X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Flostpass.php;h=01e0006e9533a42ed993e3e146000e311c4d0b7c;hb=dc842f4f37a5ff9cb787cac23272c38faf2ff892;hp=3d397677bc9a9a5f065143564ec7e034074c9083;hpb=d6efc901946c91cf26a4436c4b58b1636e4bc9c9;p=friendica.git

diff --git a/mod/lostpass.php b/mod/lostpass.php
index 3d397677bc..01e0006e95 100644
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -1,11 +1,25 @@
 <?php
-
 /**
- * @file mod/lostpass.php
+ * @copyright Copyright (C) 2020, Friendica
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
  */
 
 use Friendica\App;
-use Friendica\Core\Config;
 use Friendica\Core\Renderer;
 use Friendica\Database\DBA;
 use Friendica\DI;
@@ -23,22 +37,22 @@ function lostpass_post(App $a)
 	$condition = ['(`email` = ? OR `nickname` = ?) AND `verified` = 1 AND `blocked` = 0', $loginame, $loginame];
 	$user = DBA::selectFirst('user', ['uid', 'username', 'nickname', 'email', 'language'], $condition);
 	if (!DBA::isResult($user)) {
-		notice(DI::l10n()->t('No valid account found.') . EOL);
+		notice(DI::l10n()->t('No valid account found.'));
 		DI::baseUrl()->redirect();
 	}
 
-	$pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999);
+	$pwdreset_token = Strings::getRandomHex(32);
 
 	$fields = [
-		'pwdreset' => $pwdreset_token,
+		'pwdreset' => hash('sha256', $pwdreset_token),
 		'pwdreset_time' => DateTimeFormat::utcNow()
 	];
 	$result = DBA::update('user', $fields, ['uid' => $user['uid']]);
 	if ($result) {
-		info(DI::l10n()->t('Password reset request issued. Check your email.') . EOL);
+		info(DI::l10n()->t('Password reset request issued. Check your email.'));
 	}
 
-	$sitename = Config::get('config', 'sitename');
+	$sitename = DI::config()->get('config', 'sitename');
 	$resetlink = DI::baseUrl() . '/lostpass/' . $pwdreset_token;
 
 	$preamble = Strings::deindent(DI::l10n()->t('
@@ -65,17 +79,14 @@ function lostpass_post(App $a)
 		Site Location:	%2$s
 		Login Name:	%3$s', $resetlink, DI::baseUrl(), $user['nickname']));
 
-	notification([
-		'type'     => SYSTEM_EMAIL,
-		'language' => $user['language'],
-		'to_name'  => $user['username'],
-		'to_email' => $user['email'],
-		'uid'      => $user['uid'],
-		'subject'  => DI::l10n()->t('Password reset requested at %s', $sitename),
-		'preamble' => $preamble,
-		'body'     => $body
-	]);
+	$email = DI::emailer()
+		->newSystemMail()
+		->withMessage(DI::l10n()->t('Password reset requested at %s', $sitename), $preamble, $body)
+		->forUser($user)
+		->withRecipient($user['email'])
+		->build();
 
+	DI::emailer()->send($email);
 	DI::baseUrl()->redirect();
 }
 
@@ -84,7 +95,7 @@ function lostpass_content(App $a)
 	if ($a->argc > 1) {
 		$pwdreset_token = $a->argv[1];
 
-		$user = DBA::selectFirst('user', ['uid', 'username', 'nickname', 'email', 'pwdreset_time', 'language'], ['pwdreset' => $pwdreset_token]);
+		$user = DBA::selectFirst('user', ['uid', 'username', 'nickname', 'email', 'pwdreset_time', 'language'], ['pwdreset' => hash('sha256', $pwdreset_token)]);
 		if (!DBA::isResult($user)) {
 			notice(DI::l10n()->t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed."));
 
@@ -141,9 +152,9 @@ function lostpass_generate_password($user)
 			'$newpass' => $new_password,
 		]);
 
-		info("Your password has been reset." . EOL);
+		info(DI::l10n()->t("Your password has been reset."));
 
-		$sitename = Config::get('config', 'sitename');
+		$sitename = DI::config()->get('config', 'sitename');
 		$preamble = Strings::deindent(DI::l10n()->t('
 			Dear %1$s,
 				Your password has been changed as requested. Please retain this
@@ -160,16 +171,13 @@ function lostpass_generate_password($user)
 			You may change that password from your account settings page after logging in.
 		', DI::baseUrl(), $user['nickname'], $new_password));
 
-		notification([
-			'type'     => SYSTEM_EMAIL,
-			'language' => $user['language'],
-			'to_name'  => $user['username'],
-			'to_email' => $user['email'],
-			'uid'      => $user['uid'],
-			'subject'  => DI::l10n()->t('Your password has been changed at %s', $sitename),
-			'preamble' => $preamble,
-			'body'     => $body
-		]);
+		$email = DI::emailer()
+			->newSystemMail()
+			->withMessage(DI::l10n()->t('Your password has been changed at %s', $sitename), $preamble, $body)
+			->forUser($user)
+			->withRecipient($user['email'])
+			->build();
+		DI::emailer()->send($email);
 	}
 
 	return $o;