diff options
| author | wn_ <[email protected]> | 2021-03-17 16:18:06 +0000 |
|---|---|---|
| committer | wn_ <[email protected]> | 2021-03-17 16:18:06 +0000 |
| commit | 541a07250ce535ddac4402ddccb60e7e90513c2b (patch) | |
| tree | 3caaf6aba2e75c3af12228368ecadf6d2c771094 /classes/handler | |
| parent | f057c124d1dd4f4bf55f5641731b264363ceb2b9 (diff) | |
Switch 'Handler_Public->forgotpass' to ORM
Diffstat (limited to 'classes/handler')
| -rwxr-xr-x | classes/handler/public.php | 88 |
1 files changed, 34 insertions, 54 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php index 6c3c91e78..fc3a6818c 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -447,24 +447,21 @@ class Handler_Public extends Handler { $login = clean($_REQUEST["login"]); if ($login) { - $sth = $this->pdo->prepare("SELECT id, resetpass_token FROM ttrss_users - WHERE LOWER(login) = LOWER(?)"); - $sth->execute([$login]); + $user = ORM::for_table('ttrss_users') + ->select('id', 'resetpass_token') + ->where_raw('LOWER(login) = LOWER(?)', [$login]) + ->find_one(); - if ($row = $sth->fetch()) { - $id = $row["id"]; - $resetpass_token_full = $row["resetpass_token"]; - list($timestamp, $resetpass_token) = explode(":", $resetpass_token_full); + if ($user) { + list($timestamp, $resetpass_token) = explode(":", $user->resetpass_token); if ($timestamp && $resetpass_token && $timestamp >= time() - 15*60*60 && $resetpass_token === $hash) { + $user->resetpass_token = null; + $user->save(); - $sth = $this->pdo->prepare("UPDATE ttrss_users SET resetpass_token = NULL - WHERE id = ?"); - $sth->execute([$id]); - - UserHelper::reset_password($id, true); + UserHelper::reset_password($user->id, true); print "<p>"."Completed."."</p>"; @@ -513,7 +510,6 @@ class Handler_Public extends Handler { </form>"; } else if ($method == 'do') { - $login = clean($_POST["login"]); $email = clean($_POST["email"]); $test = clean($_POST["test"]); @@ -525,64 +521,51 @@ class Handler_Public extends Handler { <input type='hidden' name='op' value='forgotpass'> <button dojoType='dijit.form.Button' type='submit' class='alt-primary'>".__("Go back")."</button> </form>"; - } else { - // prevent submitting this form multiple times $_SESSION["pwdreset:testvalue1"] = rand(1, 1000); $_SESSION["pwdreset:testvalue2"] = rand(1, 1000); - $sth = $this->pdo->prepare("SELECT id FROM ttrss_users - WHERE LOWER(login) = LOWER(?) AND email = ?"); - $sth->execute([$login, $email]); + $user = ORM::for_table('ttrss_users') + ->select('id') + ->where_raw('LOWER(login) = LOWER(?)', [$login]) + ->where('email', $email) + ->find_one(); - if ($row = $sth->fetch()) { + if ($user) { print_notice("Password reset instructions are being sent to your email address."); - $id = $row["id"]; - - if ($id) { - $resetpass_token = sha1(get_random_bytes(128)); - $resetpass_link = get_self_url_prefix() . "/public.php?op=forgotpass&hash=" . $resetpass_token . - "&login=" . urlencode($login); - - $tpl = new Templator(); - - $tpl->readTemplateFromFile("resetpass_link_template.txt"); + $resetpass_token = sha1(get_random_bytes(128)); + $resetpass_link = get_self_url_prefix() . "/public.php?op=forgotpass&hash=" . $resetpass_token . + "&login=" . urlencode($login); - $tpl->setVariable('LOGIN', $login); - $tpl->setVariable('RESETPASS_LINK', $resetpass_link); - $tpl->setVariable('TTRSS_HOST', Config::get(Config::SELF_URL_PATH)); + $tpl = new Templator(); - $tpl->addBlock('message'); + $tpl->readTemplateFromFile("resetpass_link_template.txt"); - $message = ""; + $tpl->setVariable('LOGIN', $login); + $tpl->setVariable('RESETPASS_LINK', $resetpass_link); + $tpl->setVariable('TTRSS_HOST', Config::get(Config::SELF_URL_PATH)); - $tpl->generateOutputToString($message); + $tpl->addBlock('message'); - $mailer = new Mailer(); + $message = ""; - $rc = $mailer->mail(["to_name" => $login, - "to_address" => $email, - "subject" => __("[tt-rss] Password reset request"), - "message" => $message]); + $tpl->generateOutputToString($message); - if (!$rc) print_error($mailer->error()); + $mailer = new Mailer(); - $resetpass_token_full = time() . ":" . $resetpass_token; + $rc = $mailer->mail(["to_name" => $login, + "to_address" => $email, + "subject" => __("[tt-rss] Password reset request"), + "message" => $message]); - $sth = $this->pdo->prepare("UPDATE ttrss_users - SET resetpass_token = ? - WHERE LOWER(login) = LOWER(?) AND email = ?"); + if (!$rc) print_error($mailer->error()); - $sth->execute([$resetpass_token_full, $login, $email]); - - } else { - print_error("User ID not found."); - } + $user->resetpass_token = time() . ":" . $resetpass_token; + $user->save(); print "<a href='index.php'>".__("Return to Tiny Tiny RSS")."</a>"; - } else { print_error(__("Sorry, login and email combination not found.")); @@ -590,17 +573,14 @@ class Handler_Public extends Handler { <input type='hidden' name='op' value='forgotpass'> <button dojoType='dijit.form.Button' type='submit'>".__("Go back")."</button> </form>"; - } } - } print "</div>"; print "</div>"; print "</body>"; print "</html>"; - } function dbupdate() { |