Peter M. Groen / knowledgetree

Commit 7c6ba914b5059d6ee2c346b92b3b3eb1df8eba93

Authored by Megan Watson
1 parent 56f76a74

KTS-3693 

"Password reset"
Fixed. Migrated the plugin from KTLive.

Committed by: Megan Watson
Reviewed by: Conrad Vermeulen



git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@9304 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 6 changed files with 976 additions and 0 deletions
plugins/passwordResetPlugin/loginResetDispatcher.php 0 → 100644
  View file @7c6ba91
  1 +<?php
  2 +/**
  3 + * $Id: $
  4 + *
  5 + * This page handles logging a user into the dms.
  6 + * This page displays the login form, and performs the business logic login processing.
  7 + *
  8 + * KnowledgeTree Community Edition
  9 + * Document Management Made Simple
  10 + * Copyright (C) 2008 KnowledgeTree Inc.
  11 + * Portions copyright The Jam Warehouse Software (Pty) Limited
  12 + *
  13 + * This program is free software; you can redistribute it and/or modify it under
  14 + * the terms of the GNU General Public License version 3 as published by the
  15 + * Free Software Foundation.
  16 + *
  17 + * This program is distributed in the hope that it will be useful, but WITHOUT
  18 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  19 + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  20 + * details.
  21 + *
  22 + * You should have received a copy of the GNU General Public License
  23 + * along with this program. If not, see <http://www.gnu.org/licenses/>.
  24 + *
  25 + * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
  26 + * California 94120-7775, or email info@knowledgetree.com.
  27 + *
  28 + * The interactive user interfaces in modified source and object code versions
  29 + * of this program must display Appropriate Legal Notices, as required under
  30 + * Section 5 of the GNU General Public License version 3.
  31 + *
  32 + * In accordance with Section 7(b) of the GNU General Public License version 3,
  33 + * these Appropriate Legal Notices must retain the display of the "Powered by
  34 + * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  35 + * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
  36 + * must display the words "Powered by KnowledgeTree" and retain the original
  37 + * copyright notice.
  38 + * Contributor( s): ______________________________________
  39 + */
  40 +
  41 +// main library routines and defaults
  42 +require_once('../../config/dmsDefaults.php');
  43 +require_once(KT_LIB_DIR . '/templating/templating.inc.php');
  44 +require_once(KT_LIB_DIR . '/session/control.inc');
  45 +require_once(KT_LIB_DIR . '/session/Session.inc');
  46 +require_once(KT_LIB_DIR . '/users/User.inc');
  47 +require_once(KT_LIB_DIR . '/authentication/authenticationutil.inc.php');
  48 +require_once(KT_LIB_DIR . '/help/help.inc.php');
  49 +require_once(KT_LIB_DIR . '/help/helpreplacement.inc.php');
  50 +require_once(KT_LIB_DIR . '/widgets/fieldWidgets.php');
  51 +
  52 +require_once('loginUtil.inc.php');
  53 +
  54 +class loginResetDispatcher extends KTDispatcher {
  55 +
  56 + function do_main() {
  57 + global $default;
  58 + $oPage = $GLOBALS['main'];
  59 +
  60 + // Check if the user is trying to reset their password.
  61 + $reset_password = $this->checkReset();
  62 +
  63 + KTUtil::save_base_kt_url();
  64 +
  65 + if (is_a($oUser, 'User')) {
  66 + $res = $this->performLogin($oUser);
  67 + if ($res) {
  68 + $oUser = array($res);
  69 + }
  70 + }
  71 + if (is_array($oUser) && count($oUser)) {
  72 + if (empty($_REQUEST['errorMessage'])) {
  73 + $_REQUEST['errorMessage'] = array();
  74 + } else {
  75 + $_REQUEST['errorMessage'] = array($_REQUEST['errorMessage']);
  76 + }
  77 + foreach ($oUser as $oError) {
  78 + $_REQUEST['errorMessage'][] = $oError->getMessage();
  79 + }
  80 + $_REQUEST['errorMessage'] = join('. <br /> ', $_REQUEST['errorMessage']);
  81 + }
  82 +
  83 + if(!loginUtil::check()) { // bounce here, potentially.
