password reset
This commit is contained in:
parent
aff4f63ff8
commit
83ee7909cd
|
@ -0,0 +1,104 @@
|
|||
<?php
|
||||
|
||||
|
||||
function lostpass_post(&$a) {
|
||||
|
||||
$email = notags(trim($_POST['login-name']));
|
||||
if(! $email)
|
||||
goaway($a->get_baseurl());
|
||||
|
||||
$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
|
||||
dbesc($email)
|
||||
);
|
||||
if(! count($r))
|
||||
goaway($a->get_baseurl());
|
||||
$uid = $r[0]['uid'];
|
||||
$username = $r[0]['username'];
|
||||
|
||||
$new_password = autoname(12) . mt_rand(100,9999);
|
||||
$new_password_encoded = hash('whirlpool',$new_password);
|
||||
|
||||
$r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1",
|
||||
dbesc($new_password_encoded),
|
||||
intval($uid)
|
||||
);
|
||||
if($r)
|
||||
notice("Password reset request issued. Check your email.");
|
||||
|
||||
$email_tpl = file_get_contents("view/lostpass_eml.tpl");
|
||||
$email_tpl = replace_macros($email_tpl, array(
|
||||
'$sitename' => $a->config['sitename'],
|
||||
'$siteurl' => $a->get_baseurl(),
|
||||
'$username' => $username,
|
||||
'$email' => $email,
|
||||
'$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password
|
||||
));
|
||||
|
||||
$res = mail($email,"Password reset requested at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
|
||||
|
||||
|
||||
|
||||
goaway($a->get_baseurl());
|
||||
}
|
||||
|
||||
|
||||
function lostpass_content(&$a) {
|
||||
|
||||
|
||||
if(x($_GET,'verify')) {
|
||||
$verify = $_GET['verify'];
|
||||
$hash = hash('whirlpool', $verify);
|
||||
|
||||
$r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1",
|
||||
dbesc($hash)
|
||||
);
|
||||
if(! count($r)) {
|
||||
notice("Request could not be verified. (You may have previously submitted it.) Password reset failed." . EOL);
|
||||
goaway($a->get_baseurl());
|
||||
return;
|
||||
}
|
||||
$uid = $r[0]['uid'];
|
||||
$username = $r[0]['username'];
|
||||
$email = $r[0]['email'];
|
||||
|
||||
$new_password = autoname(6) . mt_rand(100,9999);
|
||||
$new_password_encoded = hash('whirlpool',$new_password);
|
||||
|
||||
$r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1",
|
||||
dbesc($new_password_encoded),
|
||||
intval($uid)
|
||||
);
|
||||
if($r) {
|
||||
$tpl = file_get_contents('view/pwdreset.tpl');
|
||||
$o .= replace_macros($tpl,array(
|
||||
'$newpass' => $new_password,
|
||||
'$baseurl' => $a->get_baseurl()
|
||||
));
|
||||
notice("Your password has been reset." . EOL);
|
||||
|
||||
|
||||
|
||||
$email_tpl = file_get_contents("view/passchanged_eml.tpl");
|
||||
$email_tpl = replace_macros($email_tpl, array(
|
||||
'$sitename' => $a->config['sitename'],
|
||||
'$siteurl' => $a->get_baseurl(),
|
||||
'$username' => $username,
|
||||
'$email' => $email,
|
||||
'$new_password' => $new_password,
|
||||
'$uid' => $newuid ));
|
||||
|
||||
$res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
|
||||
|
||||
return $o;
|
||||
}
|
||||
|
||||
}
|
||||
else {
|
||||
$tpl = file_get_contents('view/lostpass.tpl');
|
||||
|
||||
$o .= $tpl;
|
||||
|
||||
return $o;
|
||||
}
|
||||
|
||||
}
|
|
@ -13,4 +13,4 @@ ALTER TABLE `item` ADD `owner-name` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_
|
|||
ADD `owner-link` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-name` ,
|
||||
ADD `owner-avatar` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-link` ;
|
||||
|
||||
ALTER TABLE `item` ADD `remote-parent` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `parent` ;
|
||||
ALTER TABLE `user` ADD `pwdreset` CHAR( 255 ) NOT NULL AFTER `blocked` ;
|
|
@ -14,7 +14,7 @@
|
|||
<div id="login-extra-links">
|
||||
<div id="login-extra-filler"> </div>
|
||||
$register_html
|
||||
<a href="lost-password" name="Lost your password?" id="lost-password-link" >Password Reset</a>
|
||||
<a href="lostpass" title="Lost your password?" id="lost-password-link" >Password Reset</a>
|
||||
</div>
|
||||
<div id="login-extra-end"></div>
|
||||
<div id="login-submit-wrapper" >
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
<h3>Forgot your Password?</h3>
|
||||
|
||||
<p id="lostpass-desc">
|
||||
Enter your email address and submit to have your password reset. Then check your email for further instructions.
|
||||
</p>
|
||||
|
||||
<form action="lostpass" method="post" >
|
||||
<div id="login-name-wrapper">
|
||||
<label for="login-name" id="label-login-name">Email address: </label>
|
||||
<input type="text" maxlength="60" name="login-name" id="login-name" value="" />
|
||||
</div>
|
||||
<div id="login-extra-end"></div>
|
||||
<div id="login-submit-wrapper" >
|
||||
<input type="submit" name="submit" id="lostpass-submit-button" value="Reset" />
|
||||
</div>
|
||||
<div id="login-submit-end"></div>
|
||||
</form>
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
|
||||
Dear $username,
|
||||
A request was recently received at $sitename to reset your account
|
||||
password. In order to confirm this request, please select the verification link
|
||||
below or paste it into your web browser address bar.
|
||||
|
||||
If you did NOT request this change, please DO NOT follow the link
|
||||
provided and ignore and/or delete this email.
|
||||
|
||||
Your password will not be changed unless we can verify that you
|
||||
issued this request.
|
||||
|
||||
Follow this link to verify your identity:
|
||||
|
||||
$reset_link
|
||||
|
||||
You will then receive a follow-up message containing the new password.
|
||||
|
||||
You may change that password from your account settings page after logging in.
|
||||
|
||||
The login details are as follows:
|
||||
|
||||
Site Location: $siteurl
|
||||
Login Name: $email
|
||||
|
||||
|
||||
|
||||
|
||||
Sincerely,
|
||||
$sitename Administrator
|
||||
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
|
||||
Dear $username,
|
||||
Your password has been changed as requested. Please retain this
|
||||
information for your records (or change your password immediately to
|
||||
something that you will remember).
|
||||
|
||||
|
||||
Your login details are as follows:
|
||||
|
||||
Site Location: $siteurl
|
||||
Login Name: $email
|
||||
Password: $new_password
|
||||
|
||||
You may change that password from your account settings page after logging in.
|
||||
|
||||
|
||||
Sincerely,
|
||||
$sitename Administrator
|
||||
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
<h3>Password Reset</h3>
|
||||
|
||||
<p>
|
||||
Your password has been reset as requested.
|
||||
</p>
|
||||
<p>
|
||||
Your new password is
|
||||
</p>
|
||||
<p>
|
||||
$newpass
|
||||
</p>
|
||||
<p>
|
||||
Save or copy your new password - and then <a href="$baseurl" >click here to login</a>.
|
||||
</p>
|
||||
<p>
|
||||
Your password may be changed from the 'Settings' page after successful login.
|
Loading…
Reference in New Issue
Block a user