[psa-devel]Password Recover
Brought to you by:
koivi
Menu
▾
▴
[psa-devel]Password Recover
|
From: Albert L. <al...@pl...> - 2003-03-19 21:13:07
|
Hello PSA Developers,
The password recovery schema has been put in the psa.schema.xml cvs file.
In generating the code for making this happen, where should the code go? In
the class.phpSecurityAdmin.php file?
Here's what Justin came up with today (thanks dude):
<?php
/*
* setUserChallenge()
*
* Edit or add a user's personal password question/answer challenge
pair
*
* @param $uid The username of the user to set the challenge for.
* @param $ar An associative array in the form of
array('question'=>$USERS_QUESTION,'answer'=>$USERS_ANSWER)
* @result Returns TRUE or FALSE and sets WARNING and ERROR strings.
*/
function setUserChallenge($uid,$ar){
$this->ERROR=array();
$this->WARNING=array();
if(!isset($ar['question']) || !isset($ar['answer'])){
// either no question or no answer
$this->ERROR[]=sprintf(_("You must provide a question and answer
in order to set the password recovery challenge for user %s"),$uid);
return FALSE;
}
// Make sure the user exists in qa table
$q='SELECT pst_challenge.question, pst_users.hash FROM
pst_challenge, pst_users WHERE pst_users.id='.
$this->db->GetTextFieldValue($uid).' AND
pst_challenge.id=pst_users.hash';
$result=$this->db->Query($q);
if(!$result){
$this->WARNING[]=sprintf(_("Unable to set %s's password recovery
challenge."),$uid);
$this->ERROR[]=$this->db->Error();
return FALSE;
}else if($this->db->NumberOfRows($result)){
$q='UPDATE pst_challenge SET question =
'.$this->db->GetTextFieldValue($ar['question']).', answer = '.
$this->db->GetTextFieldValue($ar['answer']).' WHERE id = '.
$this->db->GetTextFieldValue($this->db->FetchResult($result,0,1));
$result=$this->db->Query($q);
if(!$result && !$this->db->NumberOfRows($result)){
$this->WARNING[]=sprintf(_("Unable to set %s's password
recovery challenge."),$uid);
$this->ERROR[]=$this->db->Error();
return FALSE;
}
return TRUE;
}else{
$q='INSERT INTO pst_challenge SET question =
'.$this->db->GetTextFieldValue($ar['question']).', answer = '.
$this->db->GetTextFieldValue($ar['answer']).', id = '.
$this->db->GetTextFieldValue($this->db->FetchResult($result,0,1));
$result=$this->db->Query($q);
if(!$result && !$this->db->NumberOfRows($result)){
$this->WARNING[]=sprintf(_("Unable to set %s's password
recovery challenge."),$uid);
$this->ERROR[]=$this->db->Error();
return FALSE;
}
return TRUE;
}
} // setUserChallenge
/*
* getUserChallenge()
*
* Retreive a user's personal password question/answer challenge pair
*
* @param $uid The username of the user to set the challenge for.
* @param $ar An associative array in the form of
array('question'=>$USERS_QUESTION, 'answer'=>$USERS_ANSWER, 'hash'=>$QA_ID)
* which is set by the function.
* @result Returns TRUE or FALSE and sets WARNING and ERROR strings.
*/
function getUserChallenge($uid, &$ar){
$this->ERROR=array();
$this->WARNING=array();
$q='SELECT pst_challenge.question, pst_challenge.answer,
pst_users.hash FROM pst_challenge, pst_users WHERE pst_users.id='.
$this->db->GetTextFieldValue($uid).' AND
pst_challenge.id=pst_users.hash';
$result=$this->db->Query($q);
if(!$result){
$this->WARNING[]=sprintf(_("Unable to get %s's password recovery
challenge."),$uid);
$this->ERROR[]=$this->db->Error();
return FALSE;
}
$ar['question']=$this->db->FetchResult($result,0,0);
$ar['answer']=$this->db->FetchResult($result,0,1);
$ar['hash']=$this->db->FetchResult($result,0,2);
return TRUE;
} // getUserChallenge
?>
|
