From 83ee7909cddaed3d25c4b52f197ac470e8150ee0 Mon Sep 17 00:00:00 2001
From: Mike Macgirvin <mike@macgirvin.com>
Date: Sun, 18 Jul 2010 01:24:51 -0700
Subject: password reset

---
 mod/lostpass.php | 104 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 104 insertions(+)
 create mode 100644 mod/lostpass.php

(limited to 'mod')

diff --git a/mod/lostpass.php b/mod/lostpass.php
new file mode 100644
index 000000000..fb219072e
--- /dev/null
+++ b/mod/lostpass.php
@@ -0,0 +1,104 @@
+<?php
+
+
+function lostpass_post(&$a) {
+
+	$email = notags(trim($_POST['login-name']));
+	if(! $email)
+		goaway($a->get_baseurl());
+
+	$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
+		dbesc($email)
+	);
+	if(! count($r))
+		goaway($a->get_baseurl());
+	$uid = $r[0]['uid'];
+	$username = $r[0]['username'];
+
+	$new_password = autoname(12) . mt_rand(100,9999);
+	$new_password_encoded = hash('whirlpool',$new_password);
+
+	$r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1",
+		dbesc($new_password_encoded),
+		intval($uid)
+	);
+	if($r)
+		notice("Password reset request issued. Check your email.");
+
+	$email_tpl = file_get_contents("view/lostpass_eml.tpl");
+	$email_tpl = replace_macros($email_tpl, array(
+			'$sitename' => $a->config['sitename'],
+			'$siteurl' =>  $a->get_baseurl(),
+			'$username' => $username,
+			'$email' => $email,
+			'$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password
+	));
+
+	$res = mail($email,"Password reset requested at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
+
+	
+
+	goaway($a->get_baseurl());
+}
+
+
+function lostpass_content(&$a) {
+
+
+	if(x($_GET,'verify')) {
+		$verify = $_GET['verify'];
+		$hash = hash('whirlpool', $verify);
+
+		$r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1",
+			dbesc($hash)
+		);
+		if(! count($r)) {
+			notice("Request could not be verified. (You may have previously submitted it.) Password reset failed." . EOL);
+			goaway($a->get_baseurl());
+			return;
+		}
+		$uid = $r[0]['uid'];
+		$username = $r[0]['username'];
+		$email = $r[0]['email'];
+
+		$new_password = autoname(6) . mt_rand(100,9999);
+		$new_password_encoded = hash('whirlpool',$new_password);
+
+		$r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = ''  WHERE `uid` = %d LIMIT 1",
+			dbesc($new_password_encoded),
+			intval($uid)
+		);
+		if($r) {
+			$tpl = file_get_contents('view/pwdreset.tpl');
+			$o .= replace_macros($tpl,array(
+				'$newpass' => $new_password,
+				'$baseurl' => $a->get_baseurl()
+			));
+				notice("Your password has been reset." . EOL);
+
+
+
+			$email_tpl = file_get_contents("view/passchanged_eml.tpl");
+			$email_tpl = replace_macros($email_tpl, array(
+			'$sitename' => $a->config['sitename'],
+			'$siteurl' =>  $a->get_baseurl(),
+			'$username' => $username,
+			'$email' => $email,
+			'$new_password' => $new_password,
+			'$uid' => $newuid ));
+
+			$res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
+
+			return $o;
+		}
+	
+	}
+	else {
+		$tpl = file_get_contents('view/lostpass.tpl');
+
+		$o .= $tpl;
+
+		return $o;
+	}
+
+}
\ No newline at end of file
-- 
cgit v1.2.3