04-10 15:55:04 UTC (rev 5897)
@@ -313,17 +313,38 @@
 	}
 
 	/*
+	*	@param	$userId the Mapbender user id
+	*	@param	$userTicket a user password ticket
+	*/
+	public function validUserPasswordTicket($userTicket) {
+		$sql = "SELECT * FROM mb_user ";
+		$sql .= "WHERE mb_user_id = $1 AND mb_user_password_ticket = $2";
+	    $v = array($this->id,$userTicket);
+		$t = array("i","s");
+		$res = db_prep_query($sql,$v,$t);
+		
+		if($row = db_fetch_array($res)){
+			if($row['mb_user_password_ticket'] == '' || $row['mb_user_password_ticket'] != $userTicket) {
+				return false;
+			}
+		}
+		else {
+			throw new Exception("Database error validating user ticket.");
+		}
+		return true;
+	}
+	
+	/*
 	*	@param	$newPassword values of the new password
+	*	@param	$newPassword Mapbender user id
+	*	@param	$newPassword Mapbender user ticket
 	*/
-	public function setPassword($newPassword)
-	{
+	public function setPassword($newPassword,$userTicket) {
 		//set new password in db
-		$sql_update = "UPDATE mb_user SET mb_user_password = $1";
-		$sql_update .= " WHERE mb_user_id = $2";
-		#echo $sql_update;
-		$v = array(md5($sql_password),$this->id);
-		$t = array('s','i');		      
-		$update_result = db_prep_query($sql_update,$v,$t);
+		$sql = "UPDATE mb_user SET mb_user_password = $1, mb_user_password_ticket = '' WHERE mb_user_id = $2 AND mb_user_password_ticket = $3";
+		$v = array(md5($newPassword),$this->id,$userTicket);
+		$t = array('s','i','s');
+		$update_result = db_prep_query($sql,$v,$t);
 
 		if(!$update_result)
 		{
@@ -332,6 +353,23 @@
 		return true;
 	}
   
+	
+	public function setNewUserPasswordTicket () {
+		$sql = "UPDATE mb_user SET mb_user_password_ticket = $1";			
+		$sql.=" WHERE mb_user_id = $2";
+	
+		$passwordTicket = substr(md5(uniqid(rand())),0,30);
+		
+		$v = array($passwordTicket,$this->id);
+		$t = array('s','i');     
+		$res = db_prep_query($sql,$v,$t);	
+		if(!$res){
+			$e= new mb_exception(1);
+			throw new Exception("Error setting new user password ticket");
+		}
+		return true;
+	}
+  
     /*
     * @return Array of Users
     * @param $filter UNUSED! string that must be contained in the username

