summaryrefslogtreecommitdiff
path: root/web/html/passreset.php
blob: 13697b9778a74c800ee7a7e7cc59b31462cc1853 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?php

set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');

include_once("aur.inc.php");         # access AUR common functions

set_lang();                 # this sets up the visitor's language
check_sid();                # see if they're still logged in

if (isset($_COOKIE["AURSID"])) {
	header('Location: /');
	exit();
}

$error = '';

if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confirm'])) {
	$resetkey = $_GET['resetkey'];
	$email = $_POST['email'];
	$password = $_POST['password'];
	$confirm = $_POST['confirm'];
	$uid = uid_from_email($email);

	if (empty($email) || empty($password)) {
		$error = __('Missing a required field.');
	} elseif ($password != $confirm) {
		$error = __('Password fields do not match.');
	} elseif ($uid == NULL || $uid == 'None') {
		$error = __('Invalid e-mail.');
	}

	if (empty($error)) {
		$salt = generate_salt();
		$hash = salted_hash($password, $salt);

		$error = password_reset($hash, $salt, $resetkey, $email);
	}
} elseif (isset($_POST['email'])) {
	$email = $_POST['email'];
	$uid = uid_from_email($email);
	if ($uid != NULL && $uid != 'None') {
		# We (ab)use new_sid() to get a random 32 characters long string
		$resetkey = new_sid();
		create_resetkey($resetkey, $uid);
		# Send email with confirmation link
		$body = __('A password reset request was submitted for the account '.
		           'associated with your e-mail address. If you wish to reset '.
		           'your password follow the link below, otherwise ignore '.
		           'this message and nothing will happen.').
		           "\n\n".
			   "{$AUR_LOCATION}/" . get_uri('/passreset/') . "?".
		           "resetkey={$resetkey}";
		$body = wordwrap($body, 70);
		$headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR";
		@mail($email, 'AUR Password Reset', $body, $headers);

	}
	header('Location: ' . get_uri('/passreset/') . '?step=confirm');
	exit();
}

$step = isset($_GET['step']) ? $_GET['step'] : NULL;

html_header(__("Password Reset"));

?>

<div class="box">
	<h2><?= __("Password Reset"); ?></h2>

	<?php if ($error): ?>
		<p><span class="error"><?= $error ?></span></p>
	<?php endif;?>
	<?php
	if ($step == 'confirm') {
		echo __('Check your e-mail for the confirmation link.');
	} elseif ($step == 'complete') {
		echo __('Your password has been reset successfully.');
	} elseif (isset($_GET['resetkey'])) {
	?>
	<form action="" method="post">
		<table>
			<tr>
				<td><?= __("Confirm your e-mail address:"); ?></td>
				<td><input type="text" name="email" size="30" maxlength="64" /></td>
			</tr>
			<tr>
				<td><?= __("Enter your new password:"); ?></td>
				<td><input type="password" name="password" size="30" maxlength="32" /></td>
			</tr>
			<tr>
				<td><?= __("Confirm your new password:"); ?></td>
				<td><input type="password" name="confirm" size="30" maxlength="32" /></td>
			</tr>
		</table>
		<br />
		<input type="submit" class="button" value="<?= __('Continue') ?>" />
	</form>
	<?php
	} else {
	?>
	<p><?= __('If you have forgotten the e-mail address you used to register, please send a message to the %saur-general%s mailing list.',
	'<a href="http://mailman.archlinux.org/mailman/listinfo/aur-general">',
	'</a>'); ?></p>
	<form action="" method="post">
		<p><?= __("Enter your e-mail address:"); ?>
		<input type="text" name="email" size="30" maxlength="64" /></p>
		<input type="submit" class="button" value="<?= __('Continue') ?>" />
	</form>
	<?php } ?>
</div>

<?php

html_footer(AUR_VERSION);