Re: [psa-devel]Password Recover
Brought to you by:
koivi
Menu
▾
▴
Re: [psa-devel]Password Recover
|
From: Justin K. <ju...@ko...> - 2003-03-19 21:21:27
|
Albert Lash wrote:
> Hello PSA Developers,
>
> The password recovery schema has been put in the psa.schema.xml cvs file.
>
> In generating the code for making this happen, where should the code go? In
> the class.phpSecurityAdmin.php file?
Yes, that is where it would need to go. {Man, I like using e-mail so
much more than forums...}
> Here's what Justin came up with today (thanks dude):
>
> <?php
> /*
> * setUserChallenge()
> *
> * Edit or add a user's personal password question/answer challenge
> pair
> *
> * @param $uid The username of the user to set the challenge for.
> * @param $ar An associative array in the form of
> array('question'=>$USERS_QUESTION,'answer'=>$USERS_ANSWER)
> * @result Returns TRUE or FALSE and sets WARNING and ERROR strings.
> */
> function setUserChallenge($uid,$ar){
> $this->ERROR=array();
> $this->WARNING=array();
>
> if(!isset($ar['question']) || !isset($ar['answer'])){
> // either no question or no answer
> $this->ERROR[]=sprintf(_("You must provide a question and answer
> in order to set the password recovery challenge for user %s"),$uid);
> return FALSE;
> }
> // Make sure the user exists in qa table
> $q='SELECT pst_challenge.question, pst_users.hash FROM
> pst_challenge, pst_users WHERE pst_users.id='.
> $this->db->GetTextFieldValue($uid).' AND
> pst_challenge.id=pst_users.hash';
> $result=$this->db->Query($q);
> if(!$result){
> $this->WARNING[]=sprintf(_("Unable to set %s's password recovery
> challenge."),$uid);
> $this->ERROR[]=$this->db->Error();
> return FALSE;
> }else if($this->db->NumberOfRows($result)){
> $q='UPDATE pst_challenge SET question =
> '.$this->db->GetTextFieldValue($ar['question']).', answer = '.
> $this->db->GetTextFieldValue($ar['answer']).' WHERE id = '.
>
> $this->db->GetTextFieldValue($this->db->FetchResult($result,0,1));
> $result=$this->db->Query($q);
> if(!$result && !$this->db->NumberOfRows($result)){
> $this->WARNING[]=sprintf(_("Unable to set %s's password
> recovery challenge."),$uid);
> $this->ERROR[]=$this->db->Error();
> return FALSE;
> }
> return TRUE;
> }else{
> $q='INSERT INTO pst_challenge SET question =
> '.$this->db->GetTextFieldValue($ar['question']).', answer = '.
> $this->db->GetTextFieldValue($ar['answer']).', id = '.
>
> $this->db->GetTextFieldValue($this->db->FetchResult($result,0,1));
> $result=$this->db->Query($q);
> if(!$result && !$this->db->NumberOfRows($result)){
> $this->WARNING[]=sprintf(_("Unable to set %s's password
> recovery challenge."),$uid);
> $this->ERROR[]=$this->db->Error();
> return FALSE;
> }
> return TRUE;
> }
> } // setUserChallenge
>
> /*
> * getUserChallenge()
> *
> * Retreive a user's personal password question/answer challenge pair
> *
> * @param $uid The username of the user to set the challenge for.
> * @param $ar An associative array in the form of
> array('question'=>$USERS_QUESTION, 'answer'=>$USERS_ANSWER, 'hash'=>$QA_ID)
> * which is set by the function.
> * @result Returns TRUE or FALSE and sets WARNING and ERROR strings.
> */
> function getUserChallenge($uid, &$ar){
> $this->ERROR=array();
> $this->WARNING=array();
>
> $q='SELECT pst_challenge.question, pst_challenge.answer,
> pst_users.hash FROM pst_challenge, pst_users WHERE pst_users.id='.
> $this->db->GetTextFieldValue($uid).' AND
> pst_challenge.id=pst_users.hash';
> $result=$this->db->Query($q);
> if(!$result){
> $this->WARNING[]=sprintf(_("Unable to get %s's password recovery
> challenge."),$uid);
> $this->ERROR[]=$this->db->Error();
> return FALSE;
> }
> $ar['question']=$this->db->FetchResult($result,0,0);
> $ar['answer']=$this->db->FetchResult($result,0,1);
> $ar['hash']=$this->db->FetchResult($result,0,2);
> return TRUE;
> } // getUserChallenge
> ?>
Did you have a chance to test the code? As I said, I'm not sure the
queries are correct, but they should give you an idea.
NOTE:
---------------------
When replying to the list, you have to use "Reply-All", or your message
will only go to the sender (which in some cases you might want).
|
