summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--support/schema/aur-schema.sql2
-rw-r--r--web/html/passreset.php137
-rw-r--r--web/template/login_form.php2
3 files changed, 139 insertions, 2 deletions
diff --git a/support/schema/aur-schema.sql b/support/schema/aur-schema.sql
index 8d5c427e..39da1bd3 100644
--- a/support/schema/aur-schema.sql
+++ b/support/schema/aur-schema.sql
@@ -26,6 +26,7 @@ CREATE TABLE Users (
Username CHAR(32) NOT NULL,
Email CHAR(64) NOT NULL,
Passwd CHAR(32) NOT NULL,
+ ResetKey CHAR(32) NOT NULL DEFAULT '',
RealName CHAR(64) NOT NULL DEFAULT '',
LangPreference CHAR(2) NOT NULL DEFAULT 'en',
IRCNick CHAR(32) NOT NULL DEFAULT '',
@@ -229,4 +230,3 @@ CREATE TABLE IF NOT EXISTS TU_Votes (
VoteID int(10) unsigned NOT NULL,
UserID int(10) unsigned NOT NULL
);
-
diff --git a/web/html/passreset.php b/web/html/passreset.php
new file mode 100644
index 00000000..6fbd1caa
--- /dev/null
+++ b/web/html/passreset.php
@@ -0,0 +1,137 @@
+<?php
+
+set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
+
+include_once("aur.inc"); # access AUR common functions
+
+set_lang(); # this sets up the visitor's language
+check_sid(); # see if they're still logged in
+
+if (isset($_COOKIE["AURSID"])) {
+ header('Location: index.php');
+ exit();
+}
+
+$error = '';
+
+if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confirm'])) {
+ $resetkey = $_GET['resetkey'];
+ $email = $_POST['email'];
+ $password = $_POST['password'];
+ $confirm = $_POST['confirm'];
+ $uid = uid_from_email($email);
+
+ if (empty($email) || empty($password)) {
+ $error = __('Missing a required field.');
+ } elseif ($password != $confirm) {
+ $error = __('Password fields do not match.');
+ } elseif ($uid == NULL || $uid == 'None') {
+ $error = __('Invalid e-mail.');
+ }
+
+ if (empty($error)) {
+ $dbh = db_connect();
+ # The query below won't affect any records unless the ResetKey
+ # and Email combination is correct and ResetKey is nonempty
+ $q = "UPDATE Users
+ SET Passwd = '".md5($password)."',
+ ResetKey = ''
+ WHERE ResetKey != ''
+ AND ResetKey = '".mysql_real_escape_string($resetkey)."'
+ AND Email = '".mysql_real_escape_string($email)."'";
+ $result = db_query($q, $dbh);
+ if (!mysql_affected_rows($dbh)) {
+ $error = __('Invalid e-mail and reset key combination.');
+ } else {
+ header('Location: passreset.php?step=complete');
+ exit();
+ }
+ }
+} elseif (isset($_POST['email'])) {
+ $email = $_POST['email'];
+ $uid = uid_from_email($email);
+ if ($uid != NULL && $uid != 'None') {
+ # We (ab)use new_sid() to get a random 32 characters long string
+ $resetkey = new_sid();
+ $dbh = db_connect();
+ $q = "UPDATE Users
+ SET ResetKey = '$resetkey'
+ WHERE ID = '$uid'";
+ db_query($q, $dbh);
+ # Send email with confirmation link
+ $body = __('A password reset request was submitted for the account '.
+ 'associated with your e-mail address. If you wish to reset '.
+ 'your password follow the link below, otherwise ignore '.
+ 'this message and nothing will happen.').
+ "\n\n".
+ 'http://aur.archlinux.org/passreset.php?'.
+ "resetkey={$resetkey}";
+ $body = wordwrap($body, 70);
+ $headers = "To: {$email}\nReply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR";
+ @mail(' ', 'AUR Password Reset', $body, $headers);
+
+ }
+ header('Location: passreset.php?step=confirm');
+ exit();
+}
+
+$step = isset($_GET['step']) ? $_GET['step'] : NULL;
+
+html_header(__("Password Reset"));
+
+?>
+
+<div class="pgbox">
+ <div class="pgboxtitle">
+ <span class="f3"><?php print __("Password Reset"); ?></span>
+ </div>
+ <div class="pgboxbody">
+ <?php
+ if ($error) {
+ echo '<p><span class="error">'.$error.'</span></p>';
+ }
+ ?>
+ <?php
+ if ($step == 'confirm') {
+ echo __('Check your e-mail for the confirmation link.');
+ } elseif ($step == 'complete') {
+ echo __('Your password has been reset successfully.');
+ } elseif (isset($_GET['resetkey'])) {
+ ?>
+ <form action="" method="post">
+ <table>
+ <tr>
+ <td><?php echo __("Confirm your e-mail address:"); ?></td>
+ <td><input type="text" name="email" size="30" maxlength="64" /></td>
+ </tr>
+ <tr>
+ <td><?php echo __("Enter your new password:"); ?></td>
+ <td><input type="password" name="password" size="30" maxlength="32" /></td>
+ </tr>
+ <tr>
+ <td><?php echo __("Confirm your new password:"); ?></td>
+ <td><input type="password" name="confirm" size="30" maxlength="32" /></td>
+ </tr>
+ </table>
+ <br />
+ <input type="submit" class="button" value="Continue" />
+ </form>
+ <?php
+ } else {
+ ?>
+ <p><?php echo __('If you have forgotten the e-mail address you used to
+ register, please send a message to the %haur-general%h mailing list.',
+ '<a href="http://mailman.archlinux.org/mailman/listinfo/aur-general">',
+ '</a>'); ?></p>
+ <form action="" method="post">
+ <p><?php echo __("Enter your e-mail address:"); ?>
+ <input type="text" name="email" size="30" maxlength="64" /></p>
+ <input type="submit" class="button" value="Continue" />
+ </form>
+ <?php } ?>
+ </div>
+</div>
+
+<?php
+
+html_footer(AUR_VERSION);
diff --git a/web/template/login_form.php b/web/template/login_form.php
index d0df370d..5cf708de 100644
--- a/web/template/login_form.php
+++ b/web/template/login_form.php
@@ -25,6 +25,6 @@ else {
<input type="submit" class="button" value="<?php print __("Login"); ?>" />
</div>
</form>
+<a href="passreset.php">[Forgot Password]</a>
<?php } ?>
</div>
-