actions/recoverpassword.php

   1 <?php
   2 /*
   3  * Laconica - a distributed open-source microblogging tool
   4  * Copyright (C) 2008, Controlez-Vous, Inc.
   5  *
   6  * This program is free software: you can redistribute it and/or modify
   7  * it under the terms of the GNU Affero General Public License as published by
   8  * the Free Software Foundation, either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU Affero General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Affero General Public License
  17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 if (!defined('LACONICA')) { exit(1); }
  21
  22 class RecoverpasswordAction extends Action {
  23
  24     function handle($args) {
  25         parent::handle($args);
  26         if (common_logged_in()) {
  27                         $this->client_error(_t('You are already logged in!'));
  28             return;
  29         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  30                 if ($this->arg('recover')) {
  31                 $this->recover_password();
  32             } else if ($this->arg('reset')) {
  33                 $this->reset_password();
  34                         } else {
  35                                 $this->client_error(_t('Unexpected form.'));
  36                         }
  37                 } else {
  38                         if ($this->trimmed('code')) {
  39                         $this->check_code();
  40                 } else {
  41                         $this->show_form();
  42                         }
  43                 }
  44         }
  45
  46         function check_code() {
  47                 $code = $this->trimmed('code');
  48                 $confirm = Confirm_address::staticGet($code);
  49                 if ($confirm && $confirm->type == 'recover') {
  50                         $user = User::staticGet($confirm->user_id);
  51                         if ($user) {
  52                                 $result = $confirm->delete();
  53                                 if (!$result) {
  54                                         common_log_db_error($confirm, 'DELETE', __FILE__);
  55                                         common_server_error(_t('Error with confirmation code.'));
  56                                         return;
  57                                 }
  58                                 $this->set_temp_user($user);
  59                                 $this->show_password_form();
  60                         }
  61                 }
  62         }
  63
  64         function set_temp_user(&$user) {
  65                 common_ensure_session();
  66                 $_SESSION['tempuser'] = $user->id;
  67         }
  68
  69         function get_temp_user() {
  70                 common_ensure_session();
  71                 $user_id = $_SESSION['tempuser'];
  72                 if ($user_id) {
  73                         $user = User::staticGet($user_id);
  74                 }
  75                 return $user;
  76         }
  77
  78         function clear_temp_user() {
  79                 common_ensure_session();
  80                 unset($_SESSION['tempuser']);
  81         }
  82
  83         function show_top($msg=NULL) {
  84                 if ($msg) {
  85             common_element('div', 'error', $msg);
  86                 } else {
  87                         common_element('div', 'instructions',
  88                                                    _t('If you\'ve forgotten or lost your' .
  89                                                       ' password, you can get a new one sent ' .
  90                                                       ' the email address you have stored ' .
  91                                                       ' in your account.'));
  92                 }
  93         }
  94
  95         function show_password_top($msg=NULL) {
  96                 if ($msg) {
  97             common_element('div', 'error', $msg);
  98                 } else {
  99                         common_element('div', 'instructions',
 100                                                    _t('You\ve been identified . Enter a ' .
 101                                                       ' new password below. '));
 102                 }
 103         }
 104
 105         function show_form($msg=NULL) {
 106
 107                 common_show_header(_t('Recover password'), NULL,
 108                 $msg, array($this, 'show_top'));
 109
 110                 common_element_start('form', array('method' => 'POST',
 111                                                                                    'id' => 'recoverpassword',
 112                                                                                    'action' => common_local_url('recoverpassword')));
 113                 common_input('nicknameoremail', _t('Nickname or email'),
 114                                          $this->trimmed('nicknameoremail'),
 115                              _t('Your nickname on this server, ' .
