Fix formatting mod/lostpass

This commit is contained in:
Hypolite Petovan 2018-01-19 22:27:31 -05:00
parent 3ac1992237
commit b1e3d09533

View file

@ -1,47 +1,41 @@
<?php <?php
/** /**
* @file mod/lostpass.php * @file mod/lostpass.php
*/ */
use Friendica\App; use Friendica\App;
use Friendica\Core\System; use Friendica\Core\System;
use Friendica\Database\DBM; use Friendica\Database\DBM;
require_once 'include/boot.php';
require_once 'include/enotify.php'; require_once 'include/enotify.php';
require_once 'include/text.php'; require_once 'include/text.php';
require_once 'include/pgettext.php';
function lostpass_post(App $a) { function lostpass_post(App $a)
{
$loginame = notags(trim($_POST['login-name'])); $loginame = notags(trim($_POST['login-name']));
if(! $loginame) if (!$loginame) {
goaway(System::baseUrl());
$r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1",
dbesc($loginame),
dbesc($loginame)
);
if (! DBM::is_result($r)) {
notice( t('No valid account found.') . EOL);
goaway(System::baseUrl()); goaway(System::baseUrl());
} }
$uid = $r[0]['uid']; $condition = ['(`email` = ? OR `nickname` = ?) AND `verified` = 1 AND `blocked` = 0', $loginame, $loginame];
$username = $r[0]['username']; $user = dba::selectFirst('user', ['uid', 'username', 'email'], $condition);
$email = $r[0]['email']; if (!DBM::is_result($user)) {
notice(t('No valid account found.') . EOL);
goaway(System::baseUrl());
}
$new_password = autoname(12) . mt_rand(100,9999); $pwdreset_token = autoname(12) . mt_rand(1000, 9999);
$new_password_encoded = hash('whirlpool',$new_password);
$r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d",
dbesc($new_password_encoded),
intval($uid)
);
if($r)
info( t('Password reset request issued. Check your email.') . EOL);
$result = dba::update('user', ['pwdreset' => $pwdreset_token], ['uid' => $user['uid']]);
if ($result) {
info(t('Password reset request issued. Check your email.') . EOL);
}
$sitename = $a->config['sitename']; $sitename = $a->config['sitename'];
$resetlink = System::baseUrl() . '/lostpass?verify=' . $new_password; $resetlink = System::baseUrl() . '/lostpass?verify=' . $pwdreset_token;
$preamble = deindent(t(' $preamble = deindent(t('
Dear %1$s, Dear %1$s,
@ -53,7 +47,7 @@ function lostpass_post(App $a) {
provided and ignore and/or delete this email. provided and ignore and/or delete this email.
Your password will not be changed unless we can verify that you Your password will not be changed unless we can verify that you
issued this request.')); issued this request.', $user['username'], $sitename));
$body = deindent(t(' $body = deindent(t('
Follow this link to verify your identity: Follow this link to verify your identity:
@ -65,53 +59,39 @@ function lostpass_post(App $a) {
The login details are as follows: The login details are as follows:
Site Location: %2$s Site Location: %2$s
Login Name: %3$s')); Login Name: %3$s', $resetlink, System::baseUrl(), $user['email']));
$preamble = sprintf($preamble, $username, $sitename);
$body = sprintf($body, $resetlink, System::baseUrl(), $email);
notification([ notification([
'type' => SYSTEM_EMAIL, 'type' => SYSTEM_EMAIL,
'to_email' => $email, 'to_email' => $user['email'],
'subject'=> sprintf( t('Password reset requested at %s'),$sitename), 'subject' => t('Password reset requested at %s', $sitename),
'preamble'=> $preamble, 'preamble' => $preamble,
'body' => $body]); 'body' => $body
]);
goaway(System::baseUrl()); goaway(System::baseUrl());
} }
function lostpass_content(App $a)
{
$o = '';
if (x($_GET, 'verify')) {
$pwdreset_token = $_GET['verify'];
function lostpass_content(App $a) { $user = dba::selectFirst('user', ['uid', 'username', 'email'], ['pwdreset' => $pwdreset_token]);
