password reset
This commit is contained in:
parent
aff4f63ff8
commit
83ee7909cd
104
mod/lostpass.php
Normal file
104
mod/lostpass.php
Normal file
|
@ -0,0 +1,104 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
|
||||||
|
function lostpass_post(&$a) {
|
||||||
|
|
||||||
|
$email = notags(trim($_POST['login-name']));
|
||||||
|
if(! $email)
|
||||||
|
goaway($a->get_baseurl());
|
||||||
|
|
||||||
|
$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
|
||||||
|
dbesc($email)
|
||||||
|
);
|
||||||
|
if(! count($r))
|
||||||
|
goaway($a->get_baseurl());
|
||||||
|
$uid = $r[0]['uid'];
|
||||||
|
$username = $r[0]['username'];
|
||||||
|
|
||||||
|
$new_password = autoname(12) . mt_rand(100,9999);
|
||||||
|
$new_password_encoded = hash('whirlpool',$new_password);
|
||||||
|
|
||||||
|
$r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1",
|
||||||
|
dbesc($new_password_encoded),
|
||||||
|
intval($uid)
|
||||||
|
);
|
||||||
|
if($r)
|
||||||
|
notice("Password reset request issued. Check your email.");
|
||||||
|
|
||||||
|
$email_tpl = file_get_contents("view/lostpass_eml.tpl");
|
||||||
|
$email_tpl = replace_macros($email_tpl, array(
|
||||||
|
'$sitename' => $a->config['sitename'],
|
||||||
|
'$siteurl' => $a->get_baseurl(),
|
||||||
|
'$username' => $username,
|
||||||
|
'$email' => $email,
|
||||||
|
'$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password
|
||||||
|
));
|
||||||
|
|
||||||
|
$res = mail($email,"Password reset requested at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
goaway($a->get_baseurl());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function lostpass_content(&$a) {
|
||||||
|
|
||||||
|
|
||||||
|
if(x($_GET,'verify')) {
|
||||||
|
$verify = $_GET['verify'];
|
||||||
|
$hash = hash('whirlpool', $verify);
|
||||||
|
|
||||||
|
$r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1",
|
||||||
|
dbesc($hash)
|
||||||
|
);
|
||||||
|
if(! count($r)) {
|
||||||
|
notice("Request could not be verified. (You may have previously submitted it.) Password reset failed." . EOL);
|
||||||
|
goaway($a->get_baseurl());
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
$uid = $r[0]['uid'];
|
||||||
|
$username = $r[0]['username'];
|
||||||
|
$email = $r[0]['email'];
|
||||||
|
|
||||||
|
$new_password = autoname(6) . mt_rand(100,9999);
|
||||||
|
$new_password_encoded = hash('whirlpool',$new_password);
|
||||||
|
|
||||||
|
$r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1",
|
||||||
|
dbesc($new_password_encoded),
|
||||||
|
intval($uid)
|
||||||
|
);
|
||||||
|
if($r) {
|
||||||
|
$tpl = file_get_contents('view/pwdreset.tpl');
|
||||||
|
$o .= replace_macros($tpl,array(
|
||||||
|
'$newpass' => $new_password,
|
||||||
|
'$baseurl' => $a->get_baseurl()
|
||||||
|
));
|
||||||
|
notice("Your password has been reset." . EOL);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
$email_tpl = file_get_contents("view/passchanged_eml.tpl");
|
||||||
|
$email_tpl = replace_macros($email_tpl, array(
|
||||||
|
'$sitename' => $a->config['sitename'],
|
||||||
|
'$siteurl' => $a->get_baseurl(),
|
||||||
|
'$username' => $username,
|
||||||
|
'$email' => $email,
|
||||||
|
'$new_password' => $new_password,
|
||||||
|
'$uid' => $newuid ));
|
||||||
|
|
||||||
|
$res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
|
||||||
|
|
||||||
|
return $o;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$tpl = file_get_contents('view/lostpass.tpl');
|
||||||
|
|
||||||
|
$o .= $tpl;
|
||||||
|
|
||||||
|
return $o;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -13,4 +13,4 @@ ALTER TABLE `item` ADD `owner-name` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_
|
||||||
ADD `owner-link` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-name` ,
|
ADD `owner-link` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-name` ,
|
||||||
ADD `owner-avatar` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-link` ;
|
ADD `owner-avatar` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-link` ;
|
||||||
|
|
||||||
ALTER TABLE `item` ADD `remote-parent` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `parent` ;
|