  84 + // User is already logged in - get the redirect
  85 + $redirect = KTUtil::arrayGet($_REQUEST, 'redirect');
  86 +
  87 + $cookietest = KTUtil::randomString();
  88 + setcookie("CookieTestCookie", $cookietest, 0);
  89 +
  90 + $this->redirectTo('checkCookie', array(
  91 + 'cookieVerify' => $cookietest,
  92 + 'redirect' => $redirect,
  93 + ));
  94 + exit(0);
  95 + }
  96 +
  97 + header('Content-type: text/html; charset=UTF-8');
  98 +
  99 + $errorMessage = KTUtil::arrayGet($_REQUEST, 'errorMessage');
  100 + session_start();
  101 +
  102 + $errorMessageConfirm = $_SESSION['errormessage']['login'];
  103 +
  104 + $redirect = KTUtil::arrayGet($_REQUEST, 'redirect');
  105 +
  106 + // Get the list of languages
  107 + $oReg =& KTi18nregistry::getSingleton();
  108 + $aRegisteredLangs = $oReg->geti18nLanguages('knowledgeTree');
  109 + $aLanguageNames = $oReg->getLanguages('knowledgeTree');
  110 + $aRegisteredLanguageNames = array();
  111 +
  112 + if(!empty($aRegisteredLangs))
  113 + {
  114 + foreach (array_keys($aRegisteredLangs) as $sLang) {
  115 + $aRegisteredLanguageNames[$sLang] = $aLanguageNames[$sLang];
  116 + }
  117 +
  118 + asort($aRegisteredLanguageNames);
  119 + }
  120 + $sLanguageSelect = $default->defaultLanguage;
  121 +
  122 + // extra disclaimer, if plugin is enabled
  123 + $oRegistry =& KTPluginRegistry::getSingleton();
  124 + $oPlugin =& $oRegistry->getPlugin('ktstandard.disclaimers.plugin');
  125 + if (!PEAR::isError($oPlugin) && !is_null($oPlugin)) {
  126 + $sDisclaimer = $oPlugin->getLoginDisclaimer();
  127 + }
  128 +
  129 + $js = array();
  130 + $css = array();
  131 + $js[] = '/thirdpartyjs/extjs/adapter/ext/ext-base.js';
  132 + $js[] = '/thirdpartyjs/extjs/ext-all.js';
  133 + $css[] = '/thirdpartyjs/extjs/resources/css/ext-all.css';
  134 +
  135 + // Include additional js and css files
  136 + $oPlugin =& $oRegistry->getPlugin('password.reset.plugin');
  137 + $js[] = $oPlugin->getURLPath('resources/passwordReset.js');
  138 + $css[] = $oPlugin->getURLPath('resources/passwordReset.css');
  139 +
  140 + $sUrl = KTUtil::addQueryStringSelf('action=');
  141 +
  142 + $oTemplating =& KTTemplating::getSingleton();
  143 + $oTemplate = $oTemplating->loadTemplate('login_reset');
  144 + $aTemplateData = array(
  145 + 'errorMessage' => $errorMessage,
  146 + 'errorMessageConfirm' => $errorMessageConfirm,
  147 + 'redirect' => $redirect,
  148 + 'systemVersion' => $default->systemVersion,
  149 + 'versionName' => $default->versionName,
  150 + 'languages' => $aRegisteredLanguageNames,
  151 + 'selected_language' => $sLanguageSelect,
  152 + 'disclaimer' => $sDisclaimer,
  153 + 'js' => $js,
  154 + 'css' => $css,
  155 + 'sUrl' => $sUrl,
  156 + 'smallVersion' => substr($default->versionName,-17),
  157 + 'reset_password' => $reset_password
  158 + );
  159 + return $oTemplate->render($aTemplateData);
  160 + }
  161 +
  162 + function simpleRedirectToMain($errorMessage, $url, $params) {
  163 + $params[] = 'errorMessage='. urlencode($errorMessage);
  164 + $url .= '?' . join('&', $params);
  165 + redirect($url);
  166 + exit(0);
  167 + }
  168 +
  169 + function do_login() {
  170 + $aExtra = array();
  171 +
  172 + if(!loginUtil::check()) { // bounce here, potentially.
  173 + // User is already logged in - get the redirect
  174 + $redirect = KTUtil::arrayGet($_REQUEST, 'redirect');
  175 +
  176 + $cookietest = KTUtil::randomString();
  177 + setcookie("CookieTestCookie", $cookietest, 0);
  178 +
  179 + $this->redirectTo('checkCookie', array(
  180 + 'cookieVerify' => $cookietest,
  181 + 'redirect' => $redirect,
  182 + ));
  183 + exit(0);
  184 + }
  185 +
  186 + global $default;
  187 +
  188 + $language = KTUtil::arrayGet($_REQUEST, 'language');
  189 + if (empty($language)) {
  190 + $language = $default->defaultLanguage;
  191 + }
  192 + setcookie("kt_language", $language, 2147483647, '/');
  193 +
  194 + $redirect = KTUtil::arrayGet($_REQUEST, 'redirect');
  195 +
  196 + $url = $_SERVER["PHP_SELF"];
  197 + $queryParams = array();
  198 +
  199 + if ($redirect !== null) {
  200 + $queryParams[] = 'redirect=' . urlencode($redirect);
  201 + }
  202 +
  203 + $username = KTUtil::arrayGet($_REQUEST,'username');
  204 + $password = KTUtil::arrayGet($_REQUEST,'password');
  205 +
  206 + if (empty($username)) {
  207 + $this->simpleRedirectToMain(_kt('Please enter your username.'), $url, $queryParams);
  208 + }
  209 +
  210 + $oUser =& User::getByUsername($username);
  211 + if (PEAR::isError($oUser) || ($oUser === false)) {
  212 + if (is_a($oUser, 'ktentitynoobjects')) {
  213 + loginUtil::handleUserDoesNotExist($username, $password, $aExtra);
  214 + }
  215 + $this->simpleRedirectToMain(_kt('Login failed. Please check your username and password, and try again.'), $url, $queryParams);