if (!DBM::is_result($user)) {
if(x($_GET,'verify')) {
$verify = $_GET['verify'];
$hash = hash('whirlpool', $verify);
$r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1",
dbesc($hash)
);
if (! DBM::is_result($r)) {
$o = t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed."); $o = t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed.");
return $o; return $o;
} }
$uid = $r[0]['uid'];
$username = $r[0]['username'];
$email = $r[0]['email'];
$new_password = autoname(6) . mt_rand(100,9999); $new_password = autoname(6) . mt_rand(100, 9999);
$new_password_encoded = hash('whirlpool',$new_password); $new_password_encoded = hash('whirlpool', $new_password);
$r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d", $result = dba::update('user', ['password' => $new_password_encoded, 'pwdreset' => ''], ['uid' => $user['uid']]);
dbesc($new_password_encoded), if (DBM::is_result($result)) {
intval($uid)
);
/// @TODO Is DBM::is_result() okay here?
if ($r) {
$tpl = get_markup_template('pwdreset.tpl'); $tpl = get_markup_template('pwdreset.tpl');
$o .= replace_macros($tpl,[ $o .= replace_macros($tpl,
[
'$lbl1' => t('Password Reset'), '$lbl1' => t('Password Reset'),
'$lbl2' => t('Your password has been reset as requested.'), '$lbl2' => t('Your password has been reset as requested.'),
'$lbl3' => t('Your new password is'), '$lbl3' => t('Your new password is'),
@ -120,19 +100,17 @@ function lostpass_content(App $a) {
'$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'),
'$newpass' => $new_password, '$newpass' => $new_password,
'$baseurl' => System::baseUrl() '$baseurl' => System::baseUrl()
]); ]);
info("Your password has been reset." . EOL); info("Your password has been reset." . EOL);
$sitename = $a->config['sitename']; $sitename = $a->config['sitename'];
// $username, $email, $new_password
$preamble = deindent(t(' $preamble = deindent(t('
Dear %1$s, Dear %1$s,
Your password has been changed as requested. Please retain this Your password has been changed as requested. Please retain this
information for your records (or change your password immediately to information for your records (or change your password immediately to
something that you will remember). something that you will remember).
')); ', $user['username']));
$body = deindent(t(' $body = deindent(t('
Your login details are as follows: Your login details are as follows:
@ -141,26 +119,21 @@ function lostpass_content(App $a) {
Password: %3$s Password: %3$s
You may change that password from your account settings page after logging in. You may change that password from your account settings page after logging in.
')); ', System::baseUrl(), $user['email'], $new_password));
$preamble = sprintf($preamble, $username);
$body = sprintf($body, System::baseUrl(), $email, $new_password);
notification([ notification([
'type' => SYSTEM_EMAIL, 'type' => SYSTEM_EMAIL,
'to_email' => $email, 'to_email' => $user['email'],
'subject'=> sprintf( t('Your password has been changed at %s'),$sitename), 'subject' => t('Your password has been changed at %s', $sitename),
'preamble'=> $preamble, 'preamble' => $preamble,
'body' => $body]); 'body' => $body
]);
return $o; return $o;
} }
} else {
}
else {
$tpl = get_markup_template('lostpass.tpl'); $tpl = get_markup_template('lostpass.tpl');
$o .= replace_macros($tpl, [
$o .= replace_macros($tpl,[
'$title' => t('Forgot your Password?'), '$title' => t('Forgot your Password?'),
'$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'),
'$name' => t('Nickname or Email: '), '$name' => t('Nickname or Email: '),
@ -169,5 +142,4 @@ function lostpass_content(App $a) {
return $o; return $o;
} }
} }