From e5a839bf0b9884e2a015b3f0b3fdbf23d1a1654c Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Thu, 30 Jan 2020 16:57:22 +0100 Subject: Add option to send reset key for a given user name In addition to supporting email addresses in the reset key form, also support user names. The reset key is then sent to the email address in the user's profile. Signed-off-by: Lukas Fleischer --- web/html/passreset.php | 25 ++++++++++++------------- web/lib/acctfuncs.inc.php | 13 +++++++------ 2 files changed, 19 insertions(+), 19 deletions(-) (limited to 'web') diff --git a/web/html/passreset.php b/web/html/passreset.php index 9e7cee88..b3c8bd29 100644 --- a/web/html/passreset.php +++ b/web/html/passreset.php @@ -11,14 +11,14 @@ if (isset($_COOKIE["AURSID"])) { $error = ''; -if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confirm'])) { +if (isset($_GET['resetkey'], $_POST['user'], $_POST['password'], $_POST['confirm'])) { $resetkey = $_GET['resetkey']; - $email = $_POST['email']; + $user = $_POST['user']; $password = $_POST['password']; $confirm = $_POST['confirm']; - $uid = uid_from_email($email); + $uid = uid_from_loginname($user); - if (empty($email) || empty($password)) { + if (empty($user) || empty($password)) { $error = __('Missing a required field.'); } elseif ($password != $confirm) { $error = __('Password fields do not match.'); @@ -31,16 +31,15 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir } if (empty($error)) { - $error = password_reset($password, $resetkey, $email); + $error = password_reset($password, $resetkey, $user); } -} elseif (isset($_POST['email'])) { - $email = $_POST['email']; - $username = username_from_id(uid_from_email($email)); +} elseif (isset($_POST['user'])) { + $user = $_POST['user']; - if (empty($email)) { + if (empty($user)) { $error = __('Missing a required field.'); } else { - send_resetkey($email); + send_resetkey($user); header('Location: ' . get_uri('/passreset/') . '?step=confirm'); exit(); } @@ -67,7 +66,7 @@ html_header(__("Password Reset")); - + @@ -89,8 +88,8 @@ html_header(__("Password Reset")); -

-

+

+

diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 345d27af..f6cda69c 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -755,13 +755,13 @@ function create_resetkey($resetkey, $uid) { /** * Send a reset key to a specific e-mail address * - * @param string $email E-mail address of the user resetting their password + * @param string $user User name or email address of the user * @param bool $welcome Whether to use the welcome message * * @return void */ -function send_resetkey($email, $welcome=false) { - $uid = uid_from_email($email); +function send_resetkey($user, $welcome=false) { + $uid = uid_from_loginname($user); if ($uid == null) { return; } @@ -779,11 +779,11 @@ function send_resetkey($email, $welcome=false) { * * @param string $password The new password * @param string $resetkey Code e-mailed to a user to reset a password - * @param string $email E-mail address of the user resetting their password + * @param string $user User name or email address of the user * * @return string|void Redirect page if successful, otherwise return error message */ -function password_reset($password, $resetkey, $email) { +function password_reset($password, $resetkey, $user) { $hash = password_hash($password, PASSWORD_DEFAULT); $dbh = DB::connect(); @@ -792,7 +792,8 @@ function password_reset($password, $resetkey, $email) { $q.= "ResetKey = '' "; $q.= "WHERE ResetKey != '' "; $q.= "AND ResetKey = " . $dbh->quote($resetkey) . " "; - $q.= "AND Email = " . $dbh->quote($email); + $q.= "AND (Email = " . $dbh->quote($user) . " OR "; + $q.= "UserName = " . $dbh->quote($user) . ")"; $result = $dbh->exec($q); if (!$result) { -- cgit v1.2.3-24-g4f1b