  216 + exit(0);
  217 + }
  218 +
  219 + if (empty($password)) {
  220 + $this->simpleRedirectToMain(_kt('Please enter your password.'), $url, $queryParams);
  221 + }
  222 +
  223 + $authenticated = KTAuthenticationUtil::checkPassword($oUser, $password);
  224 +
  225 + if (PEAR::isError($authenticated)) {
  226 + $this->simpleRedirectToMain(_kt('Authentication failure. Please try again.'), $url, $queryParams);
  227 + exit(0);
  228 + }
  229 +
  230 + if ($authenticated !== true) {
  231 + $this->simpleRedirectToMain(_kt('Login failed. Please check your username and password, and try again.'), $url, $queryParams);
  232 + exit(0);
  233 + }
  234 +
  235 + $res = loginUtil::performLogin($oUser);
  236 +
  237 + if ($res) {
  238 + $this->simpleRedirectToMain($res->getMessage(), $url, $queryParams);
  239 + exit(0);
  240 + }
  241 + }
  242 +
  243 + function do_autoSignup() {
  244 + $oSource =& $this->oValidator->validateAuthenticationSource($_REQUEST['source_id']);
  245 + $oProvider =& KTAuthenticationUtil::getAuthenticationProviderForSource($oSource);
  246 + $oDispatcher = $oProvider->getSignupDispatcher($oSource);
  247 + $oDispatcher->subDispatch($this);
  248 + exit(0);
  249 + }
  250 +
  251 + function do_checkCookie() {
  252 + $cookieTest = KTUtil::arrayGet($_COOKIE, "CookieTestCookie", null);
  253 + $cookieVerify = KTUtil::arrayGet($_REQUEST, 'cookieVerify', null);
  254 +
  255 + $url = $_SERVER["PHP_SELF"];
  256 + $queryParams = array();
  257 + $redirect = KTUtil::arrayGet($_REQUEST, 'redirect');
  258 +
  259 + if ($redirect !== null) {
  260 + $queryParams[] = 'redirect='. urlencode($redirect);
  261 + }
  262 +
  263 + if ($cookieTest !== $cookieVerify) {
  264 + Session::destroy();
  265 + $this->simpleRedirectToMain(_kt('You must have cookies enabled to use the document management system.'), $url, $queryParams);
  266 + exit(0);
  267 + }
  268 +
  269 + // check for a location to forward to
  270 + if ($redirect !== null) {
  271 + $url = $redirect;
  272 + // else redirect to the dashboard if there is none
  273 + } else {
  274 + $url = KTUtil::kt_url();
  275 +
  276 + $config = KTConfig::getSingleton();
  277 + $redirectToBrowse = $config->get('KnowledgeTree/redirectToBrowse', false);
  278 + $redirectToDashboardList = $config->get('KnowledgeTree/redirectToBrowseExceptions', '');
  279 +
  280 + if ($redirectToBrowse)
  281 + {
  282 + $exceptionsList = explode(',', str_replace(' ','',$redirectToDashboardList));
  283 + $user = User::get($_SESSION['userID']);
  284 + $username = $user->getUserName();
  285 + $url .= (in_array($username, $exceptionsList))?'/dashboard.php':'/browse.php';
  286 + }
  287 + else
  288 + {
  289 + $url .= '/dashboard.php';
  290 + }
  291 + }
  292 + exit(redirect($url));
  293 + }
  294 +
  295 + function checkReset() {
  296 + $resetKey = (isset($_REQUEST['pword_reset'])) ? $_REQUEST['pword_reset'] : '';
  297 + if(!empty($resetKey)){
  298 + // Get the user id from the key
  299 + $aKey = explode('_', $resetKey);
  300 + $id = isset($aKey[1]) ? $aKey[1] : '';
  301 +
  302 + // Match the key to the one stored in the database and check the expiry date
  303 + $storedKey = KTUtil::getSystemSetting('password_reset_key-'.$id);
  304 + $expiry = KTUtil::getSystemSetting('password_reset_expire-'.$id);
  305 +
  306 + if($expiry < time()){
  307 + $_REQUEST['errorMessage'] = _kt('The password reset key has expired, please send a new request.');
  308 + }else if($storedKey != $resetKey){
  309 + $_REQUEST['errorMessage'] = _kt('Unauthorised access denied.');
  310 + }else{
  311 + return true;
  312 + }
  313 + }
  314 + return false;
  315 + }
  316 +
  317 + function do_sendResetRequest(){
  318 + $email = $_REQUEST['email'];
  319 + $user = $_REQUEST['username'];
  320 +
  321 + // Check that the user and email match up in the database
  322 + $sQuery = 'SELECT id FROM users WHERE username = ? AND email = ?';
  323 + $aParams = array($user, $email);
  324 + $id = DBUtil::getOneResultKey(array($sQuery, $aParams), 'id');
  325 +
  326 + if(!is_numeric($id) || $id < 1) {
  327 + return _kt('Please check that you have entered a valid username and email address.');
  328 + }
  329 +
  330 + // Generate a random key that expires after 24 hours
  331 + $expiryDate = time()+86400;
  332 + $randomKey = rand(20000, 100000)."_{$id}_".KTUtil::getSystemIdentifier();
  333 + KTUtil::setSystemSetting('password_reset_expire-'.$id, $expiryDate);
  334 + KTUtil::setSystemSetting('password_reset_key-'.$id, $randomKey);
  335 +
  336 + // Create the link to reset the password
  337 + $query = 'pword_reset='.$randomKey;
  338 + $url = KTUtil::addQueryStringSelf($query);
  339 +// $url = KTUtil::kt_url() . '/login.php?' . $query;
  340 +
  341 + $subject = APP_NAME . ': ' . _kt('password reset request');
  342 +
