password reset
This commit is contained in:
		
							
								
								
									
										104
									
								
								mod/lostpass.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										104
									
								
								mod/lostpass.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,104 @@ | |||||||
|  | <?php | ||||||
|  |  | ||||||
|  |  | ||||||
|  | function lostpass_post(&$a) { | ||||||
|  |  | ||||||
|  | 	$email = notags(trim($_POST['login-name'])); | ||||||
|  | 	if(! $email) | ||||||
|  | 		goaway($a->get_baseurl()); | ||||||
|  |  | ||||||
|  | 	$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1", | ||||||
|  | 		dbesc($email) | ||||||
|  | 	); | ||||||
|  | 	if(! count($r)) | ||||||
|  | 		goaway($a->get_baseurl()); | ||||||
|  | 	$uid = $r[0]['uid']; | ||||||
|  | 	$username = $r[0]['username']; | ||||||
|  |  | ||||||
|  | 	$new_password = autoname(12) . mt_rand(100,9999); | ||||||
|  | 	$new_password_encoded = hash('whirlpool',$new_password); | ||||||
|  |  | ||||||
|  | 	$r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1", | ||||||
|  | 		dbesc($new_password_encoded), | ||||||
|  | 		intval($uid) | ||||||
|  | 	); | ||||||
|  | 	if($r) | ||||||
|  | 		notice("Password reset request issued. Check your email."); | ||||||
|  |  | ||||||
|  | 	$email_tpl = file_get_contents("view/lostpass_eml.tpl"); | ||||||
|  | 	$email_tpl = replace_macros($email_tpl, array( | ||||||
|  | 			'$sitename' => $a->config['sitename'], | ||||||
|  | 			'$siteurl' =>  $a->get_baseurl(), | ||||||
|  | 			'$username' => $username, | ||||||
|  | 			'$email' => $email, | ||||||
|  | 			'$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password | ||||||
|  | 	)); | ||||||
|  |  | ||||||
|  | 	$res = mail($email,"Password reset requested at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}"); | ||||||
|  |  | ||||||
|  | 	 | ||||||
|  |  | ||||||
|  | 	goaway($a->get_baseurl()); | ||||||
|  | } | ||||||
|  |  | ||||||
|  |  | ||||||
|  | function lostpass_content(&$a) { | ||||||
|  |  | ||||||
|  |  | ||||||
|  | 	if(x($_GET,'verify')) { | ||||||
|  | 		$verify = $_GET['verify']; | ||||||
|  | 		$hash = hash('whirlpool', $verify); | ||||||
|  |  | ||||||
|  | 		$r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1", | ||||||
|  | 			dbesc($hash) | ||||||
|  | 		); | ||||||
|  | 		if(! count($r)) { | ||||||
|  | 			notice("Request could not be verified. (You may have previously submitted it.) Password reset failed." . EOL); | ||||||
|  | 			goaway($a->get_baseurl()); | ||||||
|  | 			return; | ||||||
|  | 		} | ||||||
|  | 		$uid = $r[0]['uid']; | ||||||
|  | 		$username = $r[0]['username']; | ||||||
|  | 		$email = $r[0]['email']; | ||||||
|  |  | ||||||
|  | 		$new_password = autoname(6) . mt_rand(100,9999); | ||||||
|  | 		$new_password_encoded = hash('whirlpool',$new_password); | ||||||
|  |  | ||||||
|  | 		$r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = ''  WHERE `uid` = %d LIMIT 1", | ||||||
|  | 			dbesc($new_password_encoded), | ||||||
|  | 			intval($uid) | ||||||
|  | 		); | ||||||
|  | 		if($r) { | ||||||
|  | 			$tpl = file_get_contents('view/pwdreset.tpl'); | ||||||
|  | 			$o .= replace_macros($tpl,array( | ||||||
|  | 				'$newpass' => $new_password, | ||||||
|  | 				'$baseurl' => $a->get_baseurl() | ||||||
|  | 			)); | ||||||
|  | 				notice("Your password has been reset." . EOL); | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  | 			$email_tpl = file_get_contents("view/passchanged_eml.tpl"); | ||||||
|  | 			$email_tpl = replace_macros($email_tpl, array( | ||||||
|  | 			'$sitename' => $a->config['sitename'], | ||||||
|  | 			'$siteurl' =>  $a->get_baseurl(), | ||||||
|  | 			'$username' => $username, | ||||||
|  | 			'$email' => $email, | ||||||
|  | 			'$new_password' => $new_password, | ||||||
|  | 			'$uid' => $newuid )); | ||||||
|  |  | ||||||
|  | 			$res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}"); | ||||||
|  |  | ||||||
|  | 			return $o; | ||||||
|  | 		} | ||||||
|  | 	 | ||||||
|  | 	} | ||||||
|  | 	else { | ||||||
|  | 		$tpl = file_get_contents('view/lostpass.tpl'); | ||||||
|  |  | ||||||
|  | 		$o .= $tpl; | ||||||
|  |  | ||||||
|  | 		return $o; | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | } | ||||||
| @@ -13,4 +13,4 @@ ALTER TABLE `item` ADD `owner-name` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_ | |||||||
| ADD `owner-link` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-name` , | ADD `owner-link` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-name` , | ||||||
| ADD `owner-avatar` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-link` ; | ADD `owner-avatar` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-link` ; | ||||||
|  |  | ||||||
| ALTER TABLE `item` ADD `remote-parent` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `parent` ; | ALTER TABLE `user` ADD `pwdreset` CHAR( 255 ) NOT NULL AFTER `blocked` ; | ||||||
| @@ -14,7 +14,7 @@ | |||||||
| <div id="login-extra-links"> | <div id="login-extra-links"> | ||||||
| 	<div id="login-extra-filler"> </div> | 	<div id="login-extra-filler"> </div> | ||||||
| 	$register_html | 	$register_html | ||||||
|         <a href="lost-password" name="Lost your password?" id="lost-password-link" >Password Reset</a> |         <a href="lostpass" title="Lost your password?" id="lost-password-link" >Password Reset</a> | ||||||
| </div> | </div> | ||||||
| <div id="login-extra-end"></div> | <div id="login-extra-end"></div> | ||||||
| <div id="login-submit-wrapper" > | <div id="login-submit-wrapper" > | ||||||
|   | |||||||
							
