@@ 26,3 26,7 @@ int admin_user_filter(Fins.Request id, F
 
 You should edit classes/auth/controller and edit the two user modifyable methods to 
 fit your application's data model.
+
+CHANGES
+
+20110311 - added change password functionality

          

@@ 2,6 2,8 @@ import Fins;
 
 inherit Fins.DocController;
 
+protected program __default_template = Fins.Template.Simple;
+
 //! this is a sample authentication handler module which can be customized
 //! to fit the particular needs of your application
 //!

          
@@ 26,6 28,13 @@ function(Fins.Request,Fins.Response,Fins
 //! two indices.
 function(Fins.Request,Fins.Response,Fins.Template.View:mixed) find_user_password = default_find_user_password;
 
+//! method which is called to reset a user's password.
+//! 
+//! @returns
+//!   0 upon failure, should also set response flash message describing the difficulty.
+function(Fins.Request,Fins.Response,Fins.Template.View,mixed,string:mixed) reset_password = default_reset_password;
+
+
 //! 
 object|function default_action;
 

          
@@ 40,6 49,8 @@ void start()
 //! default user authenticator
 static mixed default_find_user(Request id, Response response, Template.View t)
 {
+//array r = ({id->variables->username});
+
   mixed r = Fins.Model.find.users( ([ "username": id->variables->username,
                                       "password": id->variables->password 
                                     ]) );

          
@@ 53,10 64,19 @@ static mixed default_find_user(Request i
 //! the name of the template to use for sending the password via email.
 string password_template_name = "auth/sendpassword";
 
+//! default password changer
+static mixed default_reset_password(Request id, Response response, Template.View t, mixed user, string newpassword)
+{
+  user["password"] = newpassword;
+  return 1;
+}
+
+
 //! default user authenticator
 static mixed default_find_user_password(Request id, Response response, Template.View t)
 {
-  mixed r = Fins.Model.find.users( ([ "username": id->variables->username,
+
+  mixed r = Fins.Model.find.users( ([ "username": id->variables->username
                                     ]) );
 
   t->add("username", id->variables->username);

          
@@ 78,7 98,7 @@ static string get_return_address()
 }
 
 // _login is used for ajaxy logins.
-function _login = login;
+function/*(Request, Response, Template.View, mixed ...:void )*/ _login = login;
 
 public void login(Request id, Response response, Template.View t, mixed ... args)
 {

          
@@ 132,6 152,37 @@ public void logout(Request id, Response 
   response->redirect(id->referrer||default_action);
 }
 
+public void changepassword(Request id, Response response, Template.View t, mixed ... args)
+{
+  t->add("return_to", id->variables->return_to);
+
+  switch(id->variables->action)
+  {
+    case "Reset":
+        mixed r = find_user(id, response, t);
+        if(r)
+        {
+           // success!
+           if((id->variables->newpassword && strlen(id->variables->newpassword)) && id->variables->newpassword == id->variables->newpassword2 )
+           {
+              if(reset_password(id, response, t, r, id->variables->newpassword))
+               response->flash("Password reset successfully.");
+               response->redirect(login, ({}), (["return_to": id->variables->return_to]));
+           }
+           else
+           {
+             response->flash("No password supplied, or the new password does not match its confirmation.");
+           }
+        }
+        else
+        {
+           response->flash("Unable to find a user with that username and/or password.");
+        }
+
+  }
+ 
+}
+
 public void forgotpassword(Request id, Response response, Template.View t, mixed ... args)
 {
 

          

@@ 26,4 26,6 @@ Password:</td><td>
 </table>
 </form>
 <p/>
-<a href="<%action_url action="forgotpassword"%>">Forgot password?</a>
+<a href="<%action_url action="forgotpassword"%>">Forgot password?</a> | 
+<a href="<%action_url action="changepassword" return_to="$return_to"%>">Change Password</a> 
+