diff --git a/src/mibew/libs/classes/Mibew/Controller/PasswordRecoveryController.php b/src/mibew/libs/classes/Mibew/Controller/PasswordRecoveryController.php
new file mode 100644
index 00000000..96a1f13a
--- /dev/null
+++ b/src/mibew/libs/classes/Mibew/Controller/PasswordRecoveryController.php
@@ -0,0 +1,196 @@
+attributes->get('_operator')) {
+ // If the operator is logged in just redirect him to the home page.
+ return $this->redirect($request->getUriForPath('/operator'));
+ }
+
+ $page = array(
+ 'version' => MIBEW_VERSION,
+ 'title' => getlocal('restore.title'),
+ 'headertitle' => getlocal('app.title'),
+ 'show_small_login' => true,
+ 'fixedwrap' => true,
+ 'errors' => array(),
+ );
+ $login_or_email = '';
+
+ if ($request->request->has('loginoremail')) {
+ $login_or_email = $request->request->get('loginoremail');
+
+ $to_restore = is_valid_email($login_or_email)
+ ? operator_by_email($login_or_email)
+ : operator_by_login($login_or_email);
+ if (!$to_restore) {
+ $page['errors'][] = getlocal('no_such_operator');
+ }
+
+ $email = $to_restore['vcemail'];
+ if (count($page['errors']) == 0 && !is_valid_email($email)) {
+ $page['errors'][] = "Operator hasn't set his e-mail";
+ }
+
+ if (count($page['errors']) == 0) {
+ $token = sha1($to_restore['vclogin'] . (function_exists('openssl_random_pseudo_bytes')
+ ? openssl_random_pseudo_bytes(32)
+ : (time() + microtime()) . mt_rand(0, 99999999)));
+
+ $db = Database::getInstance();
+ $db->query(
+ ("UPDATE {chatoperator} "
+ . "SET dtmrestore = :now, vcrestoretoken = :token "
+ . "WHERE operatorid = :operatorid"),
+ array(
+ ':now' => time(),
+ ':token' => $token,
+ ':operatorid' => $to_restore['operatorid'],
+ )
+ );
+
+ $href = $this->getRouter()->generate(
+ 'password_recovery_reset',
+ array(
+ 'id' => $to_restore['operatorid'],
+ 'token' => $token,
+ ),
+ UrlGeneratorInterface::ABSOLUTE_URL
+ );
+ mibew_mail(
+ $email,
+ $email,
+ getstring('restore.mailsubj'),
+ getstring2(
+ 'restore.mailtext',
+ array(get_operator_name($to_restore), $href)
+ )
+ );
+ $page['isdone'] = true;
+
+ return $this->render('password_recovery', $page);
+ }
+ }
+
+ $page['formloginoremail'] = $login_or_email;
+ $page['localeLinks'] = get_locale_links();
+ $page['isdone'] = false;
+
+ return $this->render('password_recovery', $page);
+ }
+
+ /**
+ * Generate content for "password_recovery_reset" route.
+ *
+ * @param Request $request
+ * @return string Rendered page content
+ */
+ public function resetAction(Request $request)
+ {
+ $page = array(
+ 'version' => MIBEW_VERSION,
+ 'showform' => true,
+ 'title' => getlocal('resetpwd.title'),
+ 'headertitle' => getlocal('app.title'),
+ 'show_small_login' => true,
+ 'fixedwrap' => true,
+ 'errors' => array(),
+ );
+
+ // Make sure user id is specified and its format is correct.
+ $op_id = $request->isMethod('GET')
+ ? $request->query->get('id')
+ : $request->request->get('id');
+ if (!preg_match("/^\d{1,9}$/", $op_id)) {
+ throw new BadRequestException();
+ }
+
+ // Make sure token is specified and its format is correct.
