make sure to use local avatar if we have one

[friendica.git] / mod / lostpass.php

<?php


function lostpass_post(&$a) {

        $email = notags(trim($_POST['login-name']));
        if(! $email)
                goaway($a->get_baseurl());

        $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1",
                dbesc($email),
                dbesc($email)
        );
        if(! count($r))
                goaway($a->get_baseurl());
        $uid = $r[0]['uid'];
        $username = $r[0]['username'];

        $new_password = autoname(12) . mt_rand(100,9999);
        $new_password_encoded = hash('whirlpool',$new_password);

        $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1",
                dbesc($new_password_encoded),
                intval($uid)
        );
        if($r)
                notice("Password reset request issued. Check your email.");

        $email_tpl = load_view_file("view/lostpass_eml.tpl");
        $email_tpl = replace_macros($email_tpl, array(
                        '$sitename' => $a->config['sitename'],
                        '$siteurl' =>  $a->get_baseurl(),
                        '$username' => $username,
                        '$email' => $email,
                        '$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password
        ));

        $res = mail($email, t('Password reset requested at ') . $a->config['sitename'],
                        $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME]);

        goaway($a->get_baseurl());
}


function lostpass_content(&$a) {


        if(x($_GET,'verify')) {
                $verify = $_GET['verify'];
                $hash = hash('whirlpool', $verify);

                $r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1",
                        dbesc($hash)
                );
                if(! count($r)) {
                        notice("Request could not be verified. (You may have previously submitted it.) Password reset failed." . EOL);
                        goaway($a->get_baseurl());
                        return;
                }
                $uid = $r[0]['uid'];
                $username = $r[0]['username'];
                $email = $r[0]['email'];

                $new_password = autoname(6) . mt_rand(100,9999);
                $new_password_encoded = hash('whirlpool',$new_password);

                $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = ''  WHERE `uid` = %d LIMIT 1",
                        dbesc($new_password_encoded),
                        intval($uid)
                );
                if($r) {
                        $tpl = load_view_file('view/pwdreset.tpl');
                        $o .= replace_macros($tpl,array(
                                '$newpass' => $new_password,
                                '$baseurl' => $a->get_baseurl()
                        ));
                                notice("Your password has been reset." . EOL);



                        $email_tpl = load_view_file("view/passchanged_eml.tpl");
                        $email_tpl = replace_macros($email_tpl, array(
                        '$sitename' => $a->config['sitename'],
                        '$siteurl' =>  $a->get_baseurl(),
                        '$username' => $username,
                        '$email' => $email,
                        '$new_password' => $new_password,
                        '$uid' => $newuid ));

                        $res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");

                        return $o;
                }
        
        }
        else {
                $tpl = load_view_file('view/lostpass.tpl');

                $o .= $tpl;

                return $o;
        }

}