summaryrefslogtreecommitdiffstats
path: root/web/html/passreset.php
diff options
context:
space:
mode:
Diffstat (limited to 'web/html/passreset.php')
-rw-r--r--web/html/passreset.php122
1 files changed, 49 insertions, 73 deletions
diff --git a/web/html/passreset.php b/web/html/passreset.php
index 97fbebb0..cb88e5ab 100644
--- a/web/html/passreset.php
+++ b/web/html/passreset.php
@@ -30,25 +30,10 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
}
if (empty($error)) {
- $dbh = db_connect();
$salt = generate_salt();
$hash = salted_hash($password, $salt);
- # The query below won't affect any records unless the ResetKey
- # and Email combination is correct and ResetKey is nonempty
- $q = "UPDATE Users
- SET Passwd = '$hash',
- Salt = '$salt',
- ResetKey = ''
- WHERE ResetKey != ''
- AND ResetKey = '".db_escape_string($resetkey)."'
- AND Email = '".db_escape_string($email)."'";
- $result = db_query($q, $dbh);
- if (!mysql_affected_rows($dbh)) {
- $error = __('Invalid e-mail and reset key combination.');
- } else {
- header('Location: passreset.php?step=complete');
- exit();
- }
+
+ $error = password_reset($hash, $salt, $resetkey, $email);
}
} elseif (isset($_POST['email'])) {
$email = $_POST['email'];
@@ -56,22 +41,18 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
if ($uid != NULL && $uid != 'None') {
# We (ab)use new_sid() to get a random 32 characters long string
$resetkey = new_sid();
- $dbh = db_connect();
- $q = "UPDATE Users
- SET ResetKey = '" . $resetkey . "'
- WHERE ID = " . $uid;
- db_query($q, $dbh);
+ create_resetkey($resetkey, $uid);
# Send email with confirmation link
$body = __('A password reset request was submitted for the account '.
'associated with your e-mail address. If you wish to reset '.
'your password follow the link below, otherwise ignore '.
'this message and nothing will happen.').
"\n\n".
- 'https://aur.archlinux.org/passreset.php?'.
+ "{$AUR_LOCATION}/passreset.php?".
"resetkey={$resetkey}";
$body = wordwrap($body, 70);
- $headers = "To: {$email}\nReply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR";
- @mail(' ', 'AUR Password Reset', $body, $headers);
+ $headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR";
+ @mail($email, 'AUR Password Reset', $body, $headers);
}
header('Location: passreset.php?step=confirm');
@@ -84,54 +65,49 @@ html_header(__("Password Reset"));
?>
-<div class="pgbox">
- <div class="pgboxtitle">
- <span class="f3"><?php print __("Password Reset"); ?></span>
- </div>
- <div class="pgboxbody">
- <?php
- if ($error) {
- echo '<p><span class="error">'.$error.'</span></p>';
- }
- ?>
- <?php
- if ($step == 'confirm') {
- echo __('Check your e-mail for the confirmation link.');
- } elseif ($step == 'complete') {
- echo __('Your password has been reset successfully.');
- } elseif (isset($_GET['resetkey'])) {
- ?>
- <form action="" method="post">
- <table>
- <tr>
- <td><?php echo __("Confirm your e-mail address:"); ?></td>
- <td><input type="text" name="email" size="30" maxlength="64" /></td>
- </tr>
- <tr>
- <td><?php echo __("Enter your new password:"); ?></td>
- <td><input type="password" name="password" size="30" maxlength="32" /></td>
- </tr>
- <tr>
- <td><?php echo __("Confirm your new password:"); ?></td>
- <td><input type="password" name="confirm" size="30" maxlength="32" /></td>
- </tr>
- </table>
- <br />
- <input type="submit" class="button" value="<?php echo __('Continue') ?>" />
- </form>
- <?php
- } else {
- ?>
- <p><?php echo __('If you have forgotten the e-mail address you used to register, please send a message to the %haur-general%h mailing list.',
- '<a href="http://mailman.archlinux.org/mailman/listinfo/aur-general">',
- '</a>'); ?></p>
- <form action="" method="post">
- <p><?php echo __("Enter your e-mail address:"); ?>
- <input type="text" name="email" size="30" maxlength="64" /></p>
- <input type="submit" class="button" value="<?php echo __('Continue') ?>" />
- </form>
- <?php } ?>
- </div>
+<div class="box">
+ <h2><?php print __("Password Reset"); ?></h2>
+
+ <?php if ($error): ?>
+ <p><span class="error"><?php echo $error ?></span></p>
+ <?php endif;?>
+ <?php
+ if ($step == 'confirm') {
+ echo __('Check your e-mail for the confirmation link.');
+ } elseif ($step == 'complete') {
+ echo __('Your password has been reset successfully.');
+ } elseif (isset($_GET['resetkey'])) {
+ ?>
+ <form action="" method="post">
+ <table>
+ <tr>
+ <td><?php echo __("Confirm your e-mail address:"); ?></td>
+ <td><input type="text" name="email" size="30" maxlength="64" /></td>
+ </tr>
+ <tr>
+ <td><?php echo __("Enter your new password:"); ?></td>
+ <td><input type="password" name="password" size="30" maxlength="32" /></td>
+ </tr>
+ <tr>
+ <td><?php echo __("Confirm your new password:"); ?></td>
+ <td><input type="password" name="confirm" size="30" maxlength="32" /></td>
+ </tr>
+ </table>
+ <br />
+ <input type="submit" class="button" value="<?php echo __('Continue') ?>" />
+ </form>
+ <?php
+ } else {
+ ?>
+ <p><?php echo __('If you have forgotten the e-mail address you used to register, please send a message to the %saur-general%s mailing list.',
+ '<a href="http://mailman.archlinux.org/mailman/listinfo/aur-general">',
+ '</a>'); ?></p>
+ <form action="" method="post">
+ <p><?php echo __("Enter your e-mail address:"); ?>
+ <input type="text" name="email" size="30" maxlength="64" /></p>
+ <input type="submit" class="button" value="<?php echo __('Continue') ?>" />
+ </form>
+ <?php } ?>
</div>
<?php