diff --git a/include/class.auth.php b/include/class.auth.php
index aabf09b68db6e74fdc641d04479a5c0f41059576..83a9fcf0dc42bf254705d3b6180279f1c772d58d 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -119,7 +119,7 @@ abstract class AuthenticationBackend {
$result = $bk->authenticate($username, $password);
if ($result instanceof AuthenticatedUser
- && (static::login($result, $bk)))
+ && ($bk->login($result, $bk)))
return $result;
// TODO: Handle permission denied, for instance
elseif ($result instanceof AccessDenied) {
@@ -141,7 +141,7 @@ abstract class AuthenticationBackend {
$result = $bk->signOn();
if ($result instanceof AuthenticatedUser) {
//Perform further Object specific checks and the actual login
- if (!static::login($result, $bk))
+ if (!$bk->login($result, $bk))
continue;
return $result;
@@ -620,6 +620,39 @@ class osTicketAuthentication extends StaffAuthenticationBackend {
}
StaffAuthenticationBackend::register(osTicketAuthentication);
+class PasswordResetTokenBackend extends StaffAuthenticationBackend {
+ static $id = "pwreset.staff";
+
+ function authenticate($username, $password) {}
+
+ function signOn($errors=array()) {
+ if (!isset($_POST['userid']) || !isset($_POST['token']))
+ return false;
+ elseif (!($_config = new Config('pwreset')))
+ return false;
+ elseif (($staff = new StaffSession($_POST['userid'])) &&
+ !$staff->getId())
+ $errors['msg'] = 'Invalid user-id given';
+ elseif (!($id = $_config->get($_POST['token']))
+ || $id != $staff->getId())
+ $errors['msg'] = 'Invalid reset token';
+ elseif (!($ts = $_config->lastModified($_POST['token']))
+ && ($ost->getConfig()->getPwResetWindow() < (time() - strtotime($ts))))
+ $errors['msg'] = 'Invalid reset token';
+ elseif (!$staff->forcePasswdRest())
+ $errors['msg'] = 'Unable to reset password';
+ else
+ return $staff;
+ }
+
+ function login($staff, $bk) {
+ $_SESSION['_staff']['reset-token'] = $_POST['token'];
+ Signal::send('auth.pwreset.login', $staff);
+ return parent::login($staff, $bk);
+ }
+}
+StaffAuthenticationBackend::register(PasswordResetTokenBackend);
+
/*
* AuthToken Authentication Backend
*
diff --git a/scp/pwreset.php b/scp/pwreset.php
index 5b7a20fa86ab35ce1c9e701107a8a9e8be93dee0..6d749e2d5fe8c3b882bf2e0ffb1f012a046d3636 100644
--- a/scp/pwreset.php
+++ b/scp/pwreset.php
@@ -47,26 +47,15 @@ if($_POST) {
case 'newpasswd':
// TODO: Compare passwords
$tpl = 'pwreset.login.php';
- $_config = new Config('pwreset');
- if (($staff = new StaffSession($_POST['userid'])) &&
- !$staff->getId())
- $msg = 'Invalid user-id given';
- elseif (!($id = $_config->get($_POST['token']))
- || $id != $staff->getId())
- $msg = 'Invalid reset token';
- elseif (!($ts = $_config->lastModified($_POST['token']))
- && ($ost->getConfig()->getPwResetWindow() < (time() - strtotime($ts))))
- $msg = 'Invalid reset token';
- elseif (!$staff->forcePasswdRest())
- $msg = 'Unable to reset password';
- else {
+ $errors = array();
+ if ($staff = StaffAuthenticationBackend::processSignOn($errors)) {
$info = array('page' => 'index.php');
- Signal::send('auth.pwreset.login', $staff, $info);
- Staff::_do_login($staff, $_POST['userid']);
- $_SESSION['_staff']['reset-token'] = $_POST['token'];
header('Location: '.$info['page']);
exit();
}
+ elseif (isset($errors['msg'])) {
+ $msg = $errors['msg'];
+ }
break;
}
}