  343 + $body = '<dd><p>';
  344 + $body .= _kt('You have requested to reset the password for your account. To confirm that the request was submitted by you
  345 + click on the link below, you will then be able to reset your password.');
  346 + $body .= "</p><p><a href = '$url'>". _kt('Confirm password reset').'</a></p></dd>';
  347 +
  348 + $oEmail = new Email();
  349 + $res = $oEmail->send($email, $subject, $body);
  350 +
  351 + if($res === true){
  352 + return _kt('A verification email has been sent to your email address.');
  353 + }
  354 +
  355 + return _kt('An error occurred while sending the email, please try again or contact the System Administrator.');
  356 + }
  357 +
  358 + function do_resetPassword(){
  359 + $email = $_REQUEST['email'];
  360 + $user = $_REQUEST['username'];
  361 + $password = $_REQUEST['password'];
  362 + $confirm = $_REQUEST['confirm'];
  363 +
  364 + if(!($password == $confirm)){
  365 + return _kt('The passwords do not match, please re-enter them.');
  366 + }
  367 + $password = md5($password);
  368 +
  369 + // Get user from db
  370 + $sQuery = 'SELECT id FROM users WHERE username = ? AND email = ?';
  371 + $aParams = array($user, $email);
  372 + $id = DBUtil::getOneResultKey(array($sQuery, $aParams), 'id');
  373 +
  374 + if(!is_numeric($id) || $id < 1) { //PEAR::isError($res) || is_null($res)){
  375 + return _kt('Please check that you have entered a valid username and email address.');
  376 + }
  377 +
  378 + // Check expiry
  379 + $expiry = KTUtil::getSystemSetting('password_reset_expire-'.$id);
  380 + if($expiry < time()){
  381 + return _kt('The password reset key has expired, please send a new request.');
  382 + }
  383 +
  384 + // Update password
  385 + $res = DBUtil::autoUpdate('users', array('password' => $password), $id);
  386 +
  387 + if(PEAR::isError($res) || is_null($res)){
  388 + return _kt('Your password could not be reset, please try again.');
  389 + }
  390 +
  391 + // Unset expiry date and key
  392 + KTUtil::setSystemSetting('password_reset_expire-'.$id, '');
  393 + KTUtil::setSystemSetting('password_reset_key-'.$id, '');
  394 +
  395 + // Email confirmation
  396 + $url = KTUtil::addQueryStringSelf('');
  397 +
  398 + $subject = APP_NAME . ': ' . _kt('password successfully reset');
  399 +
  400 + $body = '<dd><p>';
  401 + $body .= _kt('Your password has been successfully reset, click the link below to login.');
  402 + $body .= "</p><p><a href = '$url'>". _kt('Login').'</a></p></dd>';
  403 +
  404 + $oEmail = new Email();
  405 + $res = $oEmail->send($email, $subject, $body);
  406 +
  407 + if($res === true){
  408 + return _kt('Your password has been successfully reset.');
  409 + }
  410 +
  411 + return _kt('An error occurred while sending the email, please try again or contact the System Administrator.');
  412 + }
  413 +}
  414 +
  415 +$dispatcher = new loginResetDispatcher();
  416 +$dispatcher->dispatch();
  417 +
  418 +?>
... ...
plugins/passwordResetPlugin/loginUtil.inc.php 0 → 100644
  View file @7c6ba91
  1 +<?php
  2 +/**
  3 + * $Id: $
  4 + *
  5 + * This page handles logging a user into the dms.
  6 + * This page displays the login form, and performs the business logic login processing.
  7 + *
  8 + * KnowledgeTree Community Edition
  9 + * Document Management Made Simple
  10 + * Copyright (C) 2008 KnowledgeTree Inc.
  11 + * Portions copyright The Jam Warehouse Software (Pty) Limited
  12 + *
  13 + * This program is free software; you can redistribute it and/or modify it under
  14 + * the terms of the GNU General Public License version 3 as published by the
  15 + * Free Software Foundation.
  16 + *
  17 + * This program is distributed in the hope that it will be useful, but WITHOUT
  18 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  19 + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  20 + * details.
  21 + *
  22 + * You should have received a copy of the GNU General Public License
  23 + * along with this program. If not, see <http://www.gnu.org/licenses/>.
  24 + *
  25 + * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
  26 + * California 94120-7775, or email info@knowledgetree.com.
  27 + *
  28 + * The interactive user interfaces in modified source and object code versions
  29 + * of this program must display Appropriate Legal Notices, as required under
  30 + * Section 5 of the GNU General Public License version 3.
  31 + *
  32 + * In accordance with Section 7(b) of the GNU General Public License version 3,
  33 + * these Appropriate Legal Notices must retain the display of the "Powered by
  34 + * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  35 + * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
  36 + * must display the words "Powered by KnowledgeTree" and retain the original
  37 + * copyright notice.
