198 Part II: Developing Intranet (Sex offenders web site) Solutions 4. It
198 Part II: Developing Intranet Solutions 4. It creates a User object, $userObj, and calls getUserInfo() to load the user information. 5. It calls updateUser() with $hash as the parameter. updateUser() performs the actual database operation of updating the password. It only updates the password because $hash contains only the password information. 6. It displays the appropriate success or failure status message. . email(): This method is called by showScreen() to populate the e-mail template, which becomes the HTML message sent to the user who is requesting the change for a forgotten password. It works as follows: 1. It creates a User object, $userObj, and uses getUserIDByName() to retrieve the user s ID. 2. It returns FALSE if the user ID is not found. Otherwise, it uses getCheckSum() to generate a checksum for the current user ID. 3. It incorporates the checksum value in a URL along with the user ID and step value set to 3. 4. It embeds the forgotten password application URL into the HTML template by replacing the PASSWORD_URL tag with the URL value. 5. It returns TRUE status. The following are other methods implemented in this application. Method Description run() Calls the resetPasswordDriver(), which is responsible for managing the entire forgotten-password process. sendEmail() Sends an e-mail link to the user, which she can use to return to the forgotten password application to enter a new password. The e-mail message is read as an HTML template, which is processed by the showScreen() method. The showScreen() method calls the email() method to create the actual message, which sendEmail() method sends to the user. getCheckSum() Creates a checksum value using the user ID and a secret random number loaded from the configuration file. The checksum number is used to protect the e-mailed link from being generated by an unfriendly user.