X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Flostpass.php;h=938d1cbb008ada25359cf6a68514760a2d98fc6f;hb=388847e1f371554f50613357de06cf4a6ec751c9;hp=8d1cf7629db26155d824d997d0b6ee004bf65047;hpb=ee1641393550eea9200f792707070e024879d466;p=friendica.git diff --git a/mod/lostpass.php b/mod/lostpass.php index 8d1cf7629d..938d1cbb00 100644 --- a/mod/lostpass.php +++ b/mod/lostpass.php @@ -1,48 +1,80 @@ get_baseurl()); + $loginame = notags(trim($_POST['login-name'])); + if(! $loginame) + goaway(z_root()); - $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1", - dbesc($email), - dbesc($email) + $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1", + dbesc($loginame), + dbesc($loginame) ); - if(! count($r)) - goaway($a->get_baseurl()); + + if(! count($r)) { + notice( t('No valid account found.') . EOL); + goaway(z_root()); + } + $uid = $r[0]['uid']; $username = $r[0]['username']; + $email = $r[0]['email']; $new_password = autoname(12) . mt_rand(100,9999); $new_password_encoded = hash('whirlpool',$new_password); - $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1", + $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d", dbesc($new_password_encoded), intval($uid) ); if($r) - notice( t('Password reset request issued. Check your email.') . EOL); + info( t('Password reset request issued. Check your email.') . EOL); + + + $sitename = $a->config['sitename']; + $siteurl = $a->get_baseurl(); + $resetlink = $a->get_baseurl() . '/lostpass?verify=' . $new_password; + + $preamble = deindent(t(' + Dear %1$s, + A request was recently received at "%2$s" to reset your account + password. In order to confirm this request, please select the verification link + below or paste it into your web browser address bar. + + If you did NOT request this change, please DO NOT follow the link + provided and ignore and/or delete this email. + + Your password will not be changed unless we can verify that you + issued this request.')); + $body = deindent(t(' + Follow this link to verify your identity: + + %1$s + + You will then receive a follow-up message containing the new password. + You may change that password from your account settings page after logging in. - $email_tpl = load_view_file("view/lostpass_eml.tpl"); - $email_tpl = replace_macros($email_tpl, array( - '$sitename' => $a->config['sitename'], - '$siteurl' => $a->get_baseurl(), - '$username' => $username, - '$email' => $email, - '$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password - )); + The login details are as follows: - $res = mail($email, sprintf( t('Password reset requested at %s'),$a->config['sitename']), - $email_tpl, - 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n" - . 'Content-type: text/plain; charset=UTF-8' . "\n" - . 'Content-transfer-encoding: 8bit' ); + Site Location: %2$s + Login Name: %3$s')); + $preamble = sprintf($preamble, $username, $sitename); + $body = sprintf($body, $resetlink, $siteurl, $email); + + notification(array( + 'type' => "SYSTEM_EMAIL", + 'to_email' => $email, + 'subject'=> sprintf( t('Password reset requested at %s'),$sitename), + 'preamble'=> $preamble, + 'body' => $body)); + + goaway(z_root()); - goaway($a->get_baseurl()); } @@ -57,9 +89,8 @@ function lostpass_content(&$a) { dbesc($hash) ); if(! count($r)) { - notice( t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed.") . EOL); - goaway($a->get_baseurl()); - return; + $o = t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed."); + return $o; } $uid = $r[0]['uid']; $username = $r[0]['username']; @@ -68,12 +99,12 @@ function lostpass_content(&$a) { $new_password = autoname(6) . mt_rand(100,9999); $new_password_encoded = hash('whirlpool',$new_password); - $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1", + $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d", dbesc($new_password_encoded), intval($uid) ); if($r) { - $tpl = load_view_file('view/pwdreset.tpl'); + $tpl = get_markup_template('pwdreset.tpl'); $o .= replace_macros($tpl,array( '$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), @@ -85,39 +116,53 @@ function lostpass_content(&$a) { '$baseurl' => $a->get_baseurl() )); - notice("Your password has been reset." . EOL); - - - - $email_tpl = load_view_file("view/passchanged_eml.tpl"); - $email_tpl = replace_macros($email_tpl, array( - '$sitename' => $a->config['sitename'], - '$siteurl' => $a->get_baseurl(), - '$username' => $username, - '$email' => $email, - '$new_password' => $new_password, - '$uid' => $newuid )); - - $res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl, - 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n" - . 'Content-type: text/plain; charset=UTF-8' . "\n" - . 'Content-transfer-encoding: 8bit' ); + info("Your password has been reset." . EOL); + + + $sitename = $a->config['sitename']; + $siteurl = $a->get_baseurl(); + // $username, $email, $new_password + $preamble = deindent(t(' + Dear %1$s, + Your password has been changed as requested. Please retain this + information for your records (or change your password immediately to + something that you will remember). + ')); + $body = deindent(t(' + Your login details are as follows: + + Site Location: %1$s + Login Name: %2$s + Password: %3$s + + You may change that password from your account settings page after logging in. + ')); + + $preamble = sprintf($preamble, $username); + $body = sprintf($body, $siteurl, $email, $new_password); + + notification(array( + 'type' => "SYSTEM_EMAIL", + 'to_email' => $email, + 'subject'=> sprintf( t('Your password has been changed at %s'),$sitename), + 'preamble'=> $preamble, + 'body' => $body)); return $o; } - + } else { - $tpl = load_view_file('view/lostpass.tpl'); + $tpl = get_markup_template('lostpass.tpl'); $o .= replace_macros($tpl,array( '$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Nickname or Email: '), - '$submit' => t('Reset') + '$submit' => t('Reset') )); return $o; } -} \ No newline at end of file +}