2010-07-18 10:24:51 +02:00
< ? php
2017-12-01 20:57:13 +01:00
/**
2022-01-02 08:27:47 +01:00
* @ copyright Copyright ( C ) 2010 - 2022 , the Friendica project
2020-02-09 16:18:46 +01:00
*
* @ license GNU AGPL version 3 or any later version
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation , either version 3 of the
* License , or ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
*
* You should have received a copy of the GNU Affero General Public License
* along with this program . If not , see < https :// www . gnu . org / licenses />.
*
2017-12-01 20:57:13 +01:00
*/
2018-01-20 04:27:31 +01:00
2017-04-30 06:07:00 +02:00
use Friendica\App ;
2018-10-31 15:35:50 +01:00
use Friendica\Core\Renderer ;
2018-07-20 14:19:26 +02:00
use Friendica\Database\DBA ;
2019-12-16 00:28:31 +01:00
use Friendica\DI ;
2018-01-20 04:49:06 +01:00
use Friendica\Model\User ;
2018-01-27 03:38:34 +01:00
use Friendica\Util\DateTimeFormat ;
2018-11-08 16:14:37 +01:00
use Friendica\Util\Strings ;
2017-04-30 06:07:00 +02:00
2018-01-20 04:27:31 +01:00
function lostpass_post ( App $a )
{
2021-11-05 20:59:18 +01:00
$loginame = trim ( $_POST [ 'login-name' ]);
2018-01-20 04:27:31 +01:00
if ( ! $loginame ) {
2019-12-16 00:28:31 +01:00
DI :: baseUrl () -> redirect ();
2018-01-20 04:27:31 +01:00
}
2010-07-18 10:24:51 +02:00
2022-11-12 15:58:58 +01:00
$condition = [ '(`email` = ? OR `nickname` = ?) AND `verified` = 1 AND `blocked` = 0 AND `account_removed` = 0 AND `account_expired` = 0' , $loginame , $loginame ];
2019-01-04 02:42:29 +01:00
$user = DBA :: selectFirst ( 'user' , [ 'uid' , 'username' , 'nickname' , 'email' , 'language' ], $condition );
2018-07-21 14:46:04 +02:00
if ( ! DBA :: isResult ( $user )) {
2022-10-17 13:27:32 +02:00
DI :: sysmsg () -> addNotice ( DI :: l10n () -> t ( 'No valid account found.' ));
2019-12-16 00:28:31 +01:00
DI :: baseUrl () -> redirect ();
2011-06-29 09:59:21 +02:00
}
2020-04-04 10:06:49 +02:00
$pwdreset_token = Strings :: getRandomHex ( 32 );
2010-07-18 10:24:51 +02:00
2018-01-21 00:15:55 +01:00
$fields = [
2020-04-04 10:10:39 +02:00
'pwdreset' => hash ( 'sha256' , $pwdreset_token ),
2018-01-27 03:38:34 +01:00
'pwdreset_time' => DateTimeFormat :: utcNow ()
2018-01-21 00:15:55 +01:00
];
2018-07-20 14:19:26 +02:00
$result = DBA :: update ( 'user' , $fields , [ 'uid' => $user [ 'uid' ]]);
2018-01-20 04:27:31 +01:00
if ( $result ) {
2022-10-17 20:55:22 +02:00
DI :: sysmsg () -> addInfo ( DI :: l10n () -> t ( 'Password reset request issued. Check your email.' ));
2018-01-20 04:27:31 +01:00
}
2010-07-18 10:24:51 +02:00
2020-01-19 21:21:13 +01:00
$sitename = DI :: config () -> get ( 'config' , 'sitename' );
2019-12-30 23:00:08 +01:00
$resetlink = DI :: baseUrl () . '/lostpass/' . $pwdreset_token ;
2014-09-07 10:27:39 +02:00
2020-01-18 20:52:34 +01:00
$preamble = Strings :: deindent ( DI :: l10n () -> t ( '
2014-09-07 11:20:06 +02:00
Dear % 1 $s ,
A request was recently received at " %2 $s " to reset your account
password . In order to confirm this request , please select the verification link
below or paste it into your web browser address bar .
