mod/lostpass.php

   1 <?php
   2 /**
   3  * @file mod/lostpass.php
   4  */
   5
   6 use Friendica\App;
   7 use Friendica\Core\Config;
   8 use Friendica\Core\L10n;
   9 use Friendica\Core\Renderer;
  10 use Friendica\Core\System;
  11 use Friendica\Database\DBA;
  12 use Friendica\Model\User;
  13 use Friendica\Util\DateTimeFormat;
  14 use Friendica\Util\Strings;
  15
  16 function lostpass_post(App $a)
  17 {
  18         $loginame = Strings::escapeTags(trim($_POST['login-name']));
  19         if (!$loginame) {
  20                 $a->internalRedirect();
  21         }
  22
  23         $condition = ['(`email` = ? OR `nickname` = ?) AND `verified` = 1 AND `blocked` = 0', $loginame, $loginame];
  24         $user = DBA::selectFirst('user', ['uid', 'username', 'email', 'language'], $condition);
  25         if (!DBA::isResult($user)) {
  26                 notice(L10n::t('No valid account found.') . EOL);
  27                 $a->internalRedirect();
  28         }
  29
  30         $pwdreset_token = Strings::getRandomName(12) . mt_rand(1000, 9999);
  31
  32         $fields = [
  33                 'pwdreset' => $pwdreset_token,
  34                 'pwdreset_time' => DateTimeFormat::utcNow()
  35         ];
  36         $result = DBA::update('user', $fields, ['uid' => $user['uid']]);
  37         if ($result) {
  38                 info(L10n::t('Password reset request issued. Check your email.') . EOL);
  39         }
  40
  41         $sitename = Config::get('config', 'sitename');
  42         $resetlink = System::baseUrl() . '/lostpass/' . $pwdreset_token;
  43
  44         $preamble = Strings::deindent(L10n::t('
  45                 Dear %1$s,
  46                         A request was recently received at "%2$s" to reset your account
  47                 password. In order to confirm this request, please select the verification link
  48                 below or paste it into your web browser address bar.
  49
  50                 If you did NOT request this change, please DO NOT follow the link
  51                 provided and ignore and/or delete this email, the request will expire shortly.
  52
  53                 Your password will not be changed unless we can verify that you
  54                 issued this request.', $user['username'], $sitename));
  55         $body = Strings::deindent(L10n::t('
  56                 Follow this link soon to verify your identity:
  57
  58                 %1$s
  59
  60                 You will then receive a follow-up message containing the new password.
  61                 You may change that password from your account settings page after logging in.
  62
  63                 The login details are as follows:
  64
  65                 Site Location:  %2$s
  66                 Login Name:     %3$s', $resetlink, System::baseUrl(), $user['email']));
  67
  68         notification([
  69                 'type'     => SYSTEM_EMAIL,
  70                 'language' => $user['language'],
  71                 'to_name'  => $user['username'],
  72                 'to_email' => $user['email'],
  73                 'uid'      => $user['uid'],
  74                 'subject'  => L10n::t('Password reset requested at %s', $sitename),
  75                 'preamble' => $preamble,
  76                 'body'     => $body
  77         ]);
  78
  79         $a->internalRedirect();
  80 }
  81
  82 function lostpass_content(App $a)
  83 {
  84         $o = '';
  85         if ($a->argc > 1) {
  86                 $pwdreset_token = $a->argv[1];
  87
  88                 $user = DBA::selectFirst('user', ['uid', 'username', 'email', 'pwdreset_time', 'language'], ['pwdreset' => $pwdreset_token]);
  89                 if (!DBA::isResult($user)) {
  90                         notice(L10n::t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed."));
  91
  92                         return lostpass_form();
  93                 }
  94
  95                 // Password reset requests expire in 60 minutes
  96                 if ($user['pwdreset_time'] < DateTimeFormat::utc('now - 1 hour')) {
  97                         $fields = [
  98                                 'pwdreset' => null,
  99                                 'pwdreset_time' => null
 100                         ];
 101                         DBA::update('user', $fields, ['uid' => $user['uid']]);
 102
 103                         notice(L10n::t('Request has expired, please make a new one.'));
 104
 105                         return lostpass_form();
 106                 }
 107
 108                 return lostpass_generate_password($user);
 109         } else {
 110                 return lostpass_form();
 111         }
 112 }
 113
 114 function lostpass_form()
 115 {
 116         $tpl = Renderer::getMarkupTemplate('lostpass.tpl');
 117         $o = Renderer::replaceMacros($tpl, [
 118                 '$title' => L10n::t('Forgot your Password?'),
 119                 '$desc' => L10n::t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'),
 120                 '$name' => L10n::t('Nickname or Email: '),
 121                 '$submit' => L10n::t('Reset')
 122         ]);
 123
 124         return $o;
 125 }
 126
 127 function lostpass_generate_password($user)
 128 {
 129         $o = '';
 130         $a = get_app();
 131
 132         $new_password = User::generateNewPassword();
 133         $result = User::updatePassword($user['uid'], $new_password);
 134         if (DBA::isResult($result)) {
 135                 $tpl = Renderer::getMarkupTemplate('pwdreset.tpl');
 136                 $o .= Renderer::replaceMacros($tpl, [
 137                         '$lbl1'    => L10n::t('Password Reset'),
 138                         '$lbl2'    => L10n::t('Your password has been reset as requested.'),
 139                         '$lbl3'    => L10n::t('Your new password is'),
 140                         '$lbl4'    => L10n::t('Save or copy your new password - and then'),
 141                         '$lbl5'    => '<a href="' . System::baseUrl() . '">' . L10n::t('click here to login') . '</a>.',
 142                         '$lbl6'    => L10n::t('Your password may be changed from the <em>Settings</em> page after successful login.'),
 143                         '$newpass' => $new_password,
 144                         '$baseurl' => System::baseUrl()
 145                 ]);
 146
 147                 info("Your password has been reset." . EOL);
 148
 149                 $sitename = Config::get('config', 'sitename');
 150                 $preamble = Strings::deindent(L10n::t('
 151                         Dear %1$s,
 152                                 Your password has been changed as requested. Please retain this
 153                         information for your records ' . "\x28" . 'or change your password immediately to
 154                         something that you will remember' . "\x29" . '.
 155                 ', $user['username']));
 156                 $body = Strings::deindent(L10n::t('
 157                         Your login details are as follows:
 158
 159                         Site Location:  %1$s
 160                         Login Name:     %2$s
 161                         Password:       %3$s
 162
 163                         You may change that password from your account settings page after logging in.
 164                 ', System::baseUrl(), $user['email'], $new_password));
 165
 166                 notification([
 167                         'type'     => SYSTEM_EMAIL,
 168                         'language' => $user['language'],
 169                         'to_name'  => $user['username'],
 170                         'to_email' => $user['email'],
 171                         'uid'      => $user['uid'],
 172                         'subject'  => L10n::t('Your password has been changed at %s', $sitename),
 173                         'preamble' => $preamble,
 174                         'body'     => $body
 175                 ]);
 176         }
 177
 178         return $o;
 179 }