 116                                 'or your registered email address.'));
 117                 common_submit('recover', _t('Recover'));
 118                 common_element_end('form');
 119                 common_show_footer();
 120         }
 121
 122         function show_password_form($msg=NULL) {
 123
 124                 common_show_header(_t('Reset password'), NULL,
 125                 $msg, array($this, 'show_password_top'));
 126
 127                 common_element_start('form', array('method' => 'POST',
 128                                                                                    'id' => 'recoverpassword',
 129                                                                                    'action' => common_local_url('recoverpassword')));
 130                 common_password('newpassword', _t('New password'),
 131                                                 _t('6 or more characters, and don\'t forget it!'));
 132                 common_password('confirm', _t('Confirm'),
 133                                                 _t('Same as password above'));
 134                 common_submit('reset', _t('Reset'));
 135                 common_element_end('form');
 136                 common_show_footer();
 137         }
 138
 139         function recover_password() {
 140                 $nore = $this->trimmed('nicknameoremail');
 141                 if (!$nore) {
 142                         $this->show_form(_t('Enter a nickname or email address.'));
 143                         return;
 144                 }
 145                 $user = User::staticGet('email', common_canonical_email($nore));
 146                 if (!$user) {
 147                         $user = User::staticGet('nickname', common_canonical_nickname($nore));
 148                 }
 149
 150                 if (!$user) {
 151                         $this->show_form(_t('No such user.'));
 152                         return;
 153                 }
 154                 if (!$user->email) {
 155                         $this->client_error(_t('No registered email address for that user.'));
 156                         return;
 157                 }
 158
 159                 $confirm = new Confirm_address();
 160                 $confirm->code = common_confirmation_code(128);
 161                 $confirm->type = 'recover';
 162                 $confirm->user_id = $user->id;
 163                 $confirm->address = $user->email;
 164
 165                 if (!$confirm->insert()) {
 166                         common_log_db_error($confirm, 'INSERT', __FILE__);
 167                         $this->server_error(_t('Error saving address confirmation.'));
 168                         return;
 169                 }
 170
 171                 $body = "Hey, $user->nickname.";
 172                 $body .= "\n\n";
 173                 $body .= 'Someone just asked for a new password ' .
 174                          'for this account on ' . common_config('site', 'name') . '.';
 175                 $body .= "\n\n";
 176                 $body .= 'If it was you, and you want to confirm, use the URL below:';
 177                 $body .= "\n\n";
 178                 $body .= "\t".common_local_url('recoverpassword',
 179                                                                    array('code' => $confirm->code));
 180                 $body .= "\n\n";
 181                 $body .= 'If not, just ignore this message.';
 182                 $body .= "\n\n";
 183                 $body .= 'Thanks for your time, ';
 184                 $body .= "\n";
 185                 $body .= common_config('site', 'name');
 186                 $body .= "\n";
 187
 188                 mail_to_user($user, _t('Password recovery requested'), $body);
 189
 190                 common_show_header(_('Password recovery requested'));
 191                 common_element('p', NULL,
 192                                _t('Instructions for recovering your password ' .
 193                                   'have been sent to the email address registered to your ' .
 194                                   'account.'));
 195                 common_show_footer();
 196         }
 197
 198         function reset_password() {
 199
 200                 $user = $this->get_temp_user();
 201
 202                 if (!$user) {
 203                         $this->client_error(_t('Unexpected password reset.'));
 204                         return;
 205                 }
 206                 $password = $this->trimmed('password');
 207                 $confirm = $this->trimmed('confirm');
 208                 if (!$password || strlen($password) < 6) {
 209                         $this->show_password_form(_t('Password must be 6 chars or more.'));
 210                         return;
 211                 }
 212                 if ($password != $confirm) {
 213                         $this->show_password_form(_t('Password and confirmation do not match.'));
 214                         return;
 215                 }
 216
 217                 # OK, we're ready to go
 218
 219                 $original = clone($user);
 220
 221                 $user->password = common_munge_password($newpassword, $user->id);
 222
 223                 if (!$user->update($original)) {
 224                         common_log_db_error($user, 'UPDATE', __FILE__);
 225                         common_server_error(_t('Can\'t save new password.'));
 226                         return;
 227                 }
 228
 229                 $this->clear_temp_user();
 230
 231                 if (!common_set_user($user->nickname)) {
 232                         common_server_error(_t('Error setting user.'));
 233                         return;
 234                 }
 235
 236                 common_real_login(true);
 237
 238                 common_show_header(_('Password saved.'));
 239                 common_element('p', NULL, _t('New password successfully saved. ' .
 240                                              'You are now logged in.'));
 241                 common_show_footer();
 242         }
 243 }