aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMike Macgirvin <mike@macgirvin.com>2010-07-18 01:24:51 -0700
committerMike Macgirvin <mike@macgirvin.com>2010-07-18 01:24:51 -0700
commit83ee7909cddaed3d25c4b52f197ac470e8150ee0 (patch)
treed48cf3f33ae26bce97c34084f1819fa714784682
parentaff4f63ff8e005bb3ce1d726405fd6d5d2dcfa60 (diff)
downloadvolse-hubzilla-83ee7909cddaed3d25c4b52f197ac470e8150ee0.tar.gz
volse-hubzilla-83ee7909cddaed3d25c4b52f197ac470e8150ee0.tar.bz2
volse-hubzilla-83ee7909cddaed3d25c4b52f197ac470e8150ee0.zip
password reset
-rw-r--r--mod/lostpass.php104
-rw-r--r--update.sql2
-rw-r--r--view/login.tpl2
-rw-r--r--view/lostpass.tpl18
-rw-r--r--view/lostpass_eml.tpl32
-rw-r--r--view/passchanged_eml.tpl20
-rw-r--r--view/pwdreset.tpl16
7 files changed, 192 insertions, 2 deletions
diff --git a/mod/lostpass.php b/mod/lostpass.php
new file mode 100644
index 000000000..fb219072e
--- /dev/null
+++ b/mod/lostpass.php
@@ -0,0 +1,104 @@
+<?php
+
+
+function lostpass_post(&$a) {
+
+ $email = notags(trim($_POST['login-name']));
+ if(! $email)
+ goaway($a->get_baseurl());
+
+ $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
+ dbesc($email)
+ );
+ if(! count($r))
+ goaway($a->get_baseurl());
+ $uid = $r[0]['uid'];
+ $username = $r[0]['username'];
+
+ $new_password = autoname(12) . mt_rand(100,9999);
+ $new_password_encoded = hash('whirlpool',$new_password);
+
+ $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1",
+ dbesc($new_password_encoded),
+ intval($uid)
+ );
+ if($r)
+ notice("Password reset request issued. Check your email.");
+
+ $email_tpl = file_get_contents("view/lostpass_eml.tpl");
+ $email_tpl = replace_macros($email_tpl, array(
+ '$sitename' => $a->config['sitename'],
+ '$siteurl' => $a->get_baseurl(),
+ '$username' => $username,
+ '$email' => $email,
+ '$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password
+ ));
+
+ $res = mail($email,"Password reset requested at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
+
+
+
+ goaway($a->get_baseurl());
+}
+
+
+function lostpass_content(&$a) {
+
+
+ if(x($_GET,'verify')) {
+ $verify = $_GET['verify'];
+ $hash = hash('whirlpool', $verify);
+
+ $r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1",
+ dbesc($hash)
+ );
+ if(! count($r)) {
+ notice("Request could not be verified. (You may have previously submitted it.) Password reset failed." . EOL);
+ goaway($a->get_baseurl());
+ return;
+ }
+ $uid = $r[0]['uid'];
+ $username = $r[0]['username'];
+ $email = $r[0]['email'];
+
+ $new_password = autoname(6) . mt_rand(100,9999);
+ $new_password_encoded = hash('whirlpool',$new_password);
+
+ $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1",
+ dbesc($new_password_encoded),
+ intval($uid)
+ );
+ if($r) {
+ $tpl = file_get_contents('view/pwdreset.tpl');
+ $o .= replace_macros($tpl,array(
+ '$newpass' => $new_password,
+ '$baseurl' => $a->get_baseurl()
+ ));
+ notice("Your password has been reset." . EOL);
+
+
+
+ $email_tpl = file_get_contents("view/passchanged_eml.tpl");
+ $email_tpl = replace_macros($email_tpl, array(
+ '$sitename' => $a->config['sitename'],
+ '$siteurl' => $a->get_baseurl(),
+ '$username' => $username,
+ '$email' => $email,
+ '$new_password' => $new_password,
+ '$uid' => $newuid ));
+
+ $res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
+
+ return $o;
+ }
+
+ }
+ else {
+ $tpl = file_get_contents('view/lostpass.tpl');
+
+ $o .= $tpl;
+
+ return $o;
+ }
+
+} \ No newline at end of file
diff --git a/update.sql b/update.sql
index 0a606e527..fc4a63fd9 100644
--- a/update.sql
+++ b/update.sql
@@ -13,4 +13,4 @@ ALTER TABLE `item` ADD `owner-name` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_
