X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Frecoverpassword.php;h=dcff35f6ed32dddc72da3689c0cb4456c92428ef;hb=a2f8c5da171d23790811677affd7ca5301a995a5;hp=3e6ecfb1f904bff3c63e624e315743cde6e01459;hpb=eaa81d25fa7bd954132ce7f901fae69b0d46ec1a;p=quix0rs-gnu-social.git diff --git a/actions/recoverpassword.php b/actions/recoverpassword.php index 3e6ecfb1f9..dcff35f6ed 100644 --- a/actions/recoverpassword.php +++ b/actions/recoverpassword.php @@ -1,7 +1,7 @@ . */ -if (!defined('LACONICA')) { exit(1); } +if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } # You have 24 hours to claim your password @@ -25,49 +25,52 @@ define(MAX_RECOVERY_TIME, 24 * 60 * 60); class RecoverpasswordAction extends Action { + var $mode = null; + var $msg = null; + var $success = null; function handle($args) { parent::handle($args); if (common_logged_in()) { - $this->client_error(_('You are already logged in!')); + $this->clientError(_('You are already logged in!')); return; } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($this->arg('recover')) { - $this->recover_password(); + $this->recoverPassword(); } else if ($this->arg('reset')) { - $this->reset_password(); + $this->resetPassword(); } else { - $this->client_error(_('Unexpected form submission.')); + $this->clientError(_('Unexpected form submission.')); } } else { if ($this->trimmed('code')) { - $this->check_code(); + $this->checkCode(); } else { - $this->show_form(); + $this->showForm(); } } } - function check_code() + function checkCode() { $code = $this->trimmed('code'); $confirm = Confirm_address::staticGet('code', $code); if (!$confirm) { - $this->client_error(_('No such recovery code.')); + $this->clientError(_('No such recovery code.')); return; } if ($confirm->address_type != 'recover') { - $this->client_error(_('Not a recovery code.')); + $this->clientError(_('Not a recovery code.')); return; } $user = User::staticGet($confirm->user_id); if (!$user) { - $this->server_error(_('Recovery code for unknown user.')); + $this->serverError(_('Recovery code for unknown user.')); return; } @@ -80,7 +83,7 @@ class RecoverpasswordAction extends Action if (!$result) { common_log_db_error($confirm, 'DELETE', __FILE__); - common_server_error(_('Error with confirmation code.')); + $this->serverError(_('Error with confirmation code.')); return; } @@ -88,10 +91,10 @@ class RecoverpasswordAction extends Action # Note: it's still deleted; let's avoid a second attempt! if ((time() - $touched) > MAX_RECOVERY_TIME) { - common_log(LOG_WARNING, + common_log(LOG_WARNING, 'Attempted redemption on recovery code ' . 'that is ' . $touched . ' seconds old. '); - $this->client_error(_('This confirmation code is too old. ' . + $this->clientError(_('This confirmation code is too old. ' . 'Please start again.')); return; } @@ -105,24 +108,24 @@ class RecoverpasswordAction extends Action $result = $user->updateKeys($orig); if (!$result) { common_log_db_error($user, 'UPDATE', __FILE__); - $this->server_error(_('Could not update user with confirmed email address.')); + $this->serverError(_('Could not update user with confirmed email address.')); return; } } # Success! - $this->set_temp_user($user); - $this->show_password_form(); + $this->setTempUser($user); + $this->showPasswordForm(); } - function set_temp_user(&$user) + function setTempUser(&$user) { common_ensure_session(); $_SESSION['tempuser'] = $user->id; } - function get_temp_user() + function getTempUser() { common_ensure_session(); $user_id = $_SESSION['tempuser']; @@ -132,80 +135,121 @@ class RecoverpasswordAction extends Action return $user; } - function clear_temp_user() + function clearTempUser() { common_ensure_session(); unset($_SESSION['tempuser']); } - function show_top($msg=null) + function showPageNotice() { - if ($msg) { - $this->element('div', 'error', $msg); + if ($this->msg) { + $this->element('div', ($this->success) ? 'success' : 'error', $this->msg); } else { $this->elementStart('div', 'instructions'); - $this->element('p', null, - _('If you\'ve forgotten or lost your' . - ' password, you can get a new one sent to' . - ' the email address you have stored ' . - ' in your account.')); + if ($this->mode == 'recover') { + $this->element('p', null, + _('If you have forgotten or lost your' . + ' password, you can get a new one sent to' . + ' the email address you have stored' . + ' in your account.')); + } else if ($this->mode == 'reset') { + $this->element('p', null, + _('You have been identified. Enter a' . + ' new password below. ')); + } $this->elementEnd('div'); } } - function show_password_top($msg=null) + function showForm($msg=null) { - if ($msg) { - $this->element('div', 'error', $msg); - } else { - $this->element('div', 'instructions', - _('You\'ve been identified. Enter a ' . - ' new password below. ')); - } + $this->msg = $msg; + $this->mode = 'recover'; + $this->showPage(); } - function show_form($msg=null) + function showContent() { + if ($this->mode == 'recover') { + $this->showRecoverForm(); + } else if ($this->mode == 'reset') { + $this->showResetForm(); + } + } - common_show_header(_('Recover password'), null, - $msg, array($this, 'show_top')); - + function showRecoverForm() + { $this->elementStart('form', array('method' => 'post', - 'id' => 'recoverpassword', + 'id' => 'form_password_recover', + 'class' => 'form_settings', 'action' => common_local_url('recoverpassword'))); - $this->input('nicknameoremail', _('Nickname or email'), + $this->elementStart('fieldset'); + $this->element('legend', null, _('Password recovery')); + $this->elementStart('ul', 'form_data'); + $this->elementStart('li'); + $this->input('nicknameoremail', _('Nickname or email address'), $this->trimmed('nicknameoremail'), _('Your nickname on this server, ' . 