2014-09-07 10:27:39 +02:00
2014-09-07 11:20:06 +02:00
If you did NOT request this change , please DO NOT follow the link
2018-01-21 01:12:14 +01:00
provided and ignore and / or delete this email , the request will expire shortly .
2014-09-07 10:27:39 +02:00
2014-09-07 11:20:06 +02:00
Your password will not be changed unless we can verify that you
2018-01-20 04:27:31 +01:00
issued this request . ', $user[' username ' ], $sitename ));
2020-01-18 20:52:34 +01:00
$body = Strings :: deindent ( DI :: l10n () -> t ( '
2018-01-21 01:12:14 +01:00
Follow this link soon to verify your identity :
2014-09-07 10:27:39 +02:00
2014-09-07 11:20:06 +02:00
% 1 $s
2014-09-07 10:27:39 +02:00
2014-09-07 11:20:06 +02:00
You will then receive a follow - up message containing the new password .
You may change that password from your account settings page after logging in .
2014-09-07 10:27:39 +02:00
2014-09-07 11:20:06 +02:00
The login details are as follows :
2014-09-07 10:27:39 +02:00
2014-09-07 11:20:06 +02:00
Site Location : % 2 $s
2019-12-30 23:00:08 +01:00
Login Name : % 3 $s ', $resetlink, DI::baseUrl(), $user[' nickname ' ]));
2014-09-07 10:27:39 +02:00
2020-02-01 20:08:54 +01:00
$email = DI :: emailer ()
2020-02-04 21:04:08 +01:00
-> newSystemMail ()
2020-02-02 09:22:30 +01:00
-> withMessage ( DI :: l10n () -> t ( 'Password reset requested at %s' , $sitename ), $preamble , $body )
2020-02-04 21:04:08 +01:00
-> forUser ( $user )
2020-02-02 09:22:30 +01:00
-> withRecipient ( $user [ 'email' ])
-> build ();
2020-02-01 20:08:54 +01:00
DI :: emailer () -> send ( $email );
2019-12-16 00:28:31 +01:00
DI :: baseUrl () -> redirect ();
2016-02-05 21:52:39 +01:00
}
2010-07-18 10:24:51 +02:00
2018-01-20 04:27:31 +01:00
function lostpass_content ( App $a )
{
2021-07-25 15:08:22 +02:00
if ( DI :: args () -> getArgc () > 1 ) {
$pwdreset_token = DI :: args () -> getArgv ()[ 1 ];
2016-02-07 15:11:34 +01:00
2020-04-04 10:10:39 +02:00
$user = DBA :: selectFirst ( 'user' , [ 'uid' , 'username' , 'nickname' , 'email' , 'pwdreset_time' , 'language' ], [ 'pwdreset' => hash ( 'sha256' , $pwdreset_token )]);
2018-07-21 14:46:04 +02:00
if ( ! DBA :: isResult ( $user )) {
2022-10-17 13:27:32 +02:00
DI :: sysmsg () -> addNotice ( DI :: l10n () -> t ( " Request could not be verified. \x28 You may have previously submitted it. \x29 Password reset failed. " ));
2018-01-21 00:15:55 +01:00
return lostpass_form ();
2010-07-18 10:24:51 +02:00
}
2018-01-21 01:15:05 +01:00
// Password reset requests expire in 60 minutes
2018-01-27 03:38:34 +01:00
if ( $user [ 'pwdreset_time' ] < DateTimeFormat :: utc ( 'now - 1 hour' )) {
2018-01-21 00:15:55 +01:00
$fields = [
'pwdreset' => null ,
'pwdreset_time' => null
];
2018-07-20 14:19:26 +02:00
DBA :: update ( 'user' , $fields , [ 'uid' => $user [ 'uid' ]]);
2018-01-21 00:15:55 +01:00
2022-10-17 13:27:32 +02:00
DI :: sysmsg () -> addNotice ( DI :: l10n () -> t ( 'Request has expired, please make a new one.' ));
2018-01-21 00:15:55 +01:00
return lostpass_form ();
2010-07-18 10:24:51 +02:00
}
2018-01-21 00:15:55 +01:00
return lostpass_generate_password ( $user );
2018-01-20 04:27:31 +01:00
} else {
2018-01-21 00:15:55 +01:00
