[0002707] Added check for email uniqueness during password reset.

[fa-stable.git] / includes / current_user.inc
diff --git a/includes/current_user.inc b/includes/current_user.inc

index 3c5a92a82f9c4d0af0f17e2e758ac43b91ff4e37..515f6e4e0d57bcd8f04e3c62cd0ff7d3918e0586 100644 (file)
--- a/includes/current_user.inc
+++ b/includes/current_user.inc
@@ -22,6 +22,7 @@ class current_user
         var $loginname;
         var $username;
         var $name;
+       var $email;
         var $company; // user's company
         var $pos;
         var $access;
@@ -53,12 +54,12 @@ class current_user
  
         function set_company($company)
         {
-               $this->company = $company;
+               $this->company = (int)$company;
         }
  
         function login($company, $loginname, $password)
         {
-               global $security_areas, $security_groups, $security_headings, $path_to_root;
+               global $security_areas, $security_groups, $security_headings, $path_to_root, $login_delay;
  
                 $this->set_company($company);
             $this->logged = false;
@@ -73,7 +74,8 @@ class current_user
                 if (!isset($Auth_Result))       // if not used: standard method
                         $Auth_Result = get_user_auth($loginname, md5($password));
  
-               write_login_filelog($loginname, $Auth_Result);
+               if ($login_delay > 0)
+                       write_login_filelog($loginname, $Auth_Result);
  
                 if ($Auth_Result)
                 {
@@ -119,6 +121,7 @@ class current_user
                     $this->username = $this->loginname;
                     $this->prefs = new user_prefs($myrow);
                     $this->user = @$myrow["id"];
+                $this->email = @$myrow["email"];
                         update_user_visitdate($this->username);
                         $this->logged = true;
                                 $this->last_act = time();
@@ -128,6 +131,32 @@ class current_user
                 return $this->logged;
         }
  
+       function reset_password($company, $email) {
+               global $app_title;
+
+               $this->set_company($company);
+               $this->logged = false;
+
+               set_global_connection();
+
+               $user = get_user_by_email($email);
+
+               if ($user != false) {
+
+                       $bytes = openssl_random_pseudo_bytes(8, $cstrong);
+                       $password   = base64_encode($bytes);
+
+                       $hash = md5($password);
+
+                       update_user_password($user['id'], $user['user_id'], $hash);
+
+                       mail($user['email'], _("New password for")." ".$app_title, $password);
+
+                       return true;
+               }
+               return false;
+    }
+
         function check_user_access()
         {
                 global $security_groups;
@@ -609,6 +638,14 @@ function array_search_key($needle, $haystack, $valuekey=null)
         return @$keys[0];
  }
  
+// Recalculate report columns if orientation is landscape.
+function recalculate_cols(&$cols)
+{
+       $factor = (user_pagesize() == "A4" ? 1.4 : 1.3);
+       foreach($cols as $key => $col)
+               $cols[$key] = intval($col * $factor); 
+}
+
  function flush_dir($path, $wipe = false) 
  {
         $dir = opendir($path);