mod/lostpass.php

   1 <?php
   2
   3
   4 function lostpass_post(&$a) {
   5
   6         $email = notags(trim($_POST['login-name']));
   7         if(! $email)
   8                 goaway($a->get_baseurl());
   9
  10         $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1",
  11                 dbesc($email),
  12                 dbesc($email)
  13         );
  14         if(! count($r))
  15                 goaway($a->get_baseurl());
  16         $uid = $r[0]['uid'];
  17         $username = $r[0]['username'];
  18
  19         $new_password = autoname(12) . mt_rand(100,9999);
  20         $new_password_encoded = hash('whirlpool',$new_password);
  21
  22         $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1",
  23                 dbesc($new_password_encoded),
  24                 intval($uid)
  25         );
  26         if($r)
  27                 notice("Password reset request issued. Check your email.");
  28
  29         $email_tpl = load_view_file("view/lostpass_eml.tpl");
  30         $email_tpl = replace_macros($email_tpl, array(
  31                         '$sitename' => $a->config['sitename'],
  32                         '$siteurl' =>  $a->get_baseurl(),
  33                         '$username' => $username,
  34                         '$email' => $email,
  35                         '$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password
  36         ));
  37
  38         $res = mail($email,"Password reset requested at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
  39
  40
  41
  42         goaway($a->get_baseurl());
  43 }
  44
  45
  46 function lostpass_content(&$a) {
  47
  48
  49         if(x($_GET,'verify')) {
  50                 $verify = $_GET['verify'];
  51                 $hash = hash('whirlpool', $verify);
  52
  53                 $r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1",
  54                         dbesc($hash)
  55                 );
  56                 if(! count($r)) {
  57                         notice("Request could not be verified. (You may have previously submitted it.) Password reset failed." . EOL);
  58                         goaway($a->get_baseurl());
  59                         return;
  60                 }
  61                 $uid = $r[0]['uid'];
  62                 $username = $r[0]['username'];
  63                 $email = $r[0]['email'];
  64
  65                 $new_password = autoname(6) . mt_rand(100,9999);
  66                 $new_password_encoded = hash('whirlpool',$new_password);
  67
  68                 $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = ''  WHERE `uid` = %d LIMIT 1",
  69                         dbesc($new_password_encoded),
  70                         intval($uid)
  71                 );
  72                 if($r) {
  73                         $tpl = load_view_file('view/pwdreset.tpl');
  74                         $o .= replace_macros($tpl,array(
  75                                 '$newpass' => $new_password,
  76                                 '$baseurl' => $a->get_baseurl()
  77                         ));
  78                                 notice("Your password has been reset." . EOL);
  79
  80
  81
  82                         $email_tpl = load_view_file("view/passchanged_eml.tpl");
  83                         $email_tpl = replace_macros($email_tpl, array(
  84                         '$sitename' => $a->config['sitename'],
  85                         '$siteurl' =>  $a->get_baseurl(),
  86                         '$username' => $username,
  87                         '$email' => $email,
  88                         '$new_password' => $new_password,
  89                         '$uid' => $newuid ));
  90
  91                         $res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
  92
  93                         return $o;
  94                 }
  95
  96         }
  97         else {
  98                 $tpl = load_view_file('view/lostpass.tpl');
  99
 100                 $o .= $tpl;
 101
 102                 return $o;
 103         }
 104
 105 }