'or your registered email address.')); + $this->elementEnd('li'); + $this->elementEnd('ul'); + $this->element('input', array('name' => 'recover', + 'type' => 'hidden', + 'value' => _('Recover'))); $this->submit('recover', _('Recover')); + $this->elementEnd('fieldset'); $this->elementEnd('form'); - common_show_footer(); } - function show_password_form($msg=null) + function title() { + switch ($this->mode) { + case 'reset': return _('Reset password'); + case 'recover': return _('Recover password'); + case 'sent': return _('Password recovery requested'); + case 'saved': return _('Password saved.'); + default: + return _('Unknown action'); + } + } - common_show_header(_('Reset password'), null, - $msg, array($this, 'show_password_top')); + function showPasswordForm($msg=null) + { + $this->msg = $msg; + $this->mode = 'reset'; + $this->showPage(); + } + function showResetForm() + { $this->elementStart('form', array('method' => 'post', - 'id' => 'recoverpassword', + 'id' => 'form_password_change', + 'class' => 'form_settings', 'action' => common_local_url('recoverpassword'))); + $this->elementStart('fieldset'); + $this->element('legend', null, _('Password change')); $this->hidden('token', common_session_token()); + $this->elementStart('ul', 'form_data'); + $this->elementStart('li'); $this->password('newpassword', _('New password'), _('6 or more characters, and don\'t forget it!')); + $this->elementEnd('li'); + $this->elementStart('li'); $this->password('confirm', _('Confirm'), _('Same as password above')); + $this->elementEnd('li'); + $this->elementEnd('ul'); $this->submit('reset', _('Reset')); + $this->elementEnd('fieldset'); $this->elementEnd('form'); - common_show_footer(); } - function recover_password() + function recoverPassword() { $nore = $this->trimmed('nicknameoremail'); if (!$nore) { - $this->show_form(_('Enter a nickname or email address.')); + $this->showForm(_('Enter a nickname or email address.')); return; } @@ -225,7 +269,7 @@ class RecoverpasswordAction extends Action } if (!$user) { - $this->show_form(_('No user with that email address or username.')); + $this->showForm(_('No user with that email address or username.')); return; } @@ -240,7 +284,7 @@ class RecoverpasswordAction extends Action } if (!$user->email && !$confirm_email) { - $this->client_error(_('No registered email address for that user.')); + $this->clientError(_('No registered email address for that user.')); return; } @@ -254,7 +298,7 @@ class RecoverpasswordAction extends Action if (!$confirm->insert()) { common_log_db_error($confirm, 'INSERT', __FILE__); - $this->server_error(_('Error saving address confirmation.')); + $this->serverError(_('Error saving address confirmation.')); return; } @@ -277,28 +321,27 @@ class RecoverpasswordAction extends Action mail_to_user($user, _('Password recovery requested'), $body, $confirm->address); - common_show_header(_('Password recovery requested')); - $this->element('p', null, - _('Instructions for recovering your password ' . + $this->mode = 'sent'; + $this->msg = _('Instructions for recovering your password ' . 'have been sent to the email address registered to your ' . - 'account.')); - common_show_footer(); + 'account.'); + $this->success = true; + $this->showPage(); } - function reset_password() + function resetPassword() { - # CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); + $this->showForm(_('There was a problem with your session token. Try again, please.')); return; } - $user = $this->get_temp_user(); + $user = $this->getTempUser(); if (!$user) { - $this->client_error(_('Unexpected password reset.')); + $this->clientError(_('Unexpected password reset.')); return; } @@ -306,11 +349,11 @@ class RecoverpasswordAction extends Action $confirm = $this->trimmed('confirm'); if (!$newpassword || strlen($newpassword) < 6) { - $this->show_password_form(_('Password must be 6 chars or more.')); + $this->showPasswordForm(_('Password must be 6 chars or more.')); return; } if ($newpassword != $confirm) { - $this->show_password_form(_('Password and confirmation do not match.')); + $this->showPasswordForm(_('Password and confirmation do not match.')); return; } @@ -322,22 +365,23 @@ class RecoverpasswordAction extends Action if (!$user->update($original)) { common_log_db_error($user, 'UPDATE', __FILE__); - common_server_error(_('Can\'t save new password.')); + $this->serverError(_('Can\'t save new password.')); return; } - $this->clear_temp_user(); + $this->clearTempUser(); if (!common_set_user($user->nickname)) { - common_server_error(_('Error setting user.')); + $this->serverError(_('Error setting user.')); return; } common_real_login(true); - common_show_header(_('Password saved.')); - $this->element('p', null, _('New password successfully saved. ' . - 'You are now logged in.')); - common_show_footer(); + $this->mode = 'saved'; + $this->msg = _('New password successfully saved. ' . + 'You are now logged in.'); + $this->success = true; + $this->showPage(); } }