  38 + * Contributor( s): ______________________________________
  39 + */
  40 +
  41 +require_once(KT_LIB_DIR . '/session/Session.inc');
  42 +
  43 +class loginUtil
  44 +{
  45 + /**
  46 + * Check if the user is already logged in or if anonymous login is enabled
  47 + *
  48 + * @return boolean false if the user is logged in
  49 + */
  50 + function check() {
  51 + $session = new Session();
  52 + $sessionStatus = $session->verify();
  53 +
  54 + if ($sessionStatus === true) { // the session is valid
  55 + if ($_SESSION['userID'] == -2 && $default->allowAnonymousLogin) {
  56 + // Anonymous user - we want to login
  57 + return true;
  58 + } else {
  59 + return false;
  60 + }
  61 + }
  62 + return true;
  63 + }
  64 +
  65 + /**
  66 + * Verify the user session
  67 + *
  68 + */
  69 + function do_providerVerify() {
  70 + $this->session = new Session();
  71 + $sessionStatus = $this->session->verify();
  72 + if ($sessionStatus !== true) { // the session is not valid
  73 + $this->redirectToMain();
  74 + }
  75 + $this->oUser =& User::get($_SESSION['userID']);
  76 + $oProvider =& KTAuthenticationUtil::getAuthenticationProviderForUser($this->oUser);
  77 + $oProvider->subDispatch($this);
  78 + exit(0);
  79 + }
  80 +
  81 + /**
  82 + * Log the user into the system
  83 + *
  84 + * @param unknown_type $oUser
  85 + * @return unknown
  86 + */
  87 + function performLogin(&$oUser) {
  88 + if (!is_a($oUser, 'User')) {
  89 + }
  90 +
  91 + $session = new Session();
  92 + $sessionID = $session->create($oUser);
  93 + if (PEAR::isError($sessionID)) {
  94 + return $sessionID;
  95 + }
  96 +
  97 + $redirect = KTUtil::arrayGet($_REQUEST, 'redirect');
  98 +
  99 + // DEPRECATED initialise page-level authorisation array
  100 + $_SESSION["pageAccess"] = NULL;
  101 +
  102 + $cookietest = KTUtil::randomString();
  103 + setcookie("CookieTestCookie", $cookietest, 0);
  104 +
  105 + $this->redirectTo('checkCookie', array(
  106 + 'cookieVerify' => $cookietest,
  107 + 'redirect' => $redirect,
  108 + ));
  109 + exit(0);
  110 + }
  111 +
  112 + function handleUserDoesNotExist($username, $password, $aExtra = null) {
  113 + if (empty($aExtra)) {
  114 + $aExtra = array();
  115 + }
  116 +
  117 + // Check if the user has been deleted before allowing auto-signup
  118 + $delUser = User::checkDeletedUser($username);
  119 +
  120 + if($delUser){
  121 + return ;
  122 + }
  123 +
  124 + $oKTConfig = KTConfig::getSingleton();
  125 + $allow = $oKTConfig->get('session/allowAutoSignup', true);
  126 +
  127 + if($allow){
  128 + $res = KTAuthenticationUtil::autoSignup($username, $password, $aExtra);
  129 + if (empty($res)) {
  130 + return $res;
  131 + }
  132 + if (is_a($res, 'User')) {
  133 + $this->performLogin($res);
  134 + }
  135 + if (is_a($res, 'KTAuthenticationSource')) {
  136 + $_SESSION['autosignup'] = $aExtra;
  137 + $this->redirectTo('autoSignup', array(
  138 + 'source_id' => $res->getId(),
  139 + 'username' => $username,
  140 + ));
  141 + exit(0);
  142 + }
  143 + }
  144 + }
  145 +}
  146 +?>
0 147 \ No newline at end of file
... ...
plugins/passwordResetPlugin/passwordResetPlugin.php 0 → 100644
  View file @7c6ba91
  1 +<?php
  2 +/**
  3 + * $Id: $
  4 + *
  5 + * This page handles logging a user into the dms.
  6 + * This page displays the login form, and performs the business logic login processing.
  7 + *
  8 + * KnowledgeTree Community Edition
  9 + * Document Management Made Simple
  10 + * Copyright (C) 2008 KnowledgeTree Inc.
  11 + * Portions copyright The Jam Warehouse Software (Pty) Limited
  12 + *
  13 + * This program is free software; you can redistribute it and/or modify it under
  14 + * the terms of the GNU General Public License version 3 as published by the
  15 + * Free Software Foundation.
  16 + *
  17 + * This program is distributed in the hope that it will be useful, but WITHOUT
  18 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  19 + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  20 + * details.
  21 + *
  22 + * You should have received a copy of the GNU General Public License
  23 + * along with this program. If not, see <http://www.gnu.org/licenses/>.
  24 + *
  25 + * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
  26 + * California 94120-7775, or email info@knowledgetree.com.
  27 + *
  28 + * The interactive user interfaces in modified source and object code versions
  29 + * of this program must display Appropriate Legal Notices, as required under
  30 + * Section 5 of the GNU General Public License version 3.
  31 + *
  32 + * In accordance with Section 7(b) of the GNU General Public License version 3,
  33 + * these Appropriate Legal Notices must retain the display of the "Powered by
  34 + * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  35 + * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
  36 + * must display the words "Powered by KnowledgeTree" and retain the original
  37 + * copyright notice.
