diff options
Diffstat (limited to 'web/html/passreset.php')
-rw-r--r-- | web/html/passreset.php | 122 |
1 files changed, 49 insertions, 73 deletions
diff --git a/web/html/passreset.php b/web/html/passreset.php index 97fbebb0..cb88e5ab 100644 --- a/web/html/passreset.php +++ b/web/html/passreset.php @@ -30,25 +30,10 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir } if (empty($error)) { - $dbh = db_connect(); $salt = generate_salt(); $hash = salted_hash($password, $salt); - # The query below won't affect any records unless the ResetKey - # and Email combination is correct and ResetKey is nonempty - $q = "UPDATE Users - SET Passwd = '$hash', - Salt = '$salt', - ResetKey = '' - WHERE ResetKey != '' - AND ResetKey = '".db_escape_string($resetkey)."' - AND Email = '".db_escape_string($email)."'"; - $result = db_query($q, $dbh); - if (!mysql_affected_rows($dbh)) { - $error = __('Invalid e-mail and reset key combination.'); - } else { - header('Location: passreset.php?step=complete'); - exit(); - } + + $error = password_reset($hash, $salt, $resetkey, $email); } } elseif (isset($_POST['email'])) { $email = $_POST['email']; @@ -56,22 +41,18 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir if ($uid != NULL && $uid != 'None') { # We (ab)use new_sid() to get a random 32 characters long string $resetkey = new_sid(); - $dbh = db_connect(); - $q = "UPDATE Users - SET ResetKey = '" . $resetkey . "' - WHERE ID = " . $uid; - db_query($q, $dbh); + create_resetkey($resetkey, $uid); # Send email with confirmation link $body = __('A password reset request was submitted for the account '. 'associated with your e-mail address. If you wish to reset '. 'your password follow the link below, otherwise ignore '. 'this message and nothing will happen.'). "\n\n". - 'https://aur.archlinux.org/passreset.php?'. + "{$AUR_LOCATION}/passreset.php?". "resetkey={$resetkey}"; $body = wordwrap($body, 70); - $headers = "To: {$email}\nReply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR"; - @mail(' ', 'AUR Password Reset', $body, $headers); + $headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR"; + @mail($email, 'AUR Password Reset', $body, $headers); } header('Location: passreset.php?step=confirm'); @@ -84,54 +65,49 @@ html_header(__("Password Reset")); ?> -<div class="pgbox"> - <div class="pgboxtitle"> - <span class="f3"><?php print __("Password Reset"); ?></span> - </div> - <div class="pgboxbody"> - <?php - if ($error) { - echo '<p><span class="error">'.$error.'</span></p>'; - } - ?> - <?php - if ($step == 'confirm') { - echo __('Check your e-mail for the confirmation link.'); - } elseif ($step == 'complete') { - echo __('Your password has been reset successfully.'); - } elseif (isset($_GET['resetkey'])) { - ?> - <form action="" method="post"> - <table> - <tr> - <td><?php echo __("Confirm your e-mail address:"); ?></td> - <td><input type="text" name="email" size="30" maxlength="64" /></td> - </tr> - <tr> - <td><?php echo __("Enter your new password:"); ?></td> - <td><input type="password" name="password" size="30" maxlength="32" /></td> - </tr> - <tr> - <td><?php echo __("Confirm your new password:"); ?></td> - <td><input type="password" name="confirm" size="30" maxlength="32" /></td> - </tr> - </table> - <br /> - <input type="submit" class="button" value="<?php echo __('Continue') ?>" /> - </form> - <?php - } else { - ?> - <p><?php echo __('If you have forgotten the e-mail address you used to register, please send a message to the %haur-general%h mailing list.', - '<a href="http://mailman.archlinux.org/mailman/listinfo/aur-general">', - '</a>'); ?></p> - <form action="" method="post"> - <p><?php echo __("Enter your e-mail address:"); ?> - <input type="text" name="email" size="30" maxlength="64" /></p> - <input type="submit" class="button" value="<?php echo __('Continue') ?>" /> - </form> - <?php } ?> - </div> +<div class="box"> + <h2><?php print __("Password Reset"); ?></h2> + + <?php if ($error): ?> + <p><span class="error"><?php echo $error ?></span></p> + <?php endif;?> + <?php + if ($step == 'confirm') { + echo __('Check your e-mail for the confirmation link.'); + } elseif ($step == 'complete') { + echo __('Your password has been reset successfully.'); + } elseif (isset($_GET['resetkey'])) { + ?> + <form action="" method="post"> + <table> + <tr> + <td><?php echo __("Confirm your e-mail address:"); ?></td> + <td><input type="text" name="email" size="30" maxlength="64" /></td> + </tr> + <tr> + <td><?php echo __("Enter your new password:"); ?></td> + <td><input type="password" name="password" size="30" maxlength="32" /></td> + </tr> + <tr> + <td><?php echo __("Confirm your new password:"); ?></td> + <td><input type="password" name="confirm" size="30" maxlength="32" /></td> + </tr> + </table> + <br /> + <input type="submit" class="button" value="<?php echo __('Continue') ?>" /> + </form> + <?php + } else { + ?> + <p><?php echo __('If you have forgotten the e-mail address you used to register, please send a message to the %saur-general%s mailing list.', + '<a href="http://mailman.archlinux.org/mailman/listinfo/aur-general">', + '</a>'); ?></p> + <form action="" method="post"> + <p><?php echo __("Enter your e-mail address:"); ?> + <input type="text" name="email" size="30" maxlength="64" /></p> + <input type="submit" class="button" value="<?php echo __('Continue') ?>" /> + </form> + <?php } ?> </div> <?php |