+ $token = $request->isMethod('GET')
+ ? $request->query->get('token')
+ : $request->request->get('token');
+ if (!preg_match("/^[\dabcdef]+$/", $token)) {
+ throw new BadRequestException();
+ }
+
+ $operator = operator_by_id($op_id);
+
+ if (!$operator) {
+ $page['errors'][] = 'No such operator';
+ $page['showform'] = false;
+ } elseif ($token != $operator['vcrestoretoken']) {
+ $page['errors'][] = 'Wrong token';
+ $page['showform'] = false;
+ }
+
+ if (count($page['errors']) == 0 && $request->request->has('password')) {
+ $password = $request->request->get('password');
+ $password_confirm = $request->request->get('passwordConfirm');
+
+ if (!$password) {
+ $page['errors'][] = no_field('form.field.password');
+ }
+
+ if ($password != $password_confirm) {
+ $page['errors'][] = getlocal('my_settings.error.password_match');
+ }
+
+ if (count($page['errors']) == 0) {
+ $page['isdone'] = true;
+
+ $db = Database::getInstance();
+ $db->query(
+ ("UPDATE {chatoperator} "
+ . "SET vcpassword = ?, vcrestoretoken = '' "
+ . "WHERE operatorid = ?"),
+ array(
+ calculate_password_hash($operator['vclogin'], $password),
+ $op_id,
+ )
+ );
+ $page['loginname'] = $operator['vclogin'];
+
+ return $this->render('password_recovery_reset', $page);
+ }
+ }
+
+ $page['id'] = $op_id;
+ $page['token'] = $token;
+ $page['isdone'] = false;
+
+ return $this->render('password_recovery_reset', $page);
+ }
+}
diff --git a/src/mibew/libs/routing.yml b/src/mibew/libs/routing.yml
index fe8c3f62..ef0049f7 100644
--- a/src/mibew/libs/routing.yml
+++ b/src/mibew/libs/routing.yml
@@ -34,6 +34,16 @@ history_user:
requirements:
user_id: .{0,63}
+password_recovery:
+ path: /operator/password-recovery
+ defaults:
+ _controller: Mibew\Controller\PasswordRecoveryController::indexAction
+
+password_recovery_reset:
+ path: /operator/password-recovery/reset
+ defaults:
+ _controller: Mibew\Controller\PasswordRecoveryController::resetAction
+
updates:
path: /operator/updates
defaults:
diff --git a/src/mibew/operator/resetpwd.php b/src/mibew/operator/resetpwd.php
deleted file mode 100644
index 35362b0f..00000000
--- a/src/mibew/operator/resetpwd.php
+++ /dev/null
@@ -1,86 +0,0 @@
- MIBEW_VERSION,
- 'showform' => true,
- 'title' => getlocal("resetpwd.title"),
- 'headertitle' => getlocal("app.title"),
- 'show_small_login' => true,
- 'fixedwrap' => true,
- 'errors' => array(),
-);
-
-$page_style = new PageStyle(PageStyle::getCurrentStyle());
-
-$op_id = verify_param("id", "/^\d{1,9}$/");
-$token = verify_param("token", "/^[\dabcdef]+$/");
-
-$operator = operator_by_id($op_id);
-
-if (!$operator) {
- $page['errors'][] = "No such operator";
- $page['showform'] = false;
-} elseif ($token != $operator['vcrestoretoken']) {
- $page['errors'][] = "Wrong token";
- $page['showform'] = false;
-}
-
-if (count($page['errors']) == 0 && isset($_POST['password'])) {
- $password = get_param('password');
- $password_confirm = get_param('passwordConfirm');
-
- if (!$password) {
- $page['errors'][] = no_field("form.field.password");
- }
-
- if ($password != $password_confirm) {
- $page['errors'][] = getlocal("my_settings.error.password_match");
- }
-
- if (count($page['errors']) == 0) {
- $page['isdone'] = true;
-
- $db = Database::getInstance();
- $db->query(
- ("UPDATE {chatoperator} "
