diff options
| -rw-r--r-- | mod/lostpass.php | 104 | ||||
| -rw-r--r-- | update.sql | 2 | ||||
| -rw-r--r-- | view/login.tpl | 2 | ||||
| -rw-r--r-- | view/lostpass.tpl | 18 | ||||
| -rw-r--r-- | view/lostpass_eml.tpl | 32 | ||||
| -rw-r--r-- | view/passchanged_eml.tpl | 20 | ||||
| -rw-r--r-- | view/pwdreset.tpl | 16 |
7 files changed, 192 insertions, 2 deletions
diff --git a/mod/lostpass.php b/mod/lostpass.php new file mode 100644 index 000000000..fb219072e --- /dev/null +++ b/mod/lostpass.php @@ -0,0 +1,104 @@ +<?php + + +function lostpass_post(&$a) { + + $email = notags(trim($_POST['login-name'])); + if(! $email) + goaway($a->get_baseurl()); + + $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1", + dbesc($email) + ); + if(! count($r)) + goaway($a->get_baseurl()); + $uid = $r[0]['uid']; + $username = $r[0]['username']; + + $new_password = autoname(12) . mt_rand(100,9999); + $new_password_encoded = hash('whirlpool',$new_password); + + $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1", + dbesc($new_password_encoded), + intval($uid) + ); + if($r) + notice("Password reset request issued. Check your email."); + + $email_tpl = file_get_contents("view/lostpass_eml.tpl"); + $email_tpl = replace_macros($email_tpl, array( + '$sitename' => $a->config['sitename'], + '$siteurl' => $a->get_baseurl(), + '$username' => $username, + '$email' => $email, + '$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password + )); + + $res = mail($email,"Password reset requested at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}"); + + + + goaway($a->get_baseurl()); +} + + +function lostpass_content(&$a) { + + + if(x($_GET,'verify')) { + $verify = $_GET['verify']; + $hash = hash('whirlpool', $verify); + + $r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1", + dbesc($hash) + ); + if(! count($r)) { + notice("Request could not be verified. (You may have previously submitted it.) Password reset failed." . EOL); + goaway($a->get_baseurl()); + return; + } + $uid = $r[0]['uid']; + $username = $r[0]['username']; + $email = $r[0]['email']; + + $new_password = autoname(6) . mt_rand(100,9999); + $new_password_encoded = hash('whirlpool',$new_password); + + $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1", + dbesc($new_password_encoded), + intval($uid) + ); + if($r) { + $tpl = file_get_contents('view/pwdreset.tpl'); + $o .= replace_macros($tpl,array( + '$newpass' => $new_password, + '$baseurl' => $a->get_baseurl() + )); + notice("Your password has been reset." . EOL); + + + + $email_tpl = file_get_contents("view/passchanged_eml.tpl"); + $email_tpl = replace_macros($email_tpl, array( + '$sitename' => $a->config['sitename'], + '$siteurl' => $a->get_baseurl(), + '$username' => $username, + '$email' => $email, + '$new_password' => $new_password, + '$uid' => $newuid )); + + $res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}"); + + return $o; + } + + } + else { + $tpl = file_get_contents('view/lostpass.tpl'); + + $o .= $tpl; + + return $o; + } + +}
\ No newline at end of file diff --git a/update.sql b/update.sql index 0a606e527..fc4a63fd9 100644 --- a/update.sql +++ b/update.sql @@ -13,4 +13,4 @@ ALTER TABLE `item` ADD `owner-name` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_ ADD `owner-link` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-name` , ADD `owner-avatar` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-link` ; -ALTER TABLE `item` ADD `remote-parent` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `parent` ;
\ No newline at end of file +ALTER TABLE `user` ADD `pwdreset` CHAR( 255 ) NOT NULL AFTER `blocked` ;
\ No newline at end of file diff --git a/view/login.tpl b/view/login.tpl index 2ce7241fc..c7cae1bb7 100644 --- a/view/login.tpl +++ b/view/login.tpl @@ -14,7 +14,7 @@ <div id="login-extra-links"> <div id="login-extra-filler"> </div> $register_html - <a href="lost-password" name="Lost your password?" id="lost-password-link" >Password Reset</a> + <a href="lostpass" title="Lost your password?" id="lost-password-link" >Password Reset</a> </div> <div id="login-extra-end"></div> <div id="login-submit-wrapper" > diff --git a/view/lostpass.tpl b/view/lostpass.tpl new file mode 100644 index 000000000..9de0a2acf --- /dev/null +++ b/view/lostpass.tpl @@ -0,0 +1,18 @@ +<h3>Forgot your Password?</h3> + +<p id="lostpass-desc"> +Enter your email address and submit to have your password reset. Then check your email for further instructions. +</p> + +<form action="lostpass" method="post" > +<div id="login-name-wrapper"> + <label for="login-name" id="label-login-name">Email address: </label> + <input type="text" maxlength="60" name="login-name" id="login-name" value="" /> +</div> +<div id="login-extra-end"></div> +<div id="login-submit-wrapper" > + <input type="submit" name="submit" id="lostpass-submit-button" value="Reset" /> +</div> +<div id="login-submit-end"></div> +</form> + diff --git a/view/lostpass_eml.tpl b/view/lostpass_eml.tpl new file mode 100644 index 000000000..c350236a4 --- /dev/null +++ b/view/lostpass_eml.tpl @@ -0,0 +1,32 @@ + +Dear $username, + A request was recently received at $sitename to reset your account +password. In order to confirm this request, please select the verification link +below or paste it into your web browser address bar. + +If you did NOT request this change, please DO NOT follow the link +provided and ignore and/or delete this email. + +Your password will not be changed unless we can verify that you +issued this request. + +Follow this link to verify your identity: + +$reset_link + +You will then receive a follow-up message containing the new password. + +You may change that password from your account settings page after logging in. + +The login details are as follows: + +Site Location: $siteurl +Login Name: $email + + + + +Sincerely, + $sitename Administrator + + diff --git a/view/passchanged_eml.tpl b/view/passchanged_eml.tpl new file mode 100644 index 000000000..9692159e1 --- /dev/null +++ b/view/passchanged_eml.tpl @@ -0,0 +1,20 @@ + +Dear $username, + Your password has been changed as requested. Please retain this +information for your records (or change your password immediately to +something that you will remember). + + +Your login details are as follows: + +Site Location: $siteurl +Login Name: $email +Password: $new_password + +You may change that password from your account settings page after logging in. + + +Sincerely, + $sitename Administrator + + diff --git a/view/pwdreset.tpl b/view/pwdreset.tpl new file mode 100644 index 000000000..dd609f061 --- /dev/null +++ b/view/pwdreset.tpl @@ -0,0 +1,16 @@ +<h3>Password Reset</h3> + +<p> +Your password has been reset as requested. +</p> +<p> +Your new password is +</p> +<p> +$newpass +</p> +<p> +Save or copy your new password - and then <a href="$baseurl" >click here to login</a>. +</p> +<p> +Your password may be changed from the 'Settings' page after successful login.
\ No newline at end of file |