mod/lostpass.php

   1 <?php
   2
   3
   4 function lostpass_post(&$a) {
   5
   6         $email = notags(trim($_POST['login-name']));
   7         if(! $email)
   8                 goaway($a->get_baseurl());
   9
  10         $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1",
  11                 dbesc($email),
  12                 dbesc($email)
  13         );
  14         if(! count($r))
  15                 goaway($a->get_baseurl());
  16         $uid = $r[0]['uid'];
  17         $username = $r[0]['username'];
  18
  19         $new_password = autoname(12) . mt_rand(100,9999);
  20         $new_password_encoded = hash('whirlpool',$new_password);
  21
  22         $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1",
  23                 dbesc($new_password_encoded),
  24                 intval($uid)
  25         );
  26         if($r)
  27                 notice("Password reset request issued. Check your email.");
  28
  29         $email_tpl = load_view_file("view/lostpass_eml.tpl");
  30         $email_tpl = replace_macros($email_tpl, array(
  31                         '$sitename' => $a->config['sitename'],
  32                         '$siteurl' =>  $a->get_baseurl(),
  33                         '$username' => $username,
  34                         '$email' => $email,
  35                         '$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password
  36         ));
  37
  38         $res = mail($email, sprintf(t('Password reset requested at %s'),$a->config['sitename']),
  39                         $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME]);
  40
  41         goaway($a->get_baseurl());
  42 }
  43
  44
  45 function lostpass_content(&$a) {
  46
  47
  48         if(x($_GET,'verify')) {
  49                 $verify = $_GET['verify'];
  50                 $hash = hash('whirlpool', $verify);
  51
  52                 $r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1",
  53                         dbesc($hash)
  54                 );
  55                 if(! count($r)) {
  56                         notice("Request could not be verified. (You may have previously submitted it.) Password reset failed." . EOL);
  57                         goaway($a->get_baseurl());
  58                         return;
  59                 }
  60                 $uid = $r[0]['uid'];
  61                 $username = $r[0]['username'];
  62                 $email = $r[0]['email'];
  63
  64                 $new_password = autoname(6) . mt_rand(100,9999);
  65                 $new_password_encoded = hash('whirlpool',$new_password);
  66
  67                 $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = ''  WHERE `uid` = %d LIMIT 1",
  68                         dbesc($new_password_encoded),
  69                         intval($uid)
  70                 );
  71                 if($r) {
  72                         $tpl = load_view_file('view/pwdreset.tpl');
  73                         $o .= replace_macros($tpl,array(
  74                                 '$newpass' => $new_password,
  75                                 '$baseurl' => $a->get_baseurl()
  76                         ));
  77                                 notice("Your password has been reset." . EOL);
  78
  79
  80
  81                         $email_tpl = load_view_file("view/passchanged_eml.tpl");
  82                         $email_tpl = replace_macros($email_tpl, array(
  83                         '$sitename' => $a->config['sitename'],
  84                         '$siteurl' =>  $a->get_baseurl(),
  85                         '$username' => $username,
  86                         '$email' => $email,
  87                         '$new_password' => $new_password,
  88                         '$uid' => $newuid ));
  89
  90                         $res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
  91
  92                         return $o;
  93                 }
  94
  95         }
  96         else {
  97                 $tpl = load_view_file('view/lostpass.tpl');
  98
  99                 $o .= $tpl;
 100
 101                 return $o;
 102         }
 103
 104 }