ALTER TABLE `user` ADD `pwdreset` CHAR( 255 ) NOT NULL AFTER `blocked` ;
|
|
@ -14,7 +14,7 @@
|
||||||
<div id="login-extra-links">
|
<div id="login-extra-links">
|
||||||
<div id="login-extra-filler"> </div>
|
<div id="login-extra-filler"> </div>
|
||||||
$register_html
|
$register_html
|
||||||
<a href="lost-password" name="Lost your password?" id="lost-password-link" >Password Reset</a>
|
<a href="lostpass" title="Lost your password?" id="lost-password-link" >Password Reset</a>
|
||||||
</div>
|
</div>
|
||||||
<div id="login-extra-end"></div>
|
<div id="login-extra-end"></div>
|
||||||
<div id="login-submit-wrapper" >
|
<div id="login-submit-wrapper" >
|
||||||
|
|
18
view/lostpass.tpl
Normal file
18
view/lostpass.tpl
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
<h3>Forgot your Password?</h3>
|
||||||
|
|
||||||
|
<p id="lostpass-desc">
|
||||||
|
Enter your email address and submit to have your password reset. Then check your email for further instructions.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<form action="lostpass" method="post" >
|
||||||
|
<div id="login-name-wrapper">
|
||||||
|
<label for="login-name" id="label-login-name">Email address: </label>
|
||||||
|
<input type="text" maxlength="60" name="login-name" id="login-name" value="" />
|
||||||
|
</div>
|
||||||
|
<div id="login-extra-end"></div>
|
||||||
|
<div id="login-submit-wrapper" >
|
||||||
|
<input type="submit" name="submit" id="lostpass-submit-button" value="Reset" />
|
||||||
|
</div>
|
||||||
|
<div id="login-submit-end"></div>
|
||||||
|
</form>
|
||||||
|
|
32
view/lostpass_eml.tpl
Normal file
32
view/lostpass_eml.tpl
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
|
||||||
|
Dear $username,
|
||||||
|
A request was recently received at $sitename to reset your account
|
||||||
|
password. In order to confirm this request, please select the verification link
|
||||||
|
below or paste it into your web browser address bar.
|
||||||
|
|
||||||
|
If you did NOT request this change, please DO NOT follow the link
|
||||||
|
provided and ignore and/or delete this email.
|
||||||
|
|
||||||
|
Your password will not be changed unless we can verify that you
|
||||||
|
issued this request.
|
||||||
|
|
||||||
|
Follow this link to verify your identity:
|
||||||
|
|
||||||
|
$reset_link
|
||||||
|
|
||||||
|
You will then receive a follow-up message containing the new password.
|
||||||
|
|
||||||
|
You may change that password from your account settings page after logging in.
|
||||||
|
|
||||||
|
The login details are as follows:
|
||||||
|
|
||||||
|
Site Location: $siteurl
|
||||||
|
Login Name: $email
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Sincerely,
|
||||||
|
$sitename Administrator
|
||||||
|
|
||||||
|
|
20
view/passchanged_eml.tpl
Normal file
20
view/passchanged_eml.tpl
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
|
||||||
|
Dear $username,
|
||||||
|
Your password has been changed as requested. Please retain this
|
||||||
|
information for your records (or change your password immediately to
|
||||||
|
something that you will remember).
|
||||||
|
|
||||||
|
|
||||||
|
Your login details are as follows:
|
||||||
|
|
||||||
|
Site Location: $siteurl
|
||||||
|
Login Name: $email
|
||||||
|
Password: $new_password
|
||||||
|
|
||||||
|
You may change that password from your account settings page after logging in.
|
||||||
|
|
||||||
|
|
||||||
|
Sincerely,
|
||||||
|
$sitename Administrator
|
||||||
|
|
||||||
|
|
16
view/pwdreset.tpl
Normal file
16
view/pwdreset.tpl
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
<h3>Password Reset</h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Your password has been reset as requested.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
Your new password is
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
$newpass
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
Save or copy your new password - and then <a href="$baseurl" >click here to login</a>.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
Your password may be changed from the 'Settings' page after successful login.
|
Loading…
Reference in a new issue