HaaseIT/HCSF

View on GitHub
src/Controller/Customer/Resetpassword.php

Summary

Maintainability
C
7 hrs
Test Coverage
<?php

/*
    HCSF - A multilingual CMS and Shopsystem
    Copyright (C) 2014  Marcus Haase - mail@marcus.haase.name

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

namespace HaaseIT\HCSF\Controller\Customer;

use Zend\ServiceManager\ServiceManager;

/**
 * Class Resetpassword
 * @package HaaseIT\HCSF\Controller\Customer
 */
class Resetpassword extends Base
{
    /**
     * @var \HaaseIT\Toolbox\Textcat
     */
    private $textcats;

    /**
     * @var \PDO
     */
    private $db;

    /**
     * Resetpassword constructor.
     * @param ServiceManager $serviceManager
     */
    public function __construct(ServiceManager $serviceManager)
    {
        parent::__construct($serviceManager);
        $this->textcats = $serviceManager->get('textcats');
        $this->db = $serviceManager->get('db');
    }

    /**
     *
     */
    public function preparePage()
    {
        $this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
        $this->P->cb_pagetype = 'content';

        if ($this->helperCustomer->getUserData()) {
            $this->P->oPayload->cl_html = $this->textcats->T('denied_default');
        } else {
            $getemail = filter_input(INPUT_GET, 'email', FILTER_SANITIZE_EMAIL);
            $getkey = filter_input(INPUT_GET, 'key', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
            if (empty($getkey) || empty($getemail) || !filter_input(INPUT_GET, 'email', FILTER_VALIDATE_EMAIL)) {
                $this->P->oPayload->cl_html = $this->textcats->T('denied_default');
            } else {
                $sql = 'SELECT * FROM customer WHERE cust_email = :email AND cust_pwresetcode = :pwresetcode AND cust_pwresetcode != \'\'';

                $hResult = $this->db->prepare($sql);
                $hResult->bindValue(':email', $getemail, \PDO::PARAM_STR);
                $hResult->bindValue(':pwresetcode', $getkey, \PDO::PARAM_STR);
                $hResult->execute();
                if ($hResult->rowCount() !== 1) {
                    $this->P->oPayload->cl_html = $this->textcats->T('denied_default');
                } else {
                    $aErr = [];
                    $aResult = $hResult->fetch();
                    $iTimestamp = time();
                    if ($aResult['cust_pwresettimestamp'] < $iTimestamp - strtotime('1 Day', 0)) {
                        $this->P->oPayload->cl_html = $this->textcats->T('pwreset_error_expired');
                    } else {
                        $this->P->cb_customcontenttemplate = 'customer/resetpassword';
                        $this->P->cb_customdata['pwreset']['minpwlength'] = $this->config->getCustomer('minimum_length_password');
                        if (filter_input(INPUT_POST, 'doSend') === 'yes') {
                            $aErr = $this->handlePasswordReset($aErr, $aResult['cust_id']);
                            if (count($aErr) === 0) {
                                $this->P->cb_customdata['pwreset']['showsuccessmessage'] = true;
                            } else {
                                $this->P->cb_customdata['pwreset']['errors'] = $aErr;
                            }
                        }
                    }
                }
            }
        }
    }

    /**
     * @param $aErr
     * @param $iID
     * @return array
     */
    private function handlePasswordReset($aErr, $iID) {
        $postpwd = filter_input(INPUT_POST, 'pwd');
        if (!empty($postpwd)) {
            if (strlen($postpwd) < $this->config->getCustomer('minimum_length_password')) {
                $aErr[] = 'pwlength';
            }
            if ($postpwd !== filter_input(INPUT_POST, 'pwdc')) {
                $aErr[] = 'pwmatch';
            }
            if (count($aErr) == 0) {
                $sEnc = password_hash($postpwd, PASSWORD_DEFAULT);
                $aData = [
                    'cust_password' => $sEnc,
                    'cust_pwresetcode' => '',
                    'cust_id' => $iID,
                ];
                $sql = \HaaseIT\Toolbox\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
                $hResult = $this->db->prepare($sql);
                foreach ($aData as $sKey => $sValue) {
                    $hResult->bindValue(':'.$sKey, $sValue);
                }
                $hResult->execute();
            }
        } else {
            $aErr[] = 'nopw';
        }

        return $aErr;
    }
}