								
								
									
										18
									
								
								view/lostpass.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								view/lostpass.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | |||||||
|  | <h3>Forgot your Password?</h3> | ||||||
|  |  | ||||||
|  | <p id="lostpass-desc"> | ||||||
|  | Enter your email address and submit to have your password reset. Then check your email for further instructions. | ||||||
|  | </p> | ||||||
|  |  | ||||||
|  | <form action="lostpass" method="post" > | ||||||
|  | <div id="login-name-wrapper"> | ||||||
|  |         <label for="login-name" id="label-login-name">Email address: </label> | ||||||
|  |         <input type="text" maxlength="60" name="login-name" id="login-name" value="" /> | ||||||
|  | </div> | ||||||
|  | <div id="login-extra-end"></div> | ||||||
|  | <div id="login-submit-wrapper" > | ||||||
|  |         <input type="submit" name="submit" id="lostpass-submit-button" value="Reset" /> | ||||||
|  | </div> | ||||||
|  | <div id="login-submit-end"></div> | ||||||
|  | </form> | ||||||
|  |  | ||||||
							
								
								
									
										32
									
								
								view/lostpass_eml.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								view/lostpass_eml.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | |||||||
|  |  | ||||||
|  | Dear $username, | ||||||
|  | 	A request was recently received at $sitename to reset your account  | ||||||
|  | password. In order to confirm this request, please select the verification link | ||||||
|  | below or paste it into your web browser address bar.  | ||||||
|  |  | ||||||
|  | If you did NOT request this change, please DO NOT follow the link | ||||||
|  | provided and ignore and/or delete this email.  | ||||||
|  |  | ||||||
|  | Your password will not be changed unless we can verify that you | ||||||
|  | issued this request.  | ||||||
|  |  | ||||||
|  | Follow this link to verify your identity: | ||||||
|  |  | ||||||
|  | $reset_link | ||||||
|  |  | ||||||
|  | You will then receive a follow-up message containing the new password. | ||||||
|  |  | ||||||
|  | You may change that password from your account settings page after logging in. | ||||||
|  |  | ||||||
|  | The login details are as follows: | ||||||
|  |  | ||||||
|  | Site Location:	$siteurl | ||||||
|  | Login Name:	$email | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Sincerely, | ||||||
|  | 	$sitename Administrator | ||||||
|  |  | ||||||
|  |   | ||||||
							
								
								
									
										20
									
								
								view/passchanged_eml.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								view/passchanged_eml.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | |||||||
|  |  | ||||||
|  | Dear $username, | ||||||
|  | 	Your password has been changed as requested. Please retain this  | ||||||
|  | information for your records (or change your password immediately to  | ||||||
|  | something that you will remember). | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Your login details are as follows: | ||||||
|  |  | ||||||
|  | Site Location:	$siteurl | ||||||
|  | Login Name:	$email | ||||||
|  | Password:	$new_password | ||||||
|  |  | ||||||
|  | You may change that password from your account settings page after logging in. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Sincerely, | ||||||
|  | 	$sitename Administrator | ||||||
|  |  | ||||||
|  |   | ||||||
							
								
								
									
										16
									
								
								view/pwdreset.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								view/pwdreset.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | |||||||
|  | <h3>Password Reset</h3> | ||||||
|  |  | ||||||
|  | <p> | ||||||
|  | Your password has been reset as requested. | ||||||
|  | </p> | ||||||
|  | <p> | ||||||
|  | Your new password is | ||||||
|  | </p> | ||||||
|  | <p> | ||||||
|  | $newpass | ||||||
|  | </p> | ||||||
|  | <p> | ||||||
|  | Save or copy your new password - and then <a href="$baseurl" >click here to login</a>. | ||||||
|  | </p> | ||||||
|  | <p> | ||||||
|  | Your password may be changed from the 'Settings' page after successful login. | ||||||
		Reference in New Issue
	
	Block a user