mod/lostpass.php

   1 <?php
   2
   3 require_once('include/email.php');
   4
   5 function lostpass_post(&$a) {
   6
   7         $loginame = notags(trim($_POST['login-name']));
   8         if(! $loginame)
   9                 goaway(z_root());
  10
  11         $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1",
  12                 dbesc($loginame),
  13                 dbesc($loginame)
  14         );
  15
  16         if(! count($r)) {
  17                 notice( t('No valid account found.') . EOL);
  18                 goaway(z_root());
  19         }
  20
  21         $uid = $r[0]['uid'];
  22         $username = $r[0]['username'];
  23         $email = $r[0]['email'];
  24
  25         $new_password = autoname(12) . mt_rand(100,9999);
  26         $new_password_encoded = hash('whirlpool',$new_password);
  27
  28         $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d",
  29                 dbesc($new_password_encoded),
  30                 intval($uid)
  31         );
  32         if($r)
  33                 info( t('Password reset request issued. Check your email.') . EOL);
  34
  35         $email_tpl = get_intltext_template("lostpass_eml.tpl");
  36         $email_tpl = replace_macros($email_tpl, array(
  37                         '$sitename' => $a->config['sitename'],
  38                         '$siteurl' =>  $a->get_baseurl(),
  39                         '$username' => $username,
  40                         '$email' => $email,
  41                         '$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password
  42         ));
  43
  44         $res = mail($email, email_header_encode(sprintf( t('Password reset requested at %s'),$a->config['sitename']),'UTF-8'),
  45                         $email_tpl,
  46                         'From: ' . 'Administrator' . '@' . $_SERVER['SERVER_NAME'] . "\n"
  47                         . 'Content-type: text/plain; charset=UTF-8' . "\n"
  48                         . 'Content-transfer-encoding: 8bit' );
  49
  50
  51         goaway(z_root());
  52 }
  53
  54
  55 function lostpass_content(&$a) {
  56
  57
  58         if(x($_GET,'verify')) {
  59                 $verify = $_GET['verify'];
  60                 $hash = hash('whirlpool', $verify);
  61
  62                 $r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1",
  63                         dbesc($hash)
  64                 );
  65                 if(! count($r)) {
  66                         notice( t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed.") . EOL);
  67                         goaway(z_root());
  68                         return;
  69                 }
  70                 $uid = $r[0]['uid'];
  71                 $username = $r[0]['username'];
  72                 $email = $r[0]['email'];
  73
  74                 $new_password = autoname(6) . mt_rand(100,9999);
  75                 $new_password_encoded = hash('whirlpool',$new_password);
  76
  77                 $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = ''  WHERE `uid` = %d",
  78                         dbesc($new_password_encoded),
  79                         intval($uid)
  80                 );
  81                 if($r) {
  82                         $tpl = get_markup_template('pwdreset.tpl');
  83                         $o .= replace_macros($tpl,array(
  84                                 '$lbl1' => t('Password Reset'),
  85                                 '$lbl2' => t('Your password has been reset as requested.'),
  86                                 '$lbl3' => t('Your new password is'),
  87                                 '$lbl4' => t('Save or copy your new password - and then'),
  88                                 '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.',
  89                                 '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'),
  90                                 '$newpass' => $new_password,
  91                                 '$baseurl' => $a->get_baseurl()
  92
  93                         ));
  94                                 info("Your password has been reset." . EOL);
  95
  96
  97
  98                         $email_tpl = get_intltext_template("passchanged_eml.tpl");
  99                         $email_tpl = replace_macros($email_tpl, array(
 100                         '$sitename' => $a->config['sitename'],
 101                         '$siteurl' =>  $a->get_baseurl(),
 102                         '$username' => $username,
 103                         '$email' => $email,
 104                         '$new_password' => $new_password,
 105                         '$uid' => $newuid ));
 106
 107                         $subject = sprintf( t('Your password has been changed at %s'), $a->config['sitename']);
 108
 109                         $res = mail($email, email_header_encode( $subject, 'UTF-8'), $email_tpl,
 110                                 'From: ' . 'Administrator' . '@' . $_SERVER['SERVER_NAME'] . "\n"
 111                                 . 'Content-type: text/plain; charset=UTF-8' . "\n"
 112                                 . 'Content-transfer-encoding: 8bit' );
 113
 114                         return $o;
 115                 }
 116
 117         }
 118         else {
 119                 $tpl = get_markup_template('lostpass.tpl');
 120
 121                 $o .= replace_macros($tpl,array(
 122                         '$title' => t('Forgot your Password?'),
 123                         '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'),
 124                         '$name' => t('Nickname or Email: '),
 125                         '$submit' => t('Reset')
 126                 ));
 127
 128                 return $o;
 129         }
 130
 131 }