Merge pull request #1165 from Neozonz/issue-1164

Initial commit for pin reset functionality
2014-01-02 02:02:37 -08:00 · 2014-01-02 02:02:37 -08:00 · 4c3421cc8a
commit 4c3421cc8a
parent b9877d7757 33b06946f4
4 changed files with 70 additions and 1 deletions
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@ -167,6 +167,35 @@ class User extends Base {
    return false;
  }

+public function generatePin($userID, $current) {
+    $this->debug->append("STA " . __METHOD__, 4);
+    $username = $this->getUserName($userID);
+    $email = $this->getUserEmail($username);
+    $current = $this->getHash($current);
+    $newpin = intval( "0" . rand(1,9) . rand(0,9) . rand(0,9) . rand(0,9) );
+    $aData['username'] = $username;
+    $aData['email'] = $email;
+    $aData['pin'] = $newpin;
+    $newpin = $this->getHash($newpin);
+    $aData['subject'] = 'PIN Reset Request';
+    $stmt = $this->mysqli->prepare("UPDATE $this->table SET pin = ? WHERE ( id = ? AND pass = ? )");
+
+    if ($this->checkStmt($stmt) && $stmt->bind_param('sis', $newpin, $userID, $current) && $stmt->execute())
+    {
+        if ($stmt->errno == 0 && $stmt->affected_rows === 1) {
+            if ($this->mail->sendMail('pin/reset', $aData)) {
+            return true;
+            } else {
+            $this->setErrorMessage('Unable to send mail to your address');
+            return false;
+            }
+        }
+        $stmt->close();
+    }
+    $this->setErrorMessage( 'Unable to generate PIN, current password incorrect?' );
+    return false;
+}
+
  /**
   * Get all users that have auto payout setup
   * @param none
--- a/public/include/pages/account/edit.inc.php
+++ b/public/include/pages/account/edit.inc.php
@ -5,6 +5,14 @@ if (!defined('SECURITY'))
  die('Hacking attempt');

 if ($user->isAuthenticated()) {
+if (isset($_POST['do']) && $_POST['do'] == 'genPin') {
+      if ($user->generatePin($_SESSION['USERDATA']['id'], $_POST['currentPassword'])) {
+        $_SESSION['POPUP'][] = array('CONTENT' => 'Your PIN # has been sent to your email.', 'TYPE' => 'success');
+      } else {
+        $_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg');
+      }
+}
+else {
  if ( @$_POST['do'] && (! $user->checkPin($_SESSION['USERDATA']['id'], @$_POST['authPin']))) {
    $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid PIN. ' . ($config['maxfailed']['pin'] - $user->getUserPinFailed($_SESSION['USERDATA']['id'])) . ' attempts remaining.', 'TYPE' => 'errormsg');
  } else {
@ -49,7 +57,7 @@ if ($user->isAuthenticated()) {
    }
  }
 }
-
+}
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
 ?>
--- a/public/templates/mail/pin/reset.tpl
+++ b/public/templates/mail/pin/reset.tpl
@ -0,0 +1,9 @@
+<html>
+<body>
+<p>Hello {$DATA.username},</p><br />
+<p>You have requested a PIN reset through our online form.</p>
+<p>Randomly Generated PIN: {$DATA.pin}</p>
+<p>Cheers,</p>
+<p>Website Administration</p>
+</body>
+</html>
--- a/public/templates/mpos/account/edit/default.tpl
+++ b/public/templates/mpos/account/edit/default.tpl
@ -131,3 +131,26 @@
    </footer>
  </article>
 </form>
+
+
+	<form action="{$smarty.server.PHP_SELF}" method="post">
+            <input type="hidden" name="page" value="{$smarty.request.page|escape}">
+            <input type="hidden" name="action" value="{$smarty.request.action|escape}">
+            <input type="hidden" name="do" value="genPin">
+			<article class="module width_half">
+			 <header>
+				<h3>Reset PIN</h3>
+			</header>
+			<div class="module_content">
+         <fieldset>
+			<label>Current Password</label>
+			<input type="password" name="currentPassword" />
+		</fieldset>
+		</div>
+		    <footer>
+            <div class="submit_link">
+                        <button type="submit" class="alt_btn" value="Reset PIN">
+            </div>
+			</footer>
+  </article>
+        </form>