From f43e9e97a53a0ff85e728c477e72ceaa98d3415d Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 22 Mar 2013 14:50:02 +0400 Subject: [PATCH] add basic password recovery thing --- classes/handler/public.php | 87 ++++++++++++++++++++++++++++++++ classes/pref/users.php | 25 +++++---- include/login_form.php | 16 ++++++ templates/resetpass_template.txt | 2 +- utility.css | 22 ++++++++ 5 files changed, 140 insertions(+), 12 deletions(-) diff --git a/classes/handler/public.php b/classes/handler/public.php index 6b588f81..53051a1f 100644 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -708,5 +708,92 @@ class Handler_Public extends Handler { print json_encode(array("error" => array("code" => 7))); } + function forgotpass() { + header('Content-Type: text/html; charset=utf-8'); + print " + + Tiny Tiny RSS + + + + + + "; + + print ''; + print "

".__("Reset password")."

"; + + @$method = $_POST['method']; + + if (!$method) { + $secretkey = uniqid(); + $_SESSION["secretkey"] = $secretkey; + + print "
"; + print ""; + print ""; + print ""; + + print "
"; + print ""; + print ""; + print "
"; + + print "
"; + print ""; + print ""; + print "
"; + + print "
"; + print ""; + print ""; + print "
"; + + print "

"; + print ""; + + print "

"; + } else if ($method == 'do') { + + $secretkey = $_POST["secretkey"]; + $login = db_escape_string($this->link, $_POST["login"]); + $email = db_escape_string($this->link, $_POST["email"]); + $test = db_escape_string($this->link, $_POST["test"]); + + if (($test != 4 && $test != 'four') || !$email || !$login) { + print_error(__('Some of the required form parameters are missing or incorrect.')); + + print "

".__("Go back")."

"; + + } else if ($_SESSION["secretkey"] == $secretkey) { + + $result = db_query($this->link, "SELECT id FROM ttrss_users + WHERE login = '$login' AND email = '$email'"); + + if (db_num_rows($result) != 0) { + $id = db_fetch_result($result, 0, "id"); + + Pref_Users::resetUserPassword($this->link, $id, false); + + print "

".__("Completed.")."

"; + + } else { + print_error(__("Sorry, login and email combination not found.")); + print "

".__("Go back")."

"; + } + + } else { + print_error(__("Form secret key incorrect. Please enable cookies and try again.")); + print "

".__("Go back")."

"; + + } + + } + + print ""; + print ""; + + } + } ?> diff --git a/classes/pref/users.php b/classes/pref/users.php index fbba5e40..b4f04377 100644 --- a/classes/pref/users.php +++ b/classes/pref/users.php @@ -270,11 +270,9 @@ class Pref_Users extends Handler_Protected { } } - function resetPass() { + static function resetUserPassword($link, $uid, $show_password) { - $uid = db_escape_string($this->link, $_REQUEST["id"]); - - $result = db_query($this->link, "SELECT login,email + $result = db_query($link, "SELECT login,email FROM ttrss_users WHERE id = '$uid'"); $login = db_fetch_result($result, 0, "login"); @@ -286,18 +284,20 @@ class Pref_Users extends Handler_Protected { $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); - db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt' + db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt' WHERE id = '$uid'"); - print T_sprintf("Changed password of user %s - to %s", $login, $tmp_user_pwd); + if ($show_password) { + print T_sprintf("Changed password of user %s + to %s", $login, $tmp_user_pwd); + } else { + print T_sprintf("Sending new password of user %s + to %s", $login, $email); + } require_once 'lib/phpmailer/class.phpmailer.php'; if ($email) { - print " "; - print T_sprintf("Notifying %s.", $email); - require_once "lib/MiniTemplator.class.php"; $tpl = new MiniTemplator; @@ -340,8 +340,11 @@ class Pref_Users extends Handler_Protected { if (!$rc) print_error($mail->ErrorInfo); } + } - print ""; + function resetPass() { + $uid = db_escape_string($this->link, $_REQUEST["id"]); + Pref_Users::resetUserPassword($this->link, $uid, true); } function index() { diff --git a/include/login_form.php b/include/login_form.php index 68df544e..af451239 100644 --- a/include/login_form.php +++ b/include/login_form.php @@ -65,6 +65,20 @@ font-size : 12px; } + a.forgotpass { + text-align : right; + font-size : 11px; + display : inline-block; + } + + a { + color : #4684ff; + } + + a:hover { + color : black; + } + div.footer a { color : gray; } @@ -179,6 +193,8 @@ function bwLimitChange(elem) { "/> + +
diff --git a/templates/resetpass_template.txt b/templates/resetpass_template.txt index dd96f2c9..c262f9a7 100644 --- a/templates/resetpass_template.txt +++ b/templates/resetpass_template.txt @@ -1,7 +1,7 @@ Hello, ${LOGIN}. -Your password for this Tiny Tiny RSS installation has been reset by an administrator. +Your password for this Tiny Tiny RSS installation has been reset. Your new password is ${NEWPASS}, please remember it for later reference. diff --git a/utility.css b/utility.css index de0042a7..b520a49b 100644 --- a/utility.css +++ b/utility.css @@ -182,3 +182,25 @@ div.autocomplete ul li { cursor : pointer; } +fieldset { + border-width : 0px; + padding : 0px 0px 5px 0px; + margin : 0px; +} + +fieldset input { + font-family : sans-serif; + font-size : medium; + border-spacing : 2px; + border : 1px solid #b5bcc7; + padding : 2px; +} + +fieldset label { + width : 120px; + margin-right : 20px; + display : inline-block; + text-align : right; + color : gray; +} +