X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Flostpass.php;h=938d1cbb008ada25359cf6a68514760a2d98fc6f;hb=e61d6e030eefa00685020f44601d3363814a5dae;hp=57e6d696537c24b3e5440d751b5e1fa6c4e6625a;hpb=cea7ca1df4fd8065c38a4f43a0f13ba89e8b94e2;p=friendica.git

diff --git a/mod/lostpass.php b/mod/lostpass.php
old mode 100755
new mode 100644
index 57e6d69653..938d1cbb00
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -1,5 +1,8 @@
 <?php
 
+require_once('include/email.php');
+require_once('include/enotify.php');
+require_once('include/text.php');
 
 function lostpass_post(&$a) {
 
@@ -24,30 +27,54 @@ function lostpass_post(&$a) {
 	$new_password = autoname(12) . mt_rand(100,9999);
 	$new_password_encoded = hash('whirlpool',$new_password);
 
-	$r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1",
+	$r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d",
 		dbesc($new_password_encoded),
 		intval($uid)
 	);
 	if($r)
 		info( t('Password reset request issued. Check your email.') . EOL);
 
-	$email_tpl = get_intltext_template("lostpass_eml.tpl");
-	$email_tpl = replace_macros($email_tpl, array(
-			'$sitename' => $a->config['sitename'],
-			'$siteurl' =>  $a->get_baseurl(),
-			'$username' => $username,
-			'$email' => $email,
-			'$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password
-	));
 
-	$res = mail($email, sprintf( t('Password reset requested at %s'),$a->config['sitename']),
-			$email_tpl,
-			'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n"
-			. 'Content-type: text/plain; charset=UTF-8' . "\n"
-			. 'Content-transfer-encoding: 8bit' );
+	$sitename = $a->config['sitename'];
+	$siteurl = $a->get_baseurl();
+	$resetlink = $a->get_baseurl() . '/lostpass?verify=' . $new_password;
 
+	$preamble = deindent(t('
+		Dear %1$s,
+			A request was recently received at "%2$s" to reset your account
+		password. In order to confirm this request, please select the verification link
+		below or paste it into your web browser address bar.
+
+		If you did NOT request this change, please DO NOT follow the link
+		provided and ignore and/or delete this email.
+
+		Your password will not be changed unless we can verify that you
+		issued this request.'));
+	$body = deindent(t('
+		Follow this link to verify your identity:
+
+		%1$s
+
+		You will then receive a follow-up message containing the new password.
+		You may change that password from your account settings page after logging in.
+
+		The login details are as follows:
+
+		Site Location:	%2$s
+		Login Name:	%3$s'));
+
+	$preamble = sprintf($preamble, $username, $sitename);
+	$body = sprintf($body, $resetlink, $siteurl, $email);
+
+	notification(array(
+		'type' => "SYSTEM_EMAIL",
+		'to_email' => $email,
+		'subject'=> sprintf( t('Password reset requested at %s'),$sitename),
+		'preamble'=> $preamble,
+		'body' => $body));
 
 	goaway(z_root());
+
 }
 
 
@@ -62,9 +89,8 @@ function lostpass_content(&$a) {
 			dbesc($hash)
 		);
 		if(! count($r)) {
-			notice( t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed.") . EOL);
-			goaway(z_root());
-			return;
+			$o =  t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed.");
+			return $o;
 		}
 		$uid = $r[0]['uid'];
 		$username = $r[0]['username'];
@@ -73,7 +99,7 @@ function lostpass_content(&$a) {
 		$new_password = autoname(6) . mt_rand(100,9999);
 		$new_password_encoded = hash('whirlpool',$new_password);
 
-		$r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = ''  WHERE `uid` = %d LIMIT 1",
+		$r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = ''  WHERE `uid` = %d",
 			dbesc($new_password_encoded),
 			intval($uid)
 		);
@@ -93,24 +119,38 @@ function lostpass_content(&$a) {
 				info("Your password has been reset." . EOL);
 
 
+			$sitename = $a->config['sitename'];
+			$siteurl = $a->get_baseurl();
+			// $username, $email, $new_password
+			$preamble = deindent(t('
+				Dear %1$s,
+					Your password has been changed as requested. Please retain this
+				information for your records (or change your password immediately to
+				something that you will remember).
+			'));
+			$body = deindent(t('
+				Your login details are as follows:
 
-			$email_tpl = get_intltext_template("passchanged_eml.tpl");
-			$email_tpl = replace_macros($email_tpl, array(
-			'$sitename' => $a->config['sitename'],
-			'$siteurl' =>  $a->get_baseurl(),
-			'$username' => $username,
-			'$email' => $email,
-			'$new_password' => $new_password,
-			'$uid' => $newuid ));
+				Site Location:	%1$s
+				Login Name:	%2$s
+				Password:	%3$s
 
-			$res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl,
-				'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n"
-				. 'Content-type: text/plain; charset=UTF-8' . "\n"
-				. 'Content-transfer-encoding: 8bit' );
+				You may change that password from your account settings page after logging in.
+			'));
+
+			$preamble = sprintf($preamble, $username);
+			$body = sprintf($body, $siteurl, $email, $new_password);
+
+			notification(array(
+				'type' => "SYSTEM_EMAIL",
+				'to_email' => $email,
+				'subject'=> sprintf( t('Your password has been changed at %s'),$sitename),
+				'preamble'=> $preamble,
+				'body' => $body));
 
 			return $o;
 		}
-	
+
 	}
 	else {
 		$tpl = get_markup_template('lostpass.tpl');
@@ -119,7 +159,7 @@ function lostpass_content(&$a) {
 			'$title' => t('Forgot your Password?'),
 			'$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'),
 			'$name' => t('Nickname or Email: '),
-			'$submit' => t('Reset') 
+			'$submit' => t('Reset')
 		));
 
 		return $o;