- . "SET vcpassword = ?, vcrestoretoken = '' "
- . "WHERE operatorid = ?"),
- array(
- calculate_password_hash($operator['vclogin'], $password),
- $op_id,
- )
- );
-
- $page['loginname'] = $operator['vclogin'];
- $page_style->render('resetpwd', $page);
- exit;
- }
-}
-
-$page['id'] = $op_id;
-$page['token'] = $token;
-$page['isdone'] = false;
-
-$page_style->render('resetpwd', $page);
diff --git a/src/mibew/operator/restore.php b/src/mibew/operator/restore.php
deleted file mode 100644
index 1d1ec32f..00000000
--- a/src/mibew/operator/restore.php
+++ /dev/null
@@ -1,93 +0,0 @@
- MIBEW_VERSION,
- 'title' => getlocal("restore.title"),
- 'headertitle' => getlocal("app.title"),
- 'show_small_login' => true,
- 'fixedwrap' => true,
- 'errors' => array(),
-);
-
-$login_or_email = "";
-
-$page_style = new PageStyle(PageStyle::getCurrentStyle());
-
-if (isset($_POST['loginoremail'])) {
- $login_or_email = get_param("loginoremail");
-
- $to_restore = is_valid_email($login_or_email)
- ? operator_by_email($login_or_email)
- : operator_by_login($login_or_email);
- if (!$to_restore) {
- $page['errors'][] = getlocal("no_such_operator");
- }
-
- $email = $to_restore['vcemail'];
- if (count($page['errors']) == 0 && !is_valid_email($email)) {
- $page['errors'][] = "Operator hasn't set his e-mail";
- }
-
- if (count($page['errors']) == 0) {
- $token = sha1($to_restore['vclogin'] . (function_exists('openssl_random_pseudo_bytes')
- ? openssl_random_pseudo_bytes(32)
- : (time() + microtime()) . mt_rand(0, 99999999)));
-
- $db = Database::getInstance();
- $db->query(
- ("UPDATE {chatoperator} "
- . "SET dtmrestore = :now, vcrestoretoken = :token "
- . "WHERE operatorid = :operatorid"),
- array(
- ':now' => time(),
- ':token' => $token,
- ':operatorid' => $to_restore['operatorid'],
- )
- );
-
- $href = get_app_location(true, false) . "/operator/resetpwd.php?id="
- . $to_restore['operatorid'] . "&token=$token";
- mibew_mail(
- $email,
- $email,
- getstring("restore.mailsubj"),
- getstring2(
- "restore.mailtext",
- array(get_operator_name($to_restore), $href)
- )
- );
-
- $page['isdone'] = true;
- $page_style->render('restore', $page);
- exit;
- }
-}
-
-$page['formloginoremail'] = $login_or_email;
-
-$page['localeLinks'] = get_locale_links();
-$page['isdone'] = false;
-
-$page_style->render('restore', $page);
diff --git a/src/mibew/styles/pages/default/templates_src/server_side/login.handlebars b/src/mibew/styles/pages/default/templates_src/server_side/login.handlebars
index 4b6fc61b..b1e6d1b1 100644
--- a/src/mibew/styles/pages/default/templates_src/server_side/login.handlebars
+++ b/src/mibew/styles/pages/default/templates_src/server_side/login.handlebars
@@ -54,7 +54,7 @@
diff --git a/src/mibew/styles/pages/default/templates_src/server_side/restore.handlebars b/src/mibew/styles/pages/default/templates_src/server_side/password_recovery.handlebars
similarity index 98%
rename from src/mibew/styles/pages/default/templates_src/server_side/restore.handlebars
rename to src/mibew/styles/pages/default/templates_src/server_side/password_recovery.handlebars
index ccee4a2c..f9098e71 100644
--- a/src/mibew/styles/pages/default/templates_src/server_side/restore.handlebars
+++ b/src/mibew/styles/pages/default/templates_src/server_side/password_recovery.handlebars
@@ -18,7 +18,7 @@
{{else}}
-