  38 + * Contributor( s): ______________________________________
  39 + */
  40 +
  41 +require_once(KT_LIB_DIR . '/plugins/plugin.inc.php');
  42 +require_once(KT_LIB_DIR . '/plugins/pluginregistry.inc.php');
  43 +require_once(KT_LIB_DIR . '/templating/templating.inc.php');
  44 +require_once(KT_LIB_DIR . '/authentication/interceptor.inc.php');
  45 +require_once(KT_LIB_DIR . '/authentication/interceptorinstances.inc.php');
  46 +
  47 +class PasswordResetInterceptor extends KTInterceptor {
  48 + var $sNamespace = 'password.reset.login.interceptor';
  49 +
  50 + function authenticated() {
  51 + }
  52 +
  53 + function takeover() {
  54 + $oRegistry =& KTPluginRegistry::getSingleton();
  55 + $oPlugin =& $oRegistry->getPlugin('password.reset.plugin');
  56 + $dispatcherURL = $oPlugin->getURLPath('loginResetDispatcher.php');
  57 + $redirect = KTUtil::arrayGet($_REQUEST, 'redirect');
  58 +
  59 + $url = KTUtil::kt_url() . $dispatcherURL;
  60 + $url .= (!empty($redirect)) ? '?redirect='.$redirect : '';
  61 + redirect($url);
  62 + exit(0);
  63 + }
  64 +}
  65 +
  66 +class PasswordResetPlugin extends KTPlugin {
  67 + var $sNamespace = 'password.reset.plugin';
  68 + var $autoRegister = false;
  69 +
  70 + function PasswordResetPlugin($sFilename = null) {
  71 + $res = parent::KTPlugin($sFilename);
  72 + $this->sFriendlyName = _kt('Password Reset Plugin');
  73 + return $res;
  74 + }
  75 +
  76 + function setup() {
  77 + // Register the interceptor
  78 + $this->registerInterceptor('PasswordResetInterceptor', 'password.reset.login.interceptor', __FILE__);
  79 +
  80 + // Interceptor has to be added to the DB to be found
  81 + $aOptions = array(
  82 + 'sName' => 'Password Reset Interceptor',
  83 + 'sInterceptorNamespace' => 'password.reset.login.interceptor',
  84 + 'sConfig' => ''
  85 + );
  86 + KTInterceptorInstance::createFromArray($aOptions);
  87 +
  88 + // Add templates directory to list
  89 + $dir = dirname(__FILE__);
  90 + $oTemplating =& KTTemplating::getSingleton();
  91 + $oTemplating->addLocation('passwordResetPlugin', $dir . '/templates');
  92 + }
  93 +}
  94 +$oPluginRegistry =& KTPluginRegistry::getSingleton();
  95 +$oPluginRegistry->registerPlugin('PasswordResetPlugin', 'password.reset.plugin', __FILE__);
  96 +?>
0 97 \ No newline at end of file
... ...
plugins/passwordResetPlugin/resources/passwordReset.css 0 → 100644
  View file @7c6ba91
  1 +#forgot_box {
  2 + display: none;
  3 + visibility: hidden;
  4 +}
  5 +
  6 +#reset_box {
  7 + display: none;
  8 + visibility: hidden;
  9 +}
  10 +
  11 +.smaller{
  12 + padding-top: 5px;
  13 + font-family: sans-serif;
  14 + font-size: 9px;
  15 +}
  16 +
  17 +#messages {
  18 + display: none;
  19 + visibility: hidden;
  20 + padding: 5px;
  21 +}
0 22 \ No newline at end of file
... ...
plugins/passwordResetPlugin/resources/passwordReset.js 0 → 100644
  View file @7c6ba91
  1 +/* Hide the password request box and display the login form */
  2 +var hideBox = function(){
  3 + var box = document.getElementById('forgot_box');
  4 + var formbox = document.getElementById('login_form');
  5 +
  6 + formbox.style.display = 'block';
  7 + formbox.style.visibility = 'visible';
  8 + box.style.display = 'none';
  9 + box.style.visibility = 'hidden';
  10 +
  11 + document.getElementById('username').focus();
  12 +}
  13 +
  14 +/* Hide the login form and display the password request box */
  15 +var showBox = function(){
  16 + var box = document.getElementById('forgot_box');
  17 + var formbox = document.getElementById('login_form');
  18 +
  19 + box.style.display = 'block';
  20 + box.style.visibility = 'visible';
  21 + formbox.style.display = 'none';
  22 + formbox.style.visibility = 'hidden';
  23 +
  24 + document.getElementById('reset_username').focus();
  25 +}
  26 +
  27 +/* Hide the login form and display the reset password box */
  28 +var showResetBox = function(){
  29 + var box = document.getElementById('reset_box');
  30 + var formbox = document.getElementById('login_form');
  31 +
  32 + box.style.display = 'block';
  33 + box.style.visibility = 'visible';
  34 + formbox.style.display = 'none';
  35 + formbox.style.visibility = 'hidden';
  36 +
  37 + document.getElementById('new_username').focus();
  38 +}
  39 +
  40 +/* Hide the reset password box and display the login form */
  41 +var hideResetBox = function(){
  42 + var box = document.getElementById('reset_box');
  43 + var formbox = document.getElementById('login_form');
  44 +
  45 + formbox.style.display = 'block';
  46 + formbox.style.visibility = 'visible';
  47 + box.style.display = 'none';
  48 + box.style.visibility = 'hidden';
  49 +
  50 + document.getElementById('username').focus();
  51 +}
  52 +
  53 +/* Display the error / success messages in the correct format */
  54 +var showMessages = function() {
  55 + var box = document.getElementById('messages');
