summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/controllers/user.php131
-rw-r--r--application/views/file/upload_form.php1
-rw-r--r--application/views/header.php1
-rw-r--r--application/views/user/reset_password_form.php20
-rw-r--r--application/views/user/reset_password_link_sent.php3
-rw-r--r--application/views/user/reset_password_success.php3
-rw-r--r--application/views/user/reset_password_username_form.php12
7 files changed, 171 insertions, 0 deletions
diff --git a/application/controllers/user.php b/application/controllers/user.php
index 39bf1d767..4a79a6730 100644
--- a/application/controllers/user.php
+++ b/application/controllers/user.php
@@ -201,6 +201,137 @@ class User extends CI_Controller {
$this->load->view('footer', $this->data);
}
+ // This routes the different steps of a password reset
+ function reset_password()
+ {
+ $key = $this->uri->segment(3);
+
+ if ($_SERVER["REQUEST_METHOD"] == "GET" && $key === false) {
+ return $this->_reset_password_username_form();
+ }
+
+ if ($key === false) {
+ return $this->_reset_password_send_mail();
+ }
+
+ if ($key !== false) {
+ return $this->_reset_password_form();
+ }
+ }
+
+ // This simply queries the username
+ function _reset_password_username_form()
+ {
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'reset_password_username_form', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ // This sends a mail to the user containing the reset link
+ function _reset_password_send_mail()
+ {
+ $key = random_alphanum(12, 16);
+ $username = $this->input->post("username");
+
+ if (!$this->muser->username_exists($username)) {
+ show_error("Invalid username");
+ }
+
+ $userinfo = $this->db->query("
+ SELECT id, email, username
+ FROM users
+ WHERE username = ?
+ ", array($username))->row_array();
+
+ $this->load->library("email");
+
+ $this->db->query("
+ INSERT INTO `actions`
+ (`key`, `user`, `date`, `action`)
+ VALUES (?, ?, ?, 'passwordreset')
+ ", array($key, $userinfo["id"], time()));
+
+ $admininfo = $this->db->query("
+ SELECT email
+ FROM users
+ WHERE referrer = 0
+ ORDER BY id asc
+ LIMIT 1
+ ")->row_array();
+
+ $this->email->from($admininfo["email"]);
+ $this->email->to($userinfo["email"]);
+ $this->email->subject("FileBin password reset");
+ $this->email->message(""
+ ."Someone requested a password reset for the account '${userinfo["username"]}'\n"
+ ."from the IP address '${_SERVER["REMOTE_ADDR"]}'.\n"
+ ."\n"
+ ."Please follow this link to reset your password:\n"
+ .site_url("user/reset_password/$key")
+ );
+ $this->email->send();
+
+ $this->data["email"] = $userinfo["email"];
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'reset_password_link_sent', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ // This displays a form and handles the reset if the form has been filled out correctly
+ function _reset_password_form()
+ {
+ $process = $this->input->post("process");
+ $key = $this->uri->segment(3);
+ $error = array();
+
+ // TODO: refactor into common function
+ $query = $this->db->query("
+ SELECT `user`, `key`
+ FROM actions
+ WHERE `key` = ?
+ AND `action` = 'passwordreset'
+ ", array($key))->row_array();
+
+ if (!isset($query["key"]) || $key != $query["key"]) {
+ show_error("Invalid reset key.");
+ }
+
+ $userid = $query["user"];
+
+ if ($process !== false) {
+ $password = $this->input->post("password");
+ $password_confirm = $this->input->post("password_confirm");
+
+ if (!$password || $password != $password_confirm) {
+ $error[]= "No password or passwords don't match.";
+ }
+
+ if (empty($error)) {
+ $this->db->query("
+ UPDATE users
+ SET `password` = ?
+ WHERE `id` = ?
+ ", array($this->muser->hash_password($password), $userid));
+ $this->db->query("
+ DELETE FROM actions
+ WHERE `key` = ?
