password reset

diff --git a/mod/lostpass.php b/mod/lostpass.php
new file mode 100644 (file)
index 0000000..fb21907
--- /dev/null
+++ b/mod/lostpass.php
@@ -0,0 +1,104 @@
+<?php
+
+
+function lostpass_post(&$a) {
+
+       $email = notags(trim($_POST['login-name']));
+       if(! $email)
+               goaway($a->get_baseurl());
+
+       $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
+               dbesc($email)
+       );
+       if(! count($r))
+               goaway($a->get_baseurl());
+       $uid = $r[0]['uid'];
+       $username = $r[0]['username'];
+
+       $new_password = autoname(12) . mt_rand(100,9999);
+       $new_password_encoded = hash('whirlpool',$new_password);
+
+       $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1",
+               dbesc($new_password_encoded),
+               intval($uid)
+       );
+       if($r)
+               notice("Password reset request issued. Check your email.");
+
+       $email_tpl = file_get_contents("view/lostpass_eml.tpl");
+       $email_tpl = replace_macros($email_tpl, array(
+                       '$sitename' => $a->config['sitename'],
+                       '$siteurl' =>  $a->get_baseurl(),
+                       '$username' => $username,
+                       '$email' => $email,
+                       '$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password
+       ));
+
+       $res = mail($email,"Password reset requested at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
+
+       
+
+       goaway($a->get_baseurl());
+}
+
+
+function lostpass_content(&$a) {
+
+
+       if(x($_GET,'verify')) {
+               $verify = $_GET['verify'];
+               $hash = hash('whirlpool', $verify);
+
+               $r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1",
+                       dbesc($hash)
+               );
+               if(! count($r)) {
+                       notice("Request could not be verified. (You may have previously submitted it.) Password reset failed." . EOL);
+                       goaway($a->get_baseurl());
+                       return;
+               }
+               $uid = $r[0]['uid'];
+               $username = $r[0]['username'];
+               $email = $r[0]['email'];
+
+               $new_password = autoname(6) . mt_rand(100,9999);
+               $new_password_encoded = hash('whirlpool',$new_password);
+
+               $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = ''  WHERE `uid` = %d LIMIT 1",
+                       dbesc($new_password_encoded),
+                       intval($uid)
+               );
+               if($r) {
+                       $tpl = file_get_contents('view/pwdreset.tpl');
+                       $o .= replace_macros($tpl,array(
+                               '$newpass' => $new_password,
+                               '$baseurl' => $a->get_baseurl()
+                       ));
+                               notice("Your password has been reset." . EOL);
+
+
+
+                       $email_tpl = file_get_contents("view/passchanged_eml.tpl");
+                       $email_tpl = replace_macros($email_tpl, array(
+                       '$sitename' => $a->config['sitename'],
+                       '$siteurl' =>  $a->get_baseurl(),
+                       '$username' => $username,
+                       '$email' => $email,
+                       '$new_password' => $new_password,
+                       '$uid' => $newuid ));
+
+                       $res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
+
+                       return $o;
+               }
+       
+       }
+       else {
+               $tpl = file_get_contents('view/lostpass.tpl');
+
+               $o .= $tpl;
+
+               return $o;
+       }
+
+}
\ No newline at end of file

diff --git a/update.sql b/update.sql
index 0a606e5279a84204a7eb8f066d6b28b8718b7408..fc4a63fd9e07d3c56bb6aa8a9db6d647c684646f 100644 (file)
--- a/update.sql
+++ b/update.sql
@@ -13,4 +13,4 @@ ALTER TABLE `item` ADD `owner-name` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_
 ADD `owner-link` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-name` ,
 ADD `owner-avatar` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `owner-link` ;
 
