Browse Source

password reset

pull/1/head
Mike Macgirvin 11 years ago
parent
commit
83ee7909cd
7 changed files with 192 additions and 2 deletions
  1. +104
    -0
      mod/lostpass.php
  2. +1
    -1
      update.sql
  3. +1
    -1
      view/login.tpl
  4. +18
    -0
      view/lostpass.tpl
  5. +32
    -0
      view/lostpass_eml.tpl
  6. +20
    -0
      view/passchanged_eml.tpl
  7. +16
    -0
      view/pwdreset.tpl

+ 104
- 0
mod/lostpass.php View File

@ -0,0 +1,104 @@
<?php
function lostpass_post(&$a) {
$email = notags(trim($_POST['login-name']));
if(! $email)
goaway($a->get_baseurl());
$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
dbesc($email)
);
if(! count($r))
goaway($a->get_baseurl());
$uid = $r[0]['uid'];
$username = $r[0]['username'];
$new_password = autoname(12) . mt_rand(100,9999);
$new_password_encoded = hash('whirlpool',$new_password);
$r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1",
dbesc($new_password_encoded),
intval($uid)
);
if($r)
notice("Password reset request issued. Check your email.");
$email_tpl = file_get_contents("view/lostpass_eml.tpl");
$email_tpl = replace_macros($email_tpl, array(
'$sitename' => $a->config['sitename'],
'$siteurl' => $a->get_baseurl(),
'$username' => $username,
'$email' => $email,
'$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password
));
$res = mail($email,"Password reset requested at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
goaway($a->get_baseurl());
}
function lostpass_content(&$a) {
if(x($_GET,'verify')) {
$verify = $_GET['verify'];
$hash = hash('whirlpool', $verify);
$r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1",
dbesc($hash)
);
if(! count($r)) {
notice("Request could not be verified. (You may have previously submitted it.) Password reset failed." . EOL);
goaway($a->get_baseurl());
return;
}
$uid = $r[0]['uid'];
$username = $r[0]['username'];
$email = $r[0]['email'];
$new_password = autoname(6) . mt_rand(100,9999);
$new_password_encoded = hash('whirlpool',$new_password);
$r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1",
dbesc($new_password_encoded),
intval($uid)
);
if($r) {
$tpl = file_get_contents('view/pwdreset.tpl');
$o .= replace_macros($tpl,array(
'$newpass' => $new_password,
'$baseurl' => $a->get_baseurl()
));
notice("Your password has been reset." . EOL);
$email_tpl = file_get_contents("view/passchanged_eml.tpl");
$email_tpl = replace_macros($email_tpl, array(
'$sitename' => $a->config['sitename'],
'$siteurl' => $a->get_baseurl(),
'$username' => $username,
'$email' => $email,
'$new_password' => $new_password,
'$uid' => $newuid ));
$res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
return $o;
}
}
else {
$tpl = file_get_contents('view/lostpass.tpl');
$o .= $tpl;
return $o;
}
}

+ 1
- 1
update.sql View File

@ -13,4 +13,4 @@ ALTER TABLE `item` ADD `owner-name` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_
ADD `owner-link` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-name` ,
ADD `owner-avatar` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-link` ;
ALTER TABLE `item` ADD `remote-parent` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `parent` ;
ALTER TABLE `user` ADD `pwdreset` CHAR( 255 ) NOT NULL AFTER `blocked` ;

+ 1
- 1
view/login.tpl View File

@ -14,7 +14,7 @@
<div id="login-extra-links">
<div id="login-extra-filler">&nbsp;</div>
$register_html
<a href="lost-password" name="Lost your password?" id="lost-password-link" >Password Reset</a>
<a href="lostpass" title="Lost your password?" id="lost-password-link" >Password Reset</a>
</div>
<div id="login-extra-end"></div>
<div id="login-submit-wrapper" >


+ 18
- 0
view/lostpass.tpl View File

@ -0,0 +1,18 @@
<h3>Forgot your Password?</h3>
<p id="lostpass-desc">
Enter your email address and submit to have your password reset. Then check your email for further instructions.
</p>
<form action="lostpass" method="post" >
<div id="login-name-wrapper">
<label for="login-name" id="label-login-name">Email address: </label>
<input type="text" maxlength="60" name="login-name" id="login-name" value="" />
</div>
<div id="login-extra-end"></div>
<div id="login-submit-wrapper" >
<input type="submit" name="submit" id="lostpass-submit-button" value="Reset" />
</div>
<div id="login-submit-end"></div>
</form>

+ 32
- 0
view/lostpass_eml.tpl View File

@ -0,0 +1,32 @@
Dear $username,
A request was recently received at $sitename to reset your account
password. In order to confirm this request, please select the verification link
below or paste it into your web browser address bar.
If you did NOT request this change, please DO NOT follow the link
provided and ignore and/or delete this email.
Your password will not be changed unless we can verify that you
issued this request.
Follow this link to verify your identity:
$reset_link
You will then receive a follow-up message containing the new password.
You may change that password from your account settings page after logging in.
The login details are as follows:
Site Location: $siteurl
Login Name: $email
Sincerely,
$sitename Administrator

+ 20
- 0
view/passchanged_eml.tpl View File

@ -0,0 +1,20 @@
Dear $username,
Your password has been changed as requested. Please retain this
information for your records (or change your password immediately to
something that you will remember).
Your login details are as follows:
Site Location: $siteurl
Login Name: $email
Password: $new_password
You may change that password from your account settings page after logging in.
Sincerely,
$sitename Administrator

+ 16
- 0
view/pwdreset.tpl View File

@ -0,0 +1,16 @@
<h3>Password Reset</h3>
<p>
Your password has been reset as requested.
</p>
<p>
Your new password is
</p>
<p>
$newpass
</p>
<p>
Save or copy your new password - and then <a href="$baseurl" >click here to login</a>.
</p>
<p>
Your password may be changed from the 'Settings' page after successful login.

Loading…
Cancel
Save