return lostpass_form ();
}
}
function lostpass_form ()
{
2018-10-31 15:44:06 +01:00
$tpl = Renderer :: getMarkupTemplate ( 'lostpass.tpl' );
2018-10-31 15:35:50 +01:00
$o = Renderer :: replaceMacros ( $tpl , [
2020-01-18 20:52:34 +01:00
'$title' => DI :: l10n () -> t ( 'Forgot your Password?' ),
'$desc' => DI :: l10n () -> t ( 'Enter your email address and submit to have your password reset. Then check your email for further instructions.' ),
'$name' => DI :: l10n () -> t ( 'Nickname or Email: ' ),
'$submit' => DI :: l10n () -> t ( 'Reset' )
2018-01-21 00:15:55 +01:00
]);
return $o ;
}
function lostpass_generate_password ( $user )
{
$o = '' ;
$new_password = User :: generateNewPassword ();
$result = User :: updatePassword ( $user [ 'uid' ], $new_password );
2018-07-21 14:46:04 +02:00
if ( DBA :: isResult ( $result )) {
2018-10-31 15:44:06 +01:00
$tpl = Renderer :: getMarkupTemplate ( 'pwdreset.tpl' );
2018-10-31 15:35:50 +01:00
$o .= Renderer :: replaceMacros ( $tpl , [
2020-01-18 20:52:34 +01:00
'$lbl1' => DI :: l10n () -> t ( 'Password Reset' ),
'$lbl2' => DI :: l10n () -> t ( 'Your password has been reset as requested.' ),
'$lbl3' => DI :: l10n () -> t ( 'Your new password is' ),
'$lbl4' => DI :: l10n () -> t ( 'Save or copy your new password - and then' ),
'$lbl5' => '<a href="' . DI :: baseUrl () . '">' . DI :: l10n () -> t ( 'click here to login' ) . '</a>.' ,
'$lbl6' => DI :: l10n () -> t ( 'Your password may be changed from the <em>Settings</em> page after successful login.' ),
2018-01-21 00:15:55 +01:00
'$newpass' => $new_password ,
2018-01-15 14:05:12 +01:00
]);
2010-07-18 10:24:51 +02:00
2022-10-17 20:55:22 +02:00
DI :: sysmsg () -> addInfo ( DI :: l10n () -> t ( " Your password has been reset. " ));
2018-01-21 00:15:55 +01:00
2020-01-19 21:21:13 +01:00
$sitename = DI :: config () -> get ( 'config' , 'sitename' );
2020-01-18 20:52:34 +01:00
$preamble = Strings :: deindent ( DI :: l10n () -> t ( '
2018-01-21 00:15:55 +01:00
Dear % 1 $s ,
Your password has been changed as requested . Please retain this
2018-01-24 22:51:32 +01:00
information for your records ' . "\x28" . ' or change your password immediately to
something that you will remember ' . "\x29" . ' .
2018-01-21 00:15:55 +01:00
', $user[' username ' ]));
2020-01-18 20:52:34 +01:00
$body = Strings :: deindent ( DI :: l10n () -> t ( '
2018-01-21 00:15:55 +01:00
Your login details are as follows :
Site Location : % 1 $s
Login Name : % 2 $s
Password : % 3 $s
You may change that password from your account settings page after logging in .
2019-12-30 23:00:08 +01:00
', DI::baseUrl(), $user[' nickname ' ], $new_password ));
2018-01-21 00:15:55 +01:00
2020-02-01 20:08:54 +01:00
$email = DI :: emailer ()
2020-02-04 21:04:08 +01:00
-> newSystemMail ()
2020-02-02 09:15:05 +01:00
-> withMessage ( DI :: l10n () -> t ( 'Your password has been changed at %s' , $sitename ), $preamble , $body )
2020-02-04 21:04:08 +01:00
-> forUser ( $user )
2020-02-02 09:15:05 +01:00
-> withRecipient ( $user [ 'email' ])
-> build ();
2020-02-01 20:08:54 +01:00
DI :: emailer () -> send ( $email );
2010-07-18 10:24:51 +02:00
}
2018-01-21 00:15:55 +01:00
return $o ;
2011-05-23 11:39:57 +02:00
}