mod/lostpass.php

   1 <?php
   2
   3 /**
   4  * @file mod/lostpass.php
   5  */
   6
   7 use Friendica\App;
   8 use Friendica\Core\Renderer;
   9 use Friendica\Database\DBA;
  10 use Friendica\DI;
  11 use Friendica\Model\User;
  12 use Friendica\Util\DateTimeFormat;
  13 use Friendica\Util\Strings;
  14
  15 function lostpass_post(App $a)
  16 {
  17         $loginame = Strings::escapeTags(trim($_POST['login-name']));
  18         if (!$loginame) {
  19                 DI::baseUrl()->redirect();
  20         }
  21
  22         $condition = ['(`email` = ? OR `nickname` = ?) AND `verified` = 1 AND `blocked` = 0', $loginame, $loginame];
  23         $user = DBA::selectFirst('user', ['uid', 'username', 'nickname', 'email', 'language'], $condition);
  24         if (!DBA::isResult($user)) {
  25                 notice(DI::l10n()->t('No valid account found.') . EOL);
  26                 DI::baseUrl()->redirect();
  27         }
  28
  29         $pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999);
  30
  31         $fields = [
  32                 'pwdreset' => $pwdreset_token,
  33                 'pwdreset_time' => DateTimeFormat::utcNow()
  34         ];
  35         $result = DBA::update('user', $fields, ['uid' => $user['uid']]);
  36         if ($result) {
  37                 info(DI::l10n()->t('Password reset request issued. Check your email.') . EOL);
  38         }
  39
  40         $sitename = DI::config()->get('config', 'sitename');
  41         $resetlink = DI::baseUrl() . '/lostpass/' . $pwdreset_token;
  42
  43         $preamble = Strings::deindent(DI::l10n()->t('
  44                 Dear %1$s,
  45                         A request was recently received at "%2$s" to reset your account
  46                 password. In order to confirm this request, please select the verification link
  47                 below or paste it into your web browser address bar.
  48
  49                 If you did NOT request this change, please DO NOT follow the link
  50                 provided and ignore and/or delete this email, the request will expire shortly.
  51
  52                 Your password will not be changed unless we can verify that you
  53                 issued this request.', $user['username'], $sitename));
  54         $body = Strings::deindent(DI::l10n()->t('
  55                 Follow this link soon to verify your identity:
  56
  57                 %1$s
  58
  59                 You will then receive a follow-up message containing the new password.
  60                 You may change that password from your account settings page after logging in.
  61
  62                 The login details are as follows:
  63
  64                 Site Location:  %2$s
  65                 Login Name:     %3$s', $resetlink, DI::baseUrl(), $user['nickname']));
  66
  67         $email = DI::emailer()
  68                    ->newSystemMail(DI::app(), (!empty($user['language'])) ? DI::l10n()->withLang($user['language']) : DI::l10n())
  69                    ->withMessage(DI::l10n()->t('Password reset requested at %s', $sitename), $preamble, $body)
  70                    ->forUser($user['uid'] ?? 0)
  71                    ->withRecipient($user['email'])
  72                    ->build();
  73
  74         DI::emailer()->send($email);
  75         DI::baseUrl()->redirect();
  76 }
  77
  78 function lostpass_content(App $a)
  79 {
  80         if ($a->argc > 1) {
  81                 $pwdreset_token = $a->argv[1];
  82
  83                 $user = DBA::selectFirst('user', ['uid', 'username', 'nickname', 'email', 'pwdreset_time', 'language'], ['pwdreset' => $pwdreset_token]);
  84                 if (!DBA::isResult($user)) {
  85                         notice(DI::l10n()->t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed."));
  86
  87                         return lostpass_form();
  88                 }
  89
  90                 // Password reset requests expire in 60 minutes
  91                 if ($user['pwdreset_time'] < DateTimeFormat::utc('now - 1 hour')) {
  92                         $fields = [
  93                                 'pwdreset' => null,
  94                                 'pwdreset_time' => null
  95                         ];
  96                         DBA::update('user', $fields, ['uid' => $user['uid']]);
  97
  98                         notice(DI::l10n()->t('Request has expired, please make a new one.'));
  99
 100                         return lostpass_form();
 101                 }
 102
 103                 return lostpass_generate_password($user);
 104         } else {
 105                 return lostpass_form();
 106         }
 107 }
 108
 109 function lostpass_form()
 110 {
 111         $tpl = Renderer::getMarkupTemplate('lostpass.tpl');
 112         $o = Renderer::replaceMacros($tpl, [
 113                 '$title' => DI::l10n()->t('Forgot your Password?'),
 114                 '$desc' => DI::l10n()->t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'),
 115                 '$name' => DI::l10n()->t('Nickname or Email: '),
 116                 '$submit' => DI::l10n()->t('Reset')
 117         ]);
 118
 119         return $o;
 120 }
 121
 122 function lostpass_generate_password($user)
 123 {
 124         $o = '';
 125
 126         $new_password = User::generateNewPassword();
 127         $result = User::updatePassword($user['uid'], $new_password);
 128         if (DBA::isResult($result)) {
 129                 $tpl = Renderer::getMarkupTemplate('pwdreset.tpl');
 130                 $o .= Renderer::replaceMacros($tpl, [
 131                         '$lbl1'    => DI::l10n()->t('Password Reset'),
 132                         '$lbl2'    => DI::l10n()->t('Your password has been reset as requested.'),
 133                         '$lbl3'    => DI::l10n()->t('Your new password is'),
 134                         '$lbl4'    => DI::l10n()->t('Save or copy your new password - and then'),
 135                         '$lbl5'    => '<a href="' . DI::baseUrl() . '">' . DI::l10n()->t('click here to login') . '</a>.',
 136                         '$lbl6'    => DI::l10n()->t('Your password may be changed from the <em>Settings</em> page after successful login.'),
 137                         '$newpass' => $new_password,
 138                 ]);
 139
 140                 info("Your password has been reset." . EOL);
 141
 142                 $sitename = DI::config()->get('config', 'sitename');
 143                 $preamble = Strings::deindent(DI::l10n()->t('
 144                         Dear %1$s,
 145                                 Your password has been changed as requested. Please retain this
 146                         information for your records ' . "\x28" . 'or change your password immediately to
 147                         something that you will remember' . "\x29" . '.
 148                 ', $user['username']));
 149                 $body = Strings::deindent(DI::l10n()->t('
 150                         Your login details are as follows:
 151
 152                         Site Location:  %1$s
 153                         Login Name:     %2$s
 154                         Password:       %3$s
 155
 156                         You may change that password from your account settings page after logging in.
 157                 ', DI::baseUrl(), $user['nickname'], $new_password));
 158
 159                 $email = DI::emailer()
 160                            ->newSystemMail(DI::app(), (!empty($user['language'])) ? DI::l10n()->withLang($user['language']) : DI::l10n())
 161                            ->withMessage(DI::l10n()->t('Your password has been changed at %s', $sitename), $preamble, $body)
 162                            ->forUser($user['uid'] ?? 0)
 163                            ->withRecipient($user['email'])
 164                            ->build();
 165                 DI::emailer()->send($email);
 166         }
 167
 168         return $o;
 169 }