  56 +
  57 + box.style.display = 'block';
  58 + box.style.visibility = 'visible';
  59 +}
  60 +
  61 +/* Check the entered details and use ajax to send the email confirming the users request
  62 +on success display the response from the server */
  63 +var sendEmailRequest = function(sUrl) {
  64 + // Check the username and password has been supplied
  65 + var user = document.getElementById('reset_username');
  66 + var email = document.getElementById('reset_email');
  67 +
  68 + if(!user.value){
  69 + alert('Please enter a username.');
  70 + user.focus();
  71 + return false;
  72 + }
  73 + if(!email.value){
  74 + alert('Please enter a valid email address.');
  75 + email.focus();
  76 + return false;
  77 + }
  78 +
  79 + Ext.Ajax.request({
  80 + url: sUrl,
  81 + success: function(response) {
  82 + //hideBox();
  83 + showMessages();
  84 + document.getElementById('messages').innerHTML = response.responseText;
  85 + },
  86 + failure: function(response) {
  87 + showMessages();
  88 + document.getElementById('messages').innerHTML = 'A server error occurred, please refresh and try again.';
  89 + },
  90 + params: {
  91 + username: user.value,
  92 + email: email.value
  93 + }
  94 + });
  95 +}
  96 +
  97 +/* Check the entered details and use ajax to reset the users password
  98 +on success display the response from the server */
  99 +var resetPassword = function(sUrl) {
  100 + // Check the fields have been filled in
  101 + var name = document.getElementById('new_username');
  102 + var email = document.getElementById('new_email');
  103 + var password = document.getElementById('new_password');
  104 + var confirm = document.getElementById('new_password_repeat');
  105 +
  106 + if(!name.value){
  107 + alert('Please enter your username.');
  108 + name.focus();
  109 + return false;
  110 + }
  111 + if(!email.value){
  112 + alert('Please enter a valid email address.');
  113 + email.focus();
  114 + return false;
  115 + }
  116 + if(!password.value){
  117 + alert('Please enter new password.');
  118 + password.focus();
  119 + return false;
  120 + }
  121 + if(password.value != confirm.value){
  122 + alert('Your passwords do not match, please reenter them.');
  123 + confirm.focus();
  124 + return false;
  125 + }
  126 +
  127 + Ext.Ajax.request({
  128 + url: sUrl,
  129 + success: function(response) {
  130 + hideResetBox();
  131 + showMessages();
  132 + document.getElementById('messages').innerHTML = response.responseText;
  133 + },
  134 + failure: function(response) {
  135 + showMessages();
  136 + document.getElementById('messages').innerHTML = 'A server error occurred, please refresh and try again.';
  137 + },
  138 + params: {
  139 + username: name.value,
  140 + email: email.value,
  141 + password: password.value,
  142 + confirm: confirm.value
  143 + }
  144 + });
  145 +}
0 146 \ No newline at end of file
... ...
plugins/passwordResetPlugin/templates/login_reset.smarty 0 → 100644
  View file @7c6ba91
  1 +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  2 +"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  3 +<html>
  4 +<head>
  5 + <title>{i18n arg_appname="$appname"}Login | #appname#{/i18n}</title>
  6 +
  7 + {foreach from=$css item=item}
  8 + <link rel='stylesheet' href='{$rootUrl}{$item}' type='text/css' />
  9 + {/foreach}
  10 +
  11 + <link rel='stylesheet' href='{$rootUrl}/resources/css/kt-login.css' type='text/css' />
  12 +
  13 + <link rel='icon' href='{$rootUrl}/resources/favicon.ico' type='image/x-icon'>
  14 + <link rel='shortcut icon' href='{$rootUrl}/resources/favicon.ico' type='image/x-icon'>
  15 +
  16 + <link rel='stylesheet' href='{$rootUrl}/resources/css/kt-ie-icons.css' type='text/css' />
  17 +
  18 + <script type='text/javascript' src='{$rootUrl}/thirdpartyjs/curvycorners/rounded_corners.inc.js'> </script>
  19 +
  20 + {foreach from=$js item=item}
  21 + <script type='text/javascript' src='{$rootUrl}{$item}'> </script>
  22 + {/foreach}
  23 +</head>
  24 +<body>
  25 + <div id='loginbox_outer' {if ($disclaimer)} class='hasDisclaimer' {/if}>
  26 + <div id="{if $config->get("ui/poweredByDisabled") == '0'}loginbox_skin{else}loginbox{/if}" {if ($disclaimer)} class='hasDisclaimer' {/if}>
  27 + <div id='formbox'>
  28 + <form action='{$smarty.server.PHP_SELF}' method='POST' name='login'>
  29 + <input type='hidden' name='action' value='login' />
  30 + <input type='hidden' name='cookieverify' value='{$cookietest}' />
  31 + <input type='hidden' name='redirect' value='{$redirect}' />
  32 + {if $config->get('ui/mainLogo') != ''}
  33 + <img src="{$config->get("ui/mainLogo")}" alt="{$config->get("ui/mainLogoTitle")}" class='logoimage'/><br />
  34 + {else}
  35 + <img src='{$rootUrl}/resources/graphics/ktlogo-topbar-right.png' alt='{$appname}' class='logoimage' height='50' width='252'/><br />
  36 + {/if}
  37 + {if $smallVersion == 'Community Edition'}
