diff options
author | Andrew Dolgov <[email protected]> | 2013-03-22 14:50:02 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2013-03-22 14:50:02 +0400 |
commit | f43e9e97a53a0ff85e728c477e72ceaa98d3415d (patch) | |
tree | 671199b15bd1c870dea4f9e7f076bde7ba6a3742 | |
parent | 1da5179c5df7eed1fd14b4cee70dd2703679995c (diff) |
add basic password recovery thing
-rw-r--r-- | classes/handler/public.php | 87 | ||||
-rw-r--r-- | classes/pref/users.php | 25 | ||||
-rw-r--r-- | include/login_form.php | 16 | ||||
-rw-r--r-- | templates/resetpass_template.txt | 2 | ||||
-rw-r--r-- | utility.css | 22 |
5 files changed, 140 insertions, 12 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php index 6b588f813..53051a1f8 100644 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -708,5 +708,92 @@ class Handler_Public extends Handler { print json_encode(array("error" => array("code" => 7))); } + function forgotpass() { + header('Content-Type: text/html; charset=utf-8'); + print "<html> + <head> + <title>Tiny Tiny RSS</title> + <link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\"> + <script type=\"text/javascript\" src=\"lib/prototype.js\"></script> + <script type=\"text/javascript\" src=\"lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls\"></script> + <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> + </head> + <body id='forgotpass'>"; + + print '<div class="floatingLogo"><img src="images/logo_wide.png"></div>'; + print "<h1>".__("Reset password")."</h1>"; + + @$method = $_POST['method']; + + if (!$method) { + $secretkey = uniqid(); + $_SESSION["secretkey"] = $secretkey; + + print "<form method='POST' action='public.php'>"; + print "<input type='hidden' name='secretkey' value='$secretkey'>"; + print "<input type='hidden' name='method' value='do'>"; + print "<input type='hidden' name='op' value='forgotpass'>"; + + print "<fieldset>"; + print "<label>".__("Login:")."</label>"; + print "<input type='text' name='login' value='' required>"; + print "</fieldset>"; + + print "<fieldset>"; + print "<label>".__("Email:")."</label>"; + print "<input type='email' name='email' value='' required>"; + print "</fieldset>"; + + print "<fieldset>"; + print "<label>".__("How much is two plus two:")."</label>"; + print "<input type='text' name='test' value='' required>"; + print "</fieldset>"; + + print "<p/>"; + print "<button type='submit'>".__("Reset password")."</button>"; + + print "</form>"; + } else if ($method == 'do') { + + $secretkey = $_POST["secretkey"]; + $login = db_escape_string($this->link, $_POST["login"]); + $email = db_escape_string($this->link, $_POST["email"]); + $test = db_escape_string($this->link, $_POST["test"]); + + if (($test != 4 && $test != 'four') || !$email || !$login) { + print_error(__('Some of the required form parameters are missing or incorrect.')); + + print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>"; + + } else if ($_SESSION["secretkey"] == $secretkey) { + + $result = db_query($this->link, "SELECT id FROM ttrss_users + WHERE login = '$login' AND email = '$email'"); + + if (db_num_rows($result) != 0) { + $id = db_fetch_result($result, 0, "id"); + + Pref_Users::resetUserPassword($this->link, $id, false); + + print "<p>".__("Completed.")."</p>"; + + } else { + print_error(__("Sorry, login and email combination not found.")); + print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>"; + } + + } else { + print_error(__("Form secret key incorrect. Please enable cookies and try again.")); + print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>"; + + } + + } + + print "</body>"; + print "</html>"; + + } + } ?> diff --git a/classes/pref/users.php b/classes/pref/users.php index fbba5e407..b4f043775 100644 --- a/classes/pref/users.php +++ b/classes/pref/users.php @@ -270,11 +270,9 @@ class Pref_Users extends Handler_Protected { } } - function resetPass() { - - $uid = db_escape_string($this->link, $_REQUEST["id"]); + static function resetUserPassword($link, $uid, $show_password) { - $result = db_query($this->link, "SELECT login,email + $result = db_query($link, "SELECT login,email FROM ttrss_users WHERE id = '$uid'"); $login = db_fetch_result($result, 0, "login"); @@ -286,18 +284,20 @@ class Pref_Users extends Handler_Protected { $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); - db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt' + db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt' WHERE id = '$uid'"); - print T_sprintf("Changed password of user <b>%s</b> - to <b>%s</b>", $login, $tmp_user_pwd); + if ($show_password) { + print T_sprintf("Changed password of user <b>%s</b> + to <b>%s</b>", $login, $tmp_user_pwd); + } else { + print T_sprintf("Sending new password of user <b>%s</b> + to <b>%s</b>", $login, $email); + } require_once 'lib/phpmailer/class.phpmailer.php'; if ($email) { - print " "; - print T_sprintf("Notifying <b>%s</b>.", $email); - require_once "lib/MiniTemplator.class.php"; $tpl = new MiniTemplator; @@ -340,8 +340,11 @@ class Pref_Users extends Handler_Protected { if (!$rc) print_error($mail->ErrorInfo); } + } - print "</div>"; + function resetPass() { + $uid = db_escape_string($this->link, $_REQUEST["id"]); + Pref_Users::resetUserPassword($this->link, $uid, true); } function index() { diff --git a/include/login_form.php b/include/login_form.php index 68df544e3..af451239d 100644 --- a/include/login_form.php +++ b/include/login_form.php @@ -65,6 +65,20 @@ font-size : 12px; } + a.forgotpass { + text-align : right; + font-size : 11px; + display : inline-block; + } + + a { + color : #4684ff; + } + + a:hover { + color : black; + } + div.footer a { color : gray; } @@ -179,6 +193,8 @@ function bwLimitChange(elem) { <input type="password" name="password" required="1" style="width : 220px" class="input" value="<?php echo $_SESSION["fake_password"] ?>"/> + <label></label> + <a class='forgotpass' href="public.php?op=forgotpass"><?php echo __("I forgot my password") ?></a> </div> <div class="row"> diff --git a/templates/resetpass_template.txt b/templates/resetpass_template.txt index dd96f2c92..c262f9a77 100644 --- a/templates/resetpass_template.txt +++ b/templates/resetpass_template.txt @@ -1,7 +1,7 @@ <!-- $BeginBlock message --> Hello, ${LOGIN}. -Your password for this Tiny Tiny RSS installation has been reset by an administrator. +Your password for this Tiny Tiny RSS installation has been reset. Your new password is ${NEWPASS}, please remember it for later reference. diff --git a/utility.css b/utility.css index de0042a77..b520a49bd 100644 --- a/utility.css +++ b/utility.css @@ -182,3 +182,25 @@ div.autocomplete ul li { cursor : pointer; } +fieldset { + border-width : 0px; + padding : 0px 0px 5px 0px; + margin : 0px; +} + +fieldset input { + font-family : sans-serif; + font-size : medium; + border-spacing : 2px; + border : 1px solid #b5bcc7; + padding : 2px; +} + +fieldset label { + width : 120px; + margin-right : 20px; + display : inline-block; + text-align : right; + color : gray; +} + |