Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

180 lines
5.4KB

  1. <?php
  2. /**
  3. * @file mod/lostpass.php
  4. */
  5. use Friendica\App;
  6. use Friendica\Core\Config;
  7. use Friendica\Core\L10n;
  8. use Friendica\Core\Renderer;
  9. use Friendica\Core\System;
  10. use Friendica\Database\DBA;
  11. use Friendica\Model\User;
  12. use Friendica\Util\DateTimeFormat;
  13. use Friendica\Util\Strings;
  14. function lostpass_post(App $a)
  15. {
  16. $loginame = Strings::escapeTags(trim($_POST['login-name']));
  17. if (!$loginame) {
  18. $a->internalRedirect();
  19. }
  20. $condition = ['(`email` = ? OR `nickname` = ?) AND `verified` = 1 AND `blocked` = 0', $loginame, $loginame];
  21. $user = DBA::selectFirst('user', ['uid', 'username', 'email', 'language'], $condition);
  22. if (!DBA::isResult($user)) {
  23. notice(L10n::t('No valid account found.') . EOL);
  24. $a->internalRedirect();
  25. }
  26. $pwdreset_token = Strings::getRandomName(12) . mt_rand(1000, 9999);
  27. $fields = [
  28. 'pwdreset' => $pwdreset_token,
  29. 'pwdreset_time' => DateTimeFormat::utcNow()
  30. ];
  31. $result = DBA::update('user', $fields, ['uid' => $user['uid']]);
  32. if ($result) {
  33. info(L10n::t('Password reset request issued. Check your email.') . EOL);
  34. }
  35. $sitename = Config::get('config', 'sitename');
  36. $resetlink = System::baseUrl() . '/lostpass/' . $pwdreset_token;
  37. $preamble = Strings::deindent(L10n::t('
  38. Dear %1$s,
  39. A request was recently received at "%2$s" to reset your account
  40. password. In order to confirm this request, please select the verification link
  41. below or paste it into your web browser address bar.
  42. If you did NOT request this change, please DO NOT follow the link
  43. provided and ignore and/or delete this email, the request will expire shortly.
  44. Your password will not be changed unless we can verify that you
  45. issued this request.', $user['username'], $sitename));
  46. $body = Strings::deindent(L10n::t('
  47. Follow this link soon to verify your identity:
  48. %1$s
  49. You will then receive a follow-up message containing the new password.
  50. You may change that password from your account settings page after logging in.
  51. The login details are as follows:
  52. Site Location: %2$s
  53. Login Name: %3$s', $resetlink, System::baseUrl(), $user['email']));
  54. notification([
  55. 'type' => SYSTEM_EMAIL,
  56. 'language' => $user['language'],
  57. 'to_name' => $user['username'],
  58. 'to_email' => $user['email'],
  59. 'uid' => $user['uid'],
  60. 'subject' => L10n::t('Password reset requested at %s', $sitename),
  61. 'preamble' => $preamble,
  62. 'body' => $body
  63. ]);
  64. $a->internalRedirect();
  65. }
  66. function lostpass_content(App $a)
  67. {
  68. $o = '';
  69. if ($a->argc > 1) {
  70. $pwdreset_token = $a->argv[1];
  71. $user = DBA::selectFirst('user', ['uid', 'username', 'email', 'pwdreset_time', 'language'], ['pwdreset' => $pwdreset_token]);
  72. if (!DBA::isResult($user)) {
  73. notice(L10n::t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed."));
  74. return lostpass_form();
  75. }
  76. // Password reset requests expire in 60 minutes
  77. if ($user['pwdreset_time'] < DateTimeFormat::utc('now - 1 hour')) {
  78. $fields = [
  79. 'pwdreset' => null,
  80. 'pwdreset_time' => null
  81. ];
  82. DBA::update('user', $fields, ['uid' => $user['uid']]);
  83. notice(L10n::t('Request has expired, please make a new one.'));
  84. return lostpass_form();
  85. }
  86. return lostpass_generate_password($user);
  87. } else {
  88. return lostpass_form();
  89. }
  90. }
  91. function lostpass_form()
  92. {
  93. $tpl = Renderer::getMarkupTemplate('lostpass.tpl');
  94. $o = Renderer::replaceMacros($tpl, [
  95. '$title' => L10n::t('Forgot your Password?'),
  96. '$desc' => L10n::t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'),
  97. '$name' => L10n::t('Nickname or Email: '),
  98. '$submit' => L10n::t('Reset')
  99. ]);
  100. return $o;
  101. }
  102. function lostpass_generate_password($user)
  103. {
  104. $o = '';
  105. $a = get_app();
  106. $new_password = User::generateNewPassword();
  107. $result = User::updatePassword($user['uid'], $new_password);
  108. if (DBA::isResult($result)) {
  109. $tpl = Renderer::getMarkupTemplate('pwdreset.tpl');
  110. $o .= Renderer::replaceMacros($tpl, [
  111. '$lbl1' => L10n::t('Password Reset'),
  112. '$lbl2' => L10n::t('Your password has been reset as requested.'),
  113. '$lbl3' => L10n::t('Your new password is'),
  114. '$lbl4' => L10n::t('Save or copy your new password - and then'),
  115. '$lbl5' => '<a href="' . System::baseUrl() . '">' . L10n::t('click here to login') . '</a>.',
  116. '$lbl6' => L10n::t('Your password may be changed from the <em>Settings</em> page after successful login.'),
  117. '$newpass' => $new_password,
  118. '$baseurl' => System::baseUrl()
  119. ]);
  120. info("Your password has been reset." . EOL);
  121. $sitename = Config::get('config', 'sitename');
  122. $preamble = Strings::deindent(L10n::t('
  123. Dear %1$s,
  124. Your password has been changed as requested. Please retain this
  125. information for your records ' . "\x28" . 'or change your password immediately to
  126. something that you will remember' . "\x29" . '.
  127. ', $user['username']));
  128. $body = Strings::deindent(L10n::t('
  129. Your login details are as follows:
  130. Site Location: %1$s
  131. Login Name: %2$s
  132. Password: %3$s
  133. You may change that password from your account settings page after logging in.
  134. ', System::baseUrl(), $user['email'], $new_password));
  135. notification([
  136. 'type' => SYSTEM_EMAIL,
  137. 'language' => $user['language'],
  138. 'to_name' => $user['username'],
  139. 'to_email' => $user['email'],
  140. 'uid' => $user['uid'],
  141. 'subject' => L10n::t('Your password has been changed at %s', $sitename),
  142. 'preamble' => $preamble,
  143. 'body' => $body
  144. ]);
  145. }
  146. return $o;
  147. }