aboutsummaryrefslogtreecommitdiffstats
path: root/mod/lostpass.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/lostpass.php')
-rw-r--r--mod/lostpass.php79
1 files changed, 41 insertions, 38 deletions
diff --git a/mod/lostpass.php b/mod/lostpass.php
index 57e6d6965..dd7c7a7d5 100644
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -7,42 +7,41 @@ function lostpass_post(&$a) {
if(! $loginame)
goaway(z_root());
- $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1",
- dbesc($loginame),
+ $r = q("SELECT * FROM account WHERE account_email = '%s' LIMIT 1",
dbesc($loginame)
);
- if(! count($r)) {
+ if(! $r) {
notice( t('No valid account found.') . EOL);
goaway(z_root());
}
- $uid = $r[0]['uid'];
- $username = $r[0]['username'];
- $email = $r[0]['email'];
+ $aid = $r[0]['account_id'];
+ $email = $r[0]['account_email'];
- $new_password = autoname(12) . mt_rand(100,9999);
- $new_password_encoded = hash('whirlpool',$new_password);
+ $hash = random_string();
- $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1",
- dbesc($new_password_encoded),
- intval($uid)
+ $r = q("UPDATE account SET account_reset = '%s' WHERE account_id = %d LIMIT 1",
+ dbesc($hash),
+ intval($aid)
);
if($r)
info( t('Password reset request issued. Check your email.') . EOL);
$email_tpl = get_intltext_template("lostpass_eml.tpl");
- $email_tpl = replace_macros($email_tpl, array(
- '$sitename' => $a->config['sitename'],
+ $message = replace_macros($email_tpl, array(
+ '$sitename' => get_config('system','sitename'),
'$siteurl' => $a->get_baseurl(),
- '$username' => $username,
+ '$username' => sprintf( t('Site Member (%s)'), $email),
'$email' => $email,
- '$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password
+ '$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $hash
));
- $res = mail($email, sprintf( t('Password reset requested at %s'),$a->config['sitename']),
- $email_tpl,
- 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n"
+ $subject = email_header_encode(sprintf( t('Password reset requested at %s'),get_config('system','sitename')), 'UTF-8');
+
+ $res = mail($email, $subject ,
+ $message,
+ 'From: Administrator@' . $_SERVER['SERVER_NAME'] . "\n"
. 'Content-type: text/plain; charset=UTF-8' . "\n"
. 'Content-transfer-encoding: 8bit' );
@@ -56,27 +55,30 @@ function lostpass_content(&$a) {
if(x($_GET,'verify')) {
$verify = $_GET['verify'];
- $hash = hash('whirlpool', $verify);
- $r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1",
- dbesc($hash)
+ $r = q("SELECT * FROM account WHERE account_reset = '%s' LIMIT 1",
+ dbesc($verify)
);
- if(! count($r)) {
- notice( t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed.") . EOL);
+ if(! $r) {
+ notice( t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL);
goaway(z_root());
return;
}
- $uid = $r[0]['uid'];
- $username = $r[0]['username'];
- $email = $r[0]['email'];
+
+ $aid = $r[0]['account_id'];
+ $email = $r[0]['account_email'];
$new_password = autoname(6) . mt_rand(100,9999);
- $new_password_encoded = hash('whirlpool',$new_password);
- $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1",
- dbesc($new_password_encoded),
- intval($uid)
+ $salt = random_string(32);
+ $password_encoded = hash('whirlpool', $salt . $new_password);
+
+ $r = q("UPDATE account SET account_salt = '%s', account_password = '%s', account_reset = '' where account_id = %d limit 1",
+ dbesc($salt),
+ dbesc($password_encoded),
+ intval($aid)
);
+
if($r) {
$tpl = get_markup_template('pwdreset.tpl');
$o .= replace_macros($tpl,array(
@@ -90,21 +92,22 @@ function lostpass_content(&$a) {
'$baseurl' => $a->get_baseurl()
));
- info("Your password has been reset." . EOL);
-
-
+
+ info("Your password has been reset." . EOL);
$email_tpl = get_intltext_template("passchanged_eml.tpl");
- $email_tpl = replace_macros($email_tpl, array(
+ $message = replace_macros($email_tpl, array(
'$sitename' => $a->config['sitename'],
'$siteurl' => $a->get_baseurl(),
- '$username' => $username,
+ '$username' => sprintf( t('Site Member (%s)'), $email),
'$email' => $email,
'$new_password' => $new_password,
'$uid' => $newuid ));
- $res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl,
- 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n"
+ $subject = email_header_encode( sprintf( t('Your password has changed at %s'), get_config('system','sitename')), 'UTF-8');
+
+ $res = mail($email,$subject,$message,
+ 'From: ' . 'Administrator@' . $_SERVER['SERVER_NAME'] . "\n"
. 'Content-type: text/plain; charset=UTF-8' . "\n"
. 'Content-transfer-encoding: 8bit' );
@@ -118,7 +121,7 @@ function lostpass_content(&$a) {
$o .= replace_macros($tpl,array(
'$title' => t('Forgot your Password?'),
'$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'),
- '$name' => t('Nickname or Email: '),
+ '$name' => t('Email Address'),
'$submit' => t('Reset')
));