  38 + <span class='communityLabel'><h2>{i18n}Community Edition{/i18n}</h2></span>
  39 + {/if}
  40 + <div id='messages' class='ktErrorMessage'></div>
  41 + <div id='login_form'>
  42 + {if ($errorMessage == null)}
  43 + <p class='descriptiveText'>{i18n}Please enter your details below to login.{/i18n}</p>
  44 + {else}
  45 + <div class='ktErrorMessage'><span>
  46 + {if ($errorMessage == $errorMessageConfirm)}
  47 + {$errorMessage}
  48 + {else}
  49 + {$errorMessage|sanitize}
  50 + {/if}
  51 + </span></div>
  52 + {/if}
  53 +
  54 + <label for='username'>{i18n}Username{/i18n}</label>
  55 + <input type='text' id='username' name='username'/>
  56 + <label for='password'>{i18n}Password{/i18n}</label>
  57 + <input type='password' id='password' name='password'/>
  58 +
  59 + <label for='language'>{i18n}Language{/i18n}</label>
  60 + <select id='language' name='language'>
  61 + {foreach from=$languages key=sLang item=sLanguageName}
  62 + <option value='{$sLang}' {if $sLang == $selected_language}SELECTED='yes'{/if}>{$sLanguageName}</option>
  63 + {/foreach}
  64 + </select>
  65 + <div class='form_actions'>
  66 + <input type='submit' value='{i18n}Login{/i18n}' />
  67 + <p class='smaller'><a href='#' onclick='showBox();'>{i18n}Forgot your password?{/i18n}</a></p>
  68 + </div>
  69 + </div>
  70 + </form>
  71 + </div>
  72 +
  73 + <div id='forgot_box'>
  74 + <form name='forgot_form' action='' method='POST'>
  75 + <p class='descriptiveText'>{i18n}Enter your username and email address. A link will be mailed to you in order to verify your email address.{/i18n}</p>
  76 +
  77 + <label for='reset_username'>{i18n}Username{/i18n}</label>
  78 + <input type='text' id='reset_username' name='reset_username' />
  79 + <br />
  80 + <label for='reset_email'>{i18n}Email Address{/i18n}</label>
  81 + <input type='text' id='reset_email' name='reset_email' />
  82 + <br />
  83 + <div class='form_actions'>
  84 + <input type='button' onclick='javascript: sendEmailRequest("{$sUrl}sendResetRequest");' value="{i18n}Send password link{/i18n}" />
  85 + <input type='button' onclick='javascript: hideBox();' value='{i18n}Back{/i18n}' />
  86 + </div>
  87 + </form>
  88 + <br />
  89 + <br />
  90 + <br />
  91 + </div>
  92 +
  93 + <div id='reset_box'>
  94 + <form name='reset_form' action='' method='POST'>
  95 + <p class='descriptiveText'>{i18n}Please enter your username and email address.{/i18n}</p>
  96 +
  97 + <label for='new_username'>{i18n}Username{/i18n}</label>
  98 + <input type='text' id='new_username' name='new_username' /><br />
  99 +
  100 + <label for='new_email'>{i18n}Email Address{/i18n}</label>
  101 + <input type='text' id='new_email' name='new_email' /><br />
  102 +
  103 + <label for='new_password'>{i18n}New password{/i18n}</label>
  104 + <input type='password' id='new_password' name='new_password' /><br />
  105 +
  106 + <label for='new_password_repeat'>{i18n}Confirm new password{/i18n}</label>
  107 + <input type='password' id='new_password_repeat' name='new_password_repeat'><br />
  108 +
  109 + <div class='form_actions'>
  110 + <input type='button' onclick='javascript: resetPassword("{$sUrl}resetPassword");' value='{i18n}Reset password{/i18n}' />
  111 + <input type='button' onclick='javascript: hideResetBox();' value='{i18n}Cancel{/i18n}' />
  112 + </div>
  113 + </form>
  114 + </div>
  115 +
  116 + {if ($disclaimer)}
  117 + <div id='disclaimerbox'>
  118 + <p>{$disclaimer}</p>
  119 + </div>
  120 + {/if}
  121 + <p class='descriptiveText version'>
  122 + <br>
  123 + {* Added for live *}
  124 + {i18n}Access to this service is subject to the KnowledgeTreeLive <a href="http://www.knowledgetree.com/about/legal/live">Terms and Conditions</a> of use.{/i18n}<br/>
  125 + {i18n}&copy; 2008 <a href="http://www.knowledgetree.com/">KnowledgeTree Inc.</a> All Rights Reserved{/i18n}
  126 +
  127 + {* Removed for live
  128 + {i18n arg_appname="$appname"}#appname# Version{/i18n} {$versionName}<br/>
  129 + {i18n}<a href="http://www.knowledgetree.com/">Document Management Software</a>{/i18n}<br>
  130 + {i18n}&copy; 2008 <a href="http://www.knowledgetree.com/">KnowledgeTree Inc.</a>{/i18n}<br><br>
  131 + {if ($smallVersion == 'Community Edition')}
  132 + {i18n}This program is free software and published under the <a href=" http://www.gnu.org/licenses/">GNU General Public License version 3</a>{/i18n}<br>
  133 + {else}
  134 + {i18n}All rights reserved.{/i18n}<br>
  135 + {/if}
  136 + *}
  137 + </p>
  138 + <br />
  139 + <div id='bottomspacer'></div>
  140 + <div class='floatClear'></div>
  141 + </div>
  142 + </div>
  143 +
  144 + {if $reset_password}
  145 + <script type='text/javascript'>showResetBox();</script>
  146 + {else}
  147 + <script type='text/javascript'>hideResetBox(); document.getElementById('username').focus();</script>
  148 + {/if}
  149 +</body>
  150 +</html>
... ...