1: <?php
  2: 
  3: /*****************************************************************************************
  4:  * X2Engine Open Source Edition is a customer relationship management program developed by
  5:  * X2Engine, Inc. Copyright (C) 2011-2016 X2Engine Inc.
  6:  * 
  7:  * This program is free software; you can redistribute it and/or modify it under
  8:  * the terms of the GNU Affero General Public License version 3 as published by the
  9:  * Free Software Foundation with the addition of the following permission added
 10:  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
 11:  * IN WHICH THE COPYRIGHT IS OWNED BY X2ENGINE, X2ENGINE DISCLAIMS THE WARRANTY
 12:  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
 13:  * 
 14:  * This program is distributed in the hope that it will be useful, but WITHOUT
 15:  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 16:  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
 17:  * details.
 18:  * 
 19:  * You should have received a copy of the GNU Affero General Public License along with
 20:  * this program; if not, see http://www.gnu.org/licenses or write to the Free
 21:  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 22:  * 02110-1301 USA.
 23:  * 
 24:  * You can contact X2Engine, Inc. P.O. Box 66752, Scotts Valley,
 25:  * California 95067, USA. or at email address contact@x2engine.com.
 26:  * 
 27:  * The interactive user interfaces in modified source and object code versions
 28:  * of this program must display Appropriate Legal Notices, as required under
 29:  * Section 5 of the GNU Affero General Public License version 3.
 30:  * 
 31:  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
 32:  * these Appropriate Legal Notices must retain the display of the "Powered by
 33:  * X2Engine" logo. If the display of the logo is not reasonably feasible for
 34:  * technical reasons, the Appropriate Legal Notices must display the words
 35:  * "Powered by X2Engine".
 36:  *****************************************************************************************/
 37: 
 38: /**
 39:  * The "Enter a New Password" form model for password resetting.
 40:  *
 41:  * @package application.modules.users.models
 42:  * @author Demitri Morgan <demitri@x2engine.com>
 43:  */
 44: class PasswordResetForm extends CFormModel {
 45: 
 46:     const N_CHAR_CLASS_SECURE = 2;
 47:     const N_CHAR_TOTAL_SECURE = 5;
 48: 
 49:     public $password;
 50:     public $confirm;
 51: 
 52:     /**
 53:      * User active record to be updated
 54:      * 
 55:      * @var User
 56:      */
 57:     public $userModel;
 58: 
 59:     public function attributeLabels(){
 60:         return array(
 61:             'password' => Yii::t('users','Password'),
 62:             'confirm' => Yii::t('users','Confirm Password'),
 63:         );
 64:     }
 65: 
 66:     public function attributeNames(){
 67:         return array('password','confirm');
 68:     }
 69: 
 70:     public function rules() {
 71:         $passwordResetRules = array(
 72:             array('password,confirm','required'),
 73:             array('password','securePassword'),
 74:             array('confirm','compare','compareAttribute'=>'password','message'=>Yii::t('users','Passwords do not match.')),
 75:         );
 76:         
 77:         return $passwordResetRules;
 78:     }
 79: 
 80:     public function __construct(User $userModel,$scenario = ''){
 81:         $this->userModel = $userModel;
 82:         parent::__construct($scenario);
 83:     }
 84: 
 85:     /**
 86:      * Save the associated user model
 87:      *
 88:      * Also, this clears out all password resets associated with the given user,
 89:      * if successful.
 90:      * @return type
 91:      */
 92:     public function save() {
 93:         if($this->validate()) {
 94:             $this->userModel->password = PasswordUtil::createHash($this->password);
 95:             PasswordReset::model()->deleteAllByAttributes(array('userId'=>$this->userModel->id));
 96:             return $this->userModel->update(array('password'));
 97:         }
 98:         return false;
 99:     }
100: 
101:     /**
102:      * Validation rule that prompts user for a more secure password
103:      *
104:      * @param type $attribute
105:      * @param type $params
106:      */
107:     public function securePassword($attribute,$params=array()) {
108:         $nClass = 0;
109:         if(strlen($this->$attribute) < self::N_CHAR_TOTAL_SECURE) {
110:             $this->addError($attribute,Yii::t('users','{attribute} is not secure enough (minimum length: {l})', array(
111:                         '{attribute}' => $this->getAttributeLabel($attribute),
112:                         '{l}' => self::N_CHAR_TOTAL_SECURE
113:             )));
114:         }
115:         foreach(array('[0-9]','[a-z]','[A-Z]','\W','\s') as $characterClass) {
116:             if(preg_match('/'.$characterClass.'/',$this->$attribute)) {
117:                 $nClass++;
118:             }
119:         }
120:         if($nClass < self::N_CHAR_CLASS_SECURE){
121:             $this->addError($attribute, Yii::t('users', '{attribute} is not secure enough; it must contain at least {n} types of characters (upper case, lower case, number, etc)', array(
122:                         '{attribute}' => $this->getAttributeLabel($attribute),
123:                         '{n}' => self::N_CHAR_CLASS_SECURE
124:             )));
125:         }
126:     }
127: }
128: 
129: ?>
130: