RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1213 from TheSerapher/issue-670-unlocks

Browse Source 
[IMPROVED] Unlock notification mails on auto-locks
This commit is contained in:
Sebastian Grewe 2014-01-04 00:11:28 -08:00
commit 017a56549d
6 changed files with 51 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
public/include/classes/user.class.php
View File

@ -124,7 +124,7 @@ class User extends Base {
} }
} }
if ($this->isLocked($this->getUserId($username))) { if ($this->isLocked($this->getUserId($username))) {
$this->setErrorMessage("Account is locked. Please contact site support."); $this->setErrorMessage('Account locked.');
return false; return false;
} }
if ($this->checkUserPassword($username, $password)) { if ($this->checkUserPassword($username, $password)) {
@ -136,8 +136,16 @@ class User extends Base {
if ($id = $this->getUserId($username)) { if ($id = $this->getUserId($username)) {
$this->incUserFailed($id); $this->incUserFailed($id);
// Check if this account should be locked // Check if this account should be locked
if (isset($this->config['maxfailed']['login']) && $this->getUserFailed($id) >= $this->config['maxfailed']['login']) if (isset($this->config['maxfailed']['login']) && $this->getUserFailed($id) >= $this->config['maxfailed']['login']) {
$this->changeLocked($id); $this->changeLocked($id);
if ($token = $this->token->createToken('account_unlock', $id)) {
$aData['token'] = $token;
$aData['username'] = $username;
$aData['email'] = $this->getUserEmail($username);;
$aData['subject'] = 'Account auto-locked';
$this->mail->sendMail('notifications/locked', $aData);
}
}
} }
return false; return false;
@ -162,12 +170,20 @@ class User extends Base {
// Check if this account should be locked // Check if this account should be locked
if (isset($this->config['maxfailed']['pin']) && $this->getUserPinFailed($userId) >= $this->config['maxfailed']['pin']) { if (isset($this->config['maxfailed']['pin']) && $this->getUserPinFailed($userId) >= $this->config['maxfailed']['pin']) {
$this->changeLocked($userId); $this->changeLocked($userId);
if ($token = $this->token->createToken('account_unlock', $userId)) {
$username = $this->getUserName($userId);
$aData['token'] = $token;
$aData['username'] = $username;
$aData['email'] = $this->getUserEmail($username);;
$aData['subject'] = 'Account auto-locked';
$this->mail->sendMail('notifications/locked', $aData);
}
$this->logoutUser(); $this->logoutUser();
} }
return false; return false;
} }
public function generatePin($userID, $current) { public function generatePin($userID, $current) {
$this->debug->append("STA " . __METHOD__, 4); $this->debug->append("STA " . __METHOD__, 4);
$username = $this->getUserName($userID); $username = $this->getUserName($userID);
$email = $this->getUserEmail($username); $email = $this->getUserEmail($username);

20
public/include/pages/account/unlock.inc.php Normal file
View File

@ -0,0 +1,20 @@
<?php
// Make sure we are called from index.php
if (!defined('SECURITY')) die('Hacking attempt');
// Confirm an account by token
if (!isset($_GET['token']) || empty($_GET['token'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Missing token', 'TYPE' => 'errormsg');
} else if (!$aToken = $oToken->getToken($_GET['token'], 'account_unlock')) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Unable to re-activate your account. Invalid token.', 'TYPE' => 'errormsg');
} else {
if ($user->setUserFailed($aToken['account_id'], 0) && $user->setUserPinFailed($aToken['account_id'], 0) && $user->changeLocked($aToken['account_id'])) {
$oToken->deleteToken($aToken['token']);
$_SESSION['POPUP'][] = array('CONTENT' => 'Account re-activated. Please login.');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Failed to re-activate account. Contact site support.', 'TYPE' => 'errormsg');
}
}
$smarty->assign('CONTENT', 'default.tpl');
?>

8
public/templates/mail/notifications/locked.tpl Normal file
View File

@ -0,0 +1,8 @@
<html>
<body>
<p>You account has been locked due to too many failed password or PIN attempts. Please follow the URL below to unlock your account.</p>
<p>http://{$smarty.server.SERVER_NAME}{$smarty.server.PHP_SELF}?page=account&action=unlock&token={nocache}{$DATA.token}{/nocache}</p>
<br/>
<br/>
</body>
</html>

1
public/templates/mpos/account/unlock/default.tpl Normal file
View File

@ -0,0 +1 @@

3
sql/000_base_structure.sql
View File

@ -197,7 +197,8 @@ CREATE TABLE IF NOT EXISTS `token_types` (
INSERT INTO `token_types` (`id`, `name`, `expiration`) VALUES INSERT INTO `token_types` (`id`, `name`, `expiration`) VALUES
(1, 'password_reset', 3600), (1, 'password_reset', 3600),
(2, 'confirm_email', 0), (2, 'confirm_email', 0),
(3, 'invitation', 0); (3, 'invitation', 0),
(4, 'account_unlock', 0);
CREATE TABLE IF NOT EXISTS `transactions` ( CREATE TABLE IF NOT EXISTS `transactions` (
`id` int(255) NOT NULL AUTO_INCREMENT, `id` int(255) NOT NULL AUTO_INCREMENT,

1
sql/010_tokentype_update.sql Normal file
View File

@ -0,0 +1 @@
INSERT INTO `token_types` (`name`, `expiration`) VALUES ('account_unlock', 0);