From 90583f31af6392005b11915e2e0f2a6755ab0ea7 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Tue, 24 Jun 2008 17:50:33 -0400 Subject: rudimentary recoverpassword system darcs-hash:20080624215033-34904-d5576bf55da26df44f0580c3759ed3edd8597506.gz --- actions/login.php | 4 + actions/recoverpassword.php | 236 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 240 insertions(+) create mode 100644 actions/recoverpassword.php (limited to 'actions') diff --git a/actions/login.php b/actions/login.php index 3919b4f7e..83fa3ed23 100644 --- a/actions/login.php +++ b/actions/login.php @@ -75,6 +75,10 @@ class LoginAction extends Action { 'not for shared computers!')); common_submit('submit', _t('Login')); common_element_end('form'); + common_element_start('p'); + common_element('a', array('href' => common_local_url('recoverpassword')), + _t('Lost or forgotten password?')); + common_element_end('p'); common_show_footer(); } diff --git a/actions/recoverpassword.php b/actions/recoverpassword.php new file mode 100644 index 000000000..66267e558 --- /dev/null +++ b/actions/recoverpassword.php @@ -0,0 +1,236 @@ +. + */ + +if (!defined('LACONICA')) { exit(1); } + +class RecoverpasswordAction extends Action { + + function handle($args) { + parent::handle($args); + if (common_logged_in()) { + $this->client_error(_t('You are already logged in!')); + return; + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + if ($this->arg('recover')) { + $this->recover_password(); + } else if ($this->arg('reset')) { + $this->reset_password(); + } else { + $this->client_error(_t('Unexpected form.')); + } + } else { + if ($this->trimmed('code')) { + $this->check_code(); + } else { + $this->show_form(); + } + } + } + + function check_code() { + $code = $this->trimmed('code'); + $confirm = Confirm_address::staticGet($code); + if ($confirm && $confirm->type == 'recover') { + $user = User::staticGet($confirm->user_id); + if ($user) { + $result = $confirm->delete(); + if (!$result) { + common_log_db_error($confirm, 'DELETE', __FILE__); + common_server_error(_t('Error with confirmation code.')); + return; + } + $this->set_temp_user($user); + $this->show_password_form(); + } + } + } + + function set_temp_user(&$user) { + common_ensure_session(); + $_SESSION['tempuser'] = $user->id; + } + + function get_temp_user() { + common_ensure_session(); + $user_id = $_SESSION['tempuser']; + if ($user_id) { + $user = User::staticGet($user_id); + } + return $user; + } + + function clear_temp_user() { + common_ensure_session(); + unset($_SESSION['tempuser']); + } + + function show_top($msg=NULL) { + if ($msg) { + $this->message($msg, $success); + } else { + common_element('div', 'instructions', + _t('If you\'ve forgotten or lost your' . + ' password, you can get a new one sent ' . + ' the email address you have stored ' . + ' in your account.')); + } + } + + function show_password_top($msg=NULL) { + if ($msg) { + $this->message($msg, $success); + } else { + common_element('div', 'instructions', + _t('You\ve been identified . Enter a ' . + ' new password below. ')); + } + } + + function show_form($msg=NULL) { + + common_show_header(_t('Recover password'), NULL, + $msg, array($this, 'show_top')); + + common_element_start('form', array('method' => 'POST', + 'id' => 'recoverpassword', + 'action' => common_local_url('recoverpassword'))); + common_input('nicknameoremail', _t('Nickname or email'), + $this->trimmed('nicknameoremail'), + _t('Your nickname on this server, ' . + 'or your registered email address.')); + common_submit('recover', _t('Recover')); + common_element_end('form'); + common_show_footer(); + } + + function show_password_form($msg=NULL) { + + common_show_header(_t('Reset password'), NULL, + $msg, array($this, 'show_password_top')); + + common_element_start('form', array('method' => 'POST', + 'id' => 'recoverpassword', + 'action' => common_local_url('recoverpassword'))); + common_password('newpassword', _t('New password'), + _t('6 or more characters, and don\'t forget it!')); + common_password('confirm', _t('Confirm'), + _t('Same as password above')); + common_submit('reset', _t('Reset')); + common_element_end('form'); + common_show_footer(); + } + + function recover_password() { + $nore = $this->trimmed('nicknameoremail'); + if (!$nore) { + $this->show_form(_t('Enter a nickname or email address.')); + return; + } + $user = User::staticGet('email', common_canonical_email($nore)); + if (!$user) { + $user = User::staticGet('nickname', common_canonical_nickname($nore)); + } + + if (!$user) { + $this->show_form(_t('No such user.')); + return; + } + if (!$user->email) { + $this->client_error(_t('No registered email address for that user.')); + return; + } + + $confirm = new Confirm_address(); + $confirm->code = common_confirmation_code(128); + $confirm->type = 'recover'; + $confirm->user_id = $user->id; + $confirm->address = $user->email; + + if (!$confirm->insert()) { + common_log_db_error($confirm, 'INSERT', __FILE__); + $this->server_error(_t('Error saving address confirmation.')); + return; + } + + $body = "Hey, $user->nickname."; + $body .= "\n\n"; + $body .= 'Someone just asked for a new password ' . + 'for this account on ' . common_config('site', 'name') . '.'; + $body .= "\n\n"; + $body .= 'If it was you, and you want to confirm, use the URL below:'; + $body .= "\n\n"; + $body .= "\t".common_local_url('confirmaddress', + array('code' => $code)); + $body .= "\n\n"; + $body .= 'If not, just ignore this message.'; + $body .= "\n\n"; + $body .= 'Thanks for your time, '; + $body .= "\n"; + $body .= common_config('site', 'name'); + $body .= "\n"; + + return mail_to_user($user, _t('Password recovery requested'), $body); + } + + function reset_password() { + + $user = $this->get_temp_user(); + + if (!$user) { + $this->client_error(_t('Unexpected password reset.')); + return; + } + $password = $this->trimmed('password'); + $confirm = $this->trimmed('confirm'); + if (!$password || strlen($password) < 6) { + $this->show_password_form(_t('Password must be 6 chars or more.')); + return; + } + if ($password != $confirm) { + $this->show_password_form(_t('Password and confirmation do not match.')); + return; + } + + # OK, we're ready to go + + $original = clone($user); + + $user->password = common_munge_password($newpassword, $user->id); + + if (!$user->update($original)) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_t('Can\'t save new password.')); + return; + } + + $this->clear_temp_user(); + + if (!common_set_user($user->nickname)) { + common_server_error(_t('Error setting user.')); + return; + } + + common_real_login(true); + + common_show_header(_('Password saved.')); + common_element('p', NULL, _t('New password successfully saved. ' . + 'You are now logged in.')); + common_show_footer(); + } +} -- cgit v1.2.3-54-g00ecf