ADD `owner-link` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-name` ,
ADD `owner-avatar` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-link` ;
-ALTER TABLE `item` ADD `remote-parent` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `parent` ; \ No newline at end of file
+ALTER TABLE `user` ADD `pwdreset` CHAR( 255 ) NOT NULL AFTER `blocked` ; \ No newline at end of file
diff --git a/view/login.tpl b/view/login.tpl
index 2ce7241fc..c7cae1bb7 100644
--- a/view/login.tpl
+++ b/view/login.tpl
@@ -14,7 +14,7 @@
<div id="login-extra-links">
<div id="login-extra-filler">&nbsp;</div>
$register_html
- <a href="lost-password" name="Lost your password?" id="lost-password-link" >Password Reset</a>
+ <a href="lostpass" title="Lost your password?" id="lost-password-link" >Password Reset</a>
</div>
<div id="login-extra-end"></div>
<div id="login-submit-wrapper" >
diff --git a/view/lostpass.tpl b/view/lostpass.tpl
new file mode 100644
index 000000000..9de0a2acf
--- /dev/null
+++ b/view/lostpass.tpl
@@ -0,0 +1,18 @@
+<h3>Forgot your Password?</h3>
+
+<p id="lostpass-desc">
+Enter your email address and submit to have your password reset. Then check your email for further instructions.
+</p>
+
+<form action="lostpass" method="post" >
+<div id="login-name-wrapper">
+ <label for="login-name" id="label-login-name">Email address: </label>
+ <input type="text" maxlength="60" name="login-name" id="login-name" value="" />
+</div>
+<div id="login-extra-end"></div>
+<div id="login-submit-wrapper" >
+ <input type="submit" name="submit" id="lostpass-submit-button" value="Reset" />
+</div>
+<div id="login-submit-end"></div>
+</form>
+
diff --git a/view/lostpass_eml.tpl b/view/lostpass_eml.tpl
new file mode 100644
index 000000000..c350236a4
--- /dev/null
+++ b/view/lostpass_eml.tpl
@@ -0,0 +1,32 @@
+
+Dear $username,
+ A request was recently received at $sitename to reset your account
+password. In order to confirm this request, please select the verification link
+below or paste it into your web browser address bar.
+
+If you did NOT request this change, please DO NOT follow the link
+provided and ignore and/or delete this email.
+
+Your password will not be changed unless we can verify that you
+issued this request.
+
+Follow this link to verify your identity:
+
+$reset_link
+
+You will then receive a follow-up message containing the new password.
+
+You may change that password from your account settings page after logging in.
+
+The login details are as follows:
+
+Site Location: $siteurl
+Login Name: $email
+
+
+
+
+Sincerely,
+ $sitename Administrator
+
+
diff --git a/view/passchanged_eml.tpl b/view/passchanged_eml.tpl
new file mode 100644
index 000000000..9692159e1
--- /dev/null
+++ b/view/passchanged_eml.tpl
@@ -0,0 +1,20 @@
+
+Dear $username,
+ Your password has been changed as requested. Please retain this
+information for your records (or change your password immediately to
+something that you will remember).
+
+
+Your login details are as follows:
+
+Site Location: $siteurl
+Login Name: $email
+Password: $new_password
+
+You may change that password from your account settings page after logging in.
+
+
+Sincerely,
+ $sitename Administrator
+
+
diff --git a/view/pwdreset.tpl b/view/pwdreset.tpl
new file mode 100644
index 000000000..dd609f061
--- /dev/null
+++ b/view/pwdreset.tpl
@@ -0,0 +1,16 @@
+<h3>Password Reset</h3>
+
+<p>
+Your password has been reset as requested.
+</p>
+<p>
+Your new password is
+</p>
+<p>
+$newpass
+</p>
+<p>
+Save or copy your new password - and then <a href="$baseurl" >click here to login</a>.
+</p>
+<p>
+Your password may be changed from the 'Settings' page after successful login. \ No newline at end of file