+ ", array($key));
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'reset_password_success', $this->data);
+ $this->load->view('footer', $this->data);
+ return;
+ }
+ }
+
+ $this->data["key"] = $key;
+ $this->data["error"] = $error;
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'reset_password_form', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
function logout()
{
$this->muser->logout();
diff --git a/application/views/file/upload_form.php b/application/views/file/upload_form.php
index aaf36931a..f0c1ab933 100644
--- a/application/views/file/upload_form.php
+++ b/application/views/file/upload_form.php
@@ -41,6 +41,7 @@
<input type="text" name="username" placeholder="Username" />
<input type="password" name="password" placeholder="Password" />
<input type="submit" class="btn btn-primary" value="Login" name="process" style="margin-bottom: 9px" />
+ <p style="display: inline"><?php echo anchor("user/reset_password", "Forgot your password?"); ?></p>
</form>
<?php } ?>
<div class="row">
diff --git a/application/views/header.php b/application/views/header.php
index 2e978bda2..c969f06e1 100644
--- a/application/views/header.php
+++ b/application/views/header.php
@@ -31,6 +31,7 @@ if (is_cli_client() && !isset($force_full_html)) {
<li class="dropdown">
<a class="dropdown-toggle" href="#" data-toggle="dropdown">Login <b class="caret"></b></a>
<div class="dropdown-menu" style="padding: 15px;">
+ <p><?php echo anchor("user/reset_password", "Forgot your password?"); ?></p>
<?php echo form_open("user/login"); ?>
<input type="text" name="username" placeholder="Username" class="input-medium">
<input type="password" name="password" placeholder="Password" class="input-medium">
diff --git a/application/views/user/reset_password_form.php b/application/views/user/reset_password_form.php
new file mode 100644
index 000000000..68a3e387e
--- /dev/null
+++ b/application/views/user/reset_password_form.php
@@ -0,0 +1,20 @@
+<?php if (!empty($error)) {
+ echo "<p>";
+ echo implode("<br />\n", $error);
+ echo "</p>";
+} ?>
+<?php echo form_open('user/reset_password/'.$key); ?>
+ <table>
+ <tr>
+ <td>Password</td>
+ <td> <input type="password" name="password" /></td>
+ </tr><tr>
+ <td>Confirm password</td>
+ <td> <input type="password" name="password_confirm" /></td>
+ </tr><tr>
+ <td></td>
+ <td><input type="submit" value="Change Password" name="process" /></td>
+ </tr>
+ </table>
+</form>
+
diff --git a/application/views/user/reset_password_link_sent.php b/application/views/user/reset_password_link_sent.php
new file mode 100644
index 000000000..7734d9c81
--- /dev/null
+++ b/application/views/user/reset_password_link_sent.php
@@ -0,0 +1,3 @@
+<p>
+ A mail containing your password reset link has been sent to "<?php echo htmlentities($email); ?>".
+</p>
diff --git a/application/views/user/reset_password_success.php b/application/views/user/reset_password_success.php
new file mode 100644
index 000000000..bc7448833
--- /dev/null
+++ b/application/views/user/reset_password_success.php
@@ -0,0 +1,3 @@
+<div class="center">
+ <p>Your password has been changed successfully.</p>
+</div>
diff --git a/application/views/user/reset_password_username_form.php b/application/views/user/reset_password_username_form.php
new file mode 100644
index 000000000..dde6d5aa0
--- /dev/null
+++ b/application/views/user/reset_password_username_form.php
@@ -0,0 +1,12 @@
+<?php echo form_open('user/reset_password'); ?>
+ <table>
+ <tr>
+ <td>Username</td>
+ <td> <input type="text" name="username" /></td>
+ </tr><tr>
+ <td></td>
+ <td><input type="submit" value="Send mail" name="process" /></td>
+ </tr>
+ </table>
+</form>
+