X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Flostpass.php;h=938d1cbb008ada25359cf6a68514760a2d98fc6f;hb=14e17b944fb992317ccccdfeff9b9906b15ef44f;hp=3453a0db4334a8d06957473a20ed82adf8da8aa8;hpb=2a578478167174b328352e0eafe8a4fdbe0fb68d;p=friendica.git diff --git a/mod/lostpass.php b/mod/lostpass.php index 3453a0db43..938d1cbb00 100644 --- a/mod/lostpass.php +++ b/mod/lostpass.php @@ -1,52 +1,80 @@ get_baseurl()); + $loginame = notags(trim($_POST['login-name'])); + if(! $loginame) + goaway(z_root()); $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1", - dbesc($email), - dbesc($email) + dbesc($loginame), + dbesc($loginame) ); if(! count($r)) { notice( t('No valid account found.') . EOL); - goaway($a->get_baseurl()); + goaway(z_root()); } $uid = $r[0]['uid']; $username = $r[0]['username']; + $email = $r[0]['email']; $new_password = autoname(12) . mt_rand(100,9999); $new_password_encoded = hash('whirlpool',$new_password); - $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1", + $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d", dbesc($new_password_encoded), intval($uid) ); if($r) info( t('Password reset request issued. Check your email.') . EOL); - $email_tpl = get_intltext_template("lostpass_eml.tpl"); - $email_tpl = replace_macros($email_tpl, array( - '$sitename' => $a->config['sitename'], - '$siteurl' => $a->get_baseurl(), - '$username' => $username, - '$email' => $email, - '$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password - )); - $res = mail($email, sprintf( t('Password reset requested at %s'),$a->config['sitename']), - $email_tpl, - 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n" - . 'Content-type: text/plain; charset=UTF-8' . "\n" - . 'Content-transfer-encoding: 8bit' ); + $sitename = $a->config['sitename']; + $siteurl = $a->get_baseurl(); + $resetlink = $a->get_baseurl() . '/lostpass?verify=' . $new_password; + $preamble = deindent(t(' + Dear %1$s, + A request was recently received at "%2$s" to reset your account + password. In order to confirm this request, please select the verification link + below or paste it into your web browser address bar. + + If you did NOT request this change, please DO NOT follow the link + provided and ignore and/or delete this email. + + Your password will not be changed unless we can verify that you + issued this request.')); + $body = deindent(t(' + Follow this link to verify your identity: + + %1$s + + You will then receive a follow-up message containing the new password. + You may change that password from your account settings page after logging in. + + The login details are as follows: + + Site Location: %2$s + Login Name: %3$s')); + + $preamble = sprintf($preamble, $username, $sitename); + $body = sprintf($body, $resetlink, $siteurl, $email); + + notification(array( + 'type' => "SYSTEM_EMAIL", + 'to_email' => $email, + 'subject'=> sprintf( t('Password reset requested at %s'),$sitename), + 'preamble'=> $preamble, + 'body' => $body)); + + goaway(z_root()); - goaway($a->get_baseurl()); } @@ -61,9 +89,8 @@ function lostpass_content(&$a) { dbesc($hash) ); if(! count($r)) { - notice( t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed.") . EOL); - goaway($a->get_baseurl()); - return; + $o = t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed."); + return $o; } $uid = $r[0]['uid']; $username = $r[0]['username']; @@ -72,7 +99,7 @@ function lostpass_content(&$a) { $new_password = autoname(6) . mt_rand(100,9999); $new_password_encoded = hash('whirlpool',$new_password); - $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1", + $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d", dbesc($new_password_encoded), intval($uid) ); @@ -92,24 +119,38 @@ function lostpass_content(&$a) { info("Your password has been reset." . EOL); + $sitename = $a->config['sitename']; + $siteurl = $a->get_baseurl(); + // $username, $email, $new_password + $preamble = deindent(t(' + Dear %1$s, + Your password has been changed as requested. Please retain this + information for your records (or change your password immediately to + something that you will remember). + ')); + $body = deindent(t(' + Your login details are as follows: - $email_tpl = get_intltext_template("passchanged_eml.tpl"); - $email_tpl = replace_macros($email_tpl, array( - '$sitename' => $a->config['sitename'], - '$siteurl' => $a->get_baseurl(), - '$username' => $username, - '$email' => $email, - '$new_password' => $new_password, - '$uid' => $newuid )); + Site Location: %1$s + Login Name: %2$s + Password: %3$s - $res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl, - 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n" - . 'Content-type: text/plain; charset=UTF-8' . "\n" - . 'Content-transfer-encoding: 8bit' ); + You may change that password from your account settings page after logging in. + ')); + + $preamble = sprintf($preamble, $username); + $body = sprintf($body, $siteurl, $email, $new_password); + + notification(array( + 'type' => "SYSTEM_EMAIL", + 'to_email' => $email, + 'subject'=> sprintf( t('Your password has been changed at %s'),$sitename), + 'preamble'=> $preamble, + 'body' => $body)); return $o; } - + } else { $tpl = get_markup_template('lostpass.tpl'); @@ -118,7 +159,7 @@ function lostpass_content(&$a) { '$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Nickname or Email: '), - '$submit' => t('Reset') + '$submit' => t('Reset') )); return $o;