X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Flostpass.php;h=548cea185cb943ac3c3f1e7cda039045f7514b12;hb=e7be87df93895de47414a5a788cd6487adb98a29;hp=f4ee91efa1f28d489426deba4847a9ec81448926;hpb=a0f65ca7a1b1fbc1a2d0f823940211377fc6e13e;p=friendica.git diff --git a/mod/lostpass.php b/mod/lostpass.php index f4ee91efa1..548cea185c 100644 --- a/mod/lostpass.php +++ b/mod/lostpass.php @@ -13,25 +13,21 @@ use Friendica\Model\User; use Friendica\Util\DateTimeFormat; use Friendica\Util\Strings; -require_once 'boot.php'; -require_once 'include/enotify.php'; -require_once 'include/text.php'; - function lostpass_post(App $a) { - $loginame = Strings::removeTags(trim($_POST['login-name'])); + $loginame = Strings::escapeTags(trim($_POST['login-name'])); if (!$loginame) { $a->internalRedirect(); } $condition = ['(`email` = ? OR `nickname` = ?) AND `verified` = 1 AND `blocked` = 0', $loginame, $loginame]; - $user = DBA::selectFirst('user', ['uid', 'username', 'email', 'language'], $condition); + $user = DBA::selectFirst('user', ['uid', 'username', 'nickname', 'email', 'language'], $condition); if (!DBA::isResult($user)) { notice(L10n::t('No valid account found.') . EOL); $a->internalRedirect(); } - $pwdreset_token = autoname(12) . mt_rand(1000, 9999); + $pwdreset_token = Strings::getRandomName(12) . mt_rand(1000, 9999); $fields = [ 'pwdreset' => $pwdreset_token, @@ -45,7 +41,7 @@ function lostpass_post(App $a) $sitename = Config::get('config', 'sitename'); $resetlink = System::baseUrl() . '/lostpass/' . $pwdreset_token; - $preamble = deindent(L10n::t(' + $preamble = Strings::deindent(L10n::t(' Dear %1$s, A request was recently received at "%2$s" to reset your account password. In order to confirm this request, please select the verification link @@ -56,7 +52,7 @@ function lostpass_post(App $a) Your password will not be changed unless we can verify that you issued this request.', $user['username'], $sitename)); - $body = deindent(L10n::t(' + $body = Strings::deindent(L10n::t(' Follow this link soon to verify your identity: %1$s @@ -67,7 +63,7 @@ function lostpass_post(App $a) The login details are as follows: Site Location: %2$s - Login Name: %3$s', $resetlink, System::baseUrl(), $user['email'])); + Login Name: %3$s', $resetlink, System::baseUrl(), $user['nickname'])); notification([ 'type' => SYSTEM_EMAIL, @@ -85,11 +81,10 @@ function lostpass_post(App $a) function lostpass_content(App $a) { - $o = ''; if ($a->argc > 1) { $pwdreset_token = $a->argv[1]; - $user = DBA::selectFirst('user', ['uid', 'username', 'email', 'pwdreset_time', 'language'], ['pwdreset' => $pwdreset_token]); + $user = DBA::selectFirst('user', ['uid', 'username', 'nickname', 'email', 'pwdreset_time', 'language'], ['pwdreset' => $pwdreset_token]); if (!DBA::isResult($user)) { notice(L10n::t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed.")); @@ -131,7 +126,6 @@ function lostpass_form() function lostpass_generate_password($user) { $o = ''; - $a = get_app(); $new_password = User::generateNewPassword(); $result = User::updatePassword($user['uid'], $new_password); @@ -151,13 +145,13 @@ function lostpass_generate_password($user) info("Your password has been reset." . EOL); $sitename = Config::get('config', 'sitename'); - $preamble = deindent(L10n::t(' + $preamble = Strings::deindent(L10n::t(' Dear %1$s, Your password has been changed as requested. Please retain this information for your records ' . "\x28" . 'or change your password immediately to something that you will remember' . "\x29" . '. ', $user['username'])); - $body = deindent(L10n::t(' + $body = Strings::deindent(L10n::t(' Your login details are as follows: Site Location: %1$s @@ -165,7 +159,7 @@ function lostpass_generate_password($user) Password: %3$s You may change that password from your account settings page after logging in. - ', System::baseUrl(), $user['email'], $new_password)); + ', System::baseUrl(), $user['nickname'], $new_password)); notification([ 'type' => SYSTEM_EMAIL,