-ALTER TABLE `item` ADD `remote-parent` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL AFTER `parent` ;
\ No newline at end of file
+ALTER TABLE `user` ADD `pwdreset` CHAR( 255 ) NOT NULL AFTER `blocked` ;
\ No newline at end of file

diff --git a/view/login.tpl b/view/login.tpl
index 2ce7241fc9d8b28886275beb4296243f75956028..c7cae1bb71db4a06244ffce592af49d2ab343025 100644 (file)
--- a/view/login.tpl
+++ b/view/login.tpl
@@ -14,7 +14,7 @@
 <div id="login-extra-links">
        <div id="login-extra-filler">&nbsp;</div>
        $register_html
-        <a href="lost-password" name="Lost your password?" id="lost-password-link" >Password Reset</a>
+        <a href="lostpass" title="Lost your password?" id="lost-password-link" >Password Reset</a>
 </div>
 <div id="login-extra-end"></div>
 <div id="login-submit-wrapper" >

diff --git a/view/lostpass.tpl b/view/lostpass.tpl
new file mode 100644 (file)
index 0000000..9de0a2a
--- /dev/null
+++ b/view/lostpass.tpl
@@ -0,0 +1,18 @@
+<h3>Forgot your Password?</h3>
+
+<p id="lostpass-desc">
+Enter your email address and submit to have your password reset. Then check your email for further instructions.
+</p>
+
+<form action="lostpass" method="post" >
+<div id="login-name-wrapper">
+        <label for="login-name" id="label-login-name">Email address: </label>
+        <input type="text" maxlength="60" name="login-name" id="login-name" value="" />
+</div>
+<div id="login-extra-end"></div>
+<div id="login-submit-wrapper" >
+        <input type="submit" name="submit" id="lostpass-submit-button" value="Reset" />
+</div>
+<div id="login-submit-end"></div>
+</form>
+

diff --git a/view/lostpass_eml.tpl b/view/lostpass_eml.tpl
new file mode 100644 (file)
index 0000000..c350236
--- /dev/null
+++ b/view/lostpass_eml.tpl
@@ -0,0 +1,32 @@
+
+Dear $username,
+       A request was recently received at $sitename to reset your account 
+password. In order to confirm this request, please select the verification link
+below or paste it into your web browser address bar. 
+
+If you did NOT request this change, please DO NOT follow the link
+provided and ignore and/or delete this email. 
+
+Your password will not be changed unless we can verify that you
+issued this request. 
+
+Follow this link to verify your identity:
+
+$reset_link
+
+You will then receive a follow-up message containing the new password.
+
+You may change that password from your account settings page after logging in.
+
+The login details are as follows:
+
+Site Location: $siteurl
+Login Name:    $email
+
+
+
+
+Sincerely,
+       $sitename Administrator
+
+ 

diff --git a/view/passchanged_eml.tpl b/view/passchanged_eml.tpl
new file mode 100644 (file)
index 0000000..9692159
--- /dev/null
+++ b/view/passchanged_eml.tpl
@@ -0,0 +1,20 @@
+
+Dear $username,
+       Your password has been changed as requested. Please retain this 
+information for your records (or change your password immediately to 
+something that you will remember).
+
+
+Your login details are as follows:
+
+Site Location: $siteurl
+Login Name:    $email
+Password:      $new_password
+
+You may change that password from your account settings page after logging in.
+
+
+Sincerely,
+       $sitename Administrator
+
+ 

diff --git a/view/pwdreset.tpl b/view/pwdreset.tpl
new file mode 100644 (file)
index 0000000..dd609f0
--- /dev/null
+++ b/view/pwdreset.tpl
@@ -0,0 +1,16 @@
+<h3>Password Reset</h3>
+
+<p>
+Your password has been reset as requested.
+</p>
+<p>
+Your new password is
+</p>
+<p>
+$newpass
+</p>
+<p>
+Save or copy your new password - and then <a href="$baseurl" >click here to login</a>.
+</p>
+<p>
+Your password may be changed from the 'Settings' page after successful login.
\ No newline at end of file