diff options
-rw-r--r-- | application/controllers/user.php | 131 | ||||
-rw-r--r-- | application/views/file/upload_form.php | 1 | ||||
-rw-r--r-- | application/views/header.php | 1 | ||||
-rw-r--r-- | application/views/user/reset_password_form.php | 20 | ||||
-rw-r--r-- | application/views/user/reset_password_link_sent.php | 3 | ||||
-rw-r--r-- | application/views/user/reset_password_success.php | 3 | ||||
-rw-r--r-- | application/views/user/reset_password_username_form.php | 12 |
7 files changed, 171 insertions, 0 deletions
diff --git a/application/controllers/user.php b/application/controllers/user.php index 39bf1d767..4a79a6730 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -201,6 +201,137 @@ class User extends CI_Controller { $this->load->view('footer', $this->data); } + // This routes the different steps of a password reset + function reset_password() + { + $key = $this->uri->segment(3); + + if ($_SERVER["REQUEST_METHOD"] == "GET" && $key === false) { + return $this->_reset_password_username_form(); + } + + if ($key === false) { + return $this->_reset_password_send_mail(); + } + + if ($key !== false) { + return $this->_reset_password_form(); + } + } + + // This simply queries the username + function _reset_password_username_form() + { + $this->load->view('header', $this->data); + $this->load->view($this->var->view_dir.'reset_password_username_form', $this->data); + $this->load->view('footer', $this->data); + } + + // This sends a mail to the user containing the reset link + function _reset_password_send_mail() + { + $key = random_alphanum(12, 16); + $username = $this->input->post("username"); + + if (!$this->muser->username_exists($username)) { + show_error("Invalid username"); + } + + $userinfo = $this->db->query(" + SELECT id, email, username + FROM users + WHERE username = ? + ", array($username))->row_array(); + + $this->load->library("email"); + + $this->db->query(" + INSERT INTO `actions` + (`key`, `user`, `date`, `action`) + VALUES (?, ?, ?, 'passwordreset') + ", array($key, $userinfo["id"], time())); + + $admininfo = $this->db->query(" + SELECT email + FROM users + WHERE referrer = 0 + ORDER BY id asc + LIMIT 1 + ")->row_array(); + + $this->email->from($admininfo["email"]); + $this->email->to($userinfo["email"]); + $this->email->subject("FileBin password reset"); + $this->email->message("" + ."Someone requested a password reset for the account '${userinfo["username"]}'\n" + ."from the IP address '${_SERVER["REMOTE_ADDR"]}'.\n" + ."\n" + ."Please follow this link to reset your password:\n" + .site_url("user/reset_password/$key") + ); + $this->email->send(); + + $this->data["email"] = $userinfo["email"]; + + $this->load->view('header', $this->data); + $this->load->view($this->var->view_dir.'reset_password_link_sent', $this->data); + $this->load->view('footer', $this->data); + } + + // This displays a form and handles the reset if the form has been filled out correctly + function _reset_password_form() + { + $process = $this->input->post("process"); + $key = $this->uri->segment(3); + $error = array(); + + // TODO: refactor into common function + $query = $this->db->query(" + SELECT `user`, `key` + FROM actions + WHERE `key` = ? + AND `action` = 'passwordreset' + ", array($key))->row_array(); + + if (!isset($query["key"]) || $key != $query["key"]) { + show_error("Invalid reset key."); + } + + $userid = $query["user"]; + + if ($process !== false) { + $password = $this->input->post("password"); + $password_confirm = $this->input->post("password_confirm"); + + if (!$password || $password != $password_confirm) { + $error[]= "No password or passwords don't match."; + } + + if (empty($error)) { + $this->db->query(" + UPDATE users + SET `password` = ? + WHERE `id` = ? + ", array($this->muser->hash_password($password), $userid)); + $this->db->query(" + DELETE FROM actions + WHERE `key` = ? + ", array($key)); + $this->load->view('header', $this->data); + $this->load->view($this->var->view_dir.'reset_password_success', $this->data); + $this->load->view('footer', $this->data); + return; + } + } + + $this->data["key"] = $key; + $this->data["error"] = $error; + + $this->load->view('header', $this->data); + $this->load->view($this->var->view_dir.'reset_password_form', $this->data); + $this->load->view('footer', $this->data); + } + function logout() { $this->muser->logout(); diff --git a/application/views/file/upload_form.php b/application/views/file/upload_form.php index aaf36931a..f0c1ab933 100644 --- a/application/views/file/upload_form.php +++ b/application/views/file/upload_form.php @@ -41,6 +41,7 @@ <input type="text" name="username" placeholder="Username" /> <input type="password" name="password" placeholder="Password" /> <input type="submit" class="btn btn-primary" value="Login" name="process" style="margin-bottom: 9px" /> + <p style="display: inline"><?php echo anchor("user/reset_password", "Forgot your password?"); ?></p> </form> <?php } ?> <div class="row"> diff --git a/application/views/header.php b/application/views/header.php index 2e978bda2..c969f06e1 100644 --- a/application/views/header.php +++ b/application/views/header.php @@ -31,6 +31,7 @@ if (is_cli_client() && !isset($force_full_html)) { <li class="dropdown"> <a class="dropdown-toggle" href="#" data-toggle="dropdown">Login <b class="caret"></b></a> <div class="dropdown-menu" style="padding: 15px;"> + <p><?php echo anchor("user/reset_password", "Forgot your password?"); ?></p> <?php echo form_open("user/login"); ?> <input type="text" name="username" placeholder="Username" class="input-medium"> <input type="password" name="password" placeholder="Password" class="input-medium"> diff --git a/application/views/user/reset_password_form.php b/application/views/user/reset_password_form.php new file mode 100644 index 000000000..68a3e387e --- /dev/null +++ b/application/views/user/reset_password_form.php @@ -0,0 +1,20 @@ +<?php if (!empty($error)) { + echo "<p>"; + echo implode("<br />\n", $error); + echo "</p>"; +} ?> +<?php echo form_open('user/reset_password/'.$key); ?> + <table> + <tr> + <td>Password</td> + <td> <input type="password" name="password" /></td> + </tr><tr> + <td>Confirm password</td> + <td> <input type="password" name="password_confirm" /></td> + </tr><tr> + <td></td> + <td><input type="submit" value="Change Password" name="process" /></td> + </tr> + </table> +</form> + diff --git a/application/views/user/reset_password_link_sent.php b/application/views/user/reset_password_link_sent.php new file mode 100644 index 000000000..7734d9c81 --- /dev/null +++ b/application/views/user/reset_password_link_sent.php @@ -0,0 +1,3 @@ +<p> + A mail containing your password reset link has been sent to "<?php echo htmlentities($email); ?>". +</p> diff --git a/application/views/user/reset_password_success.php b/application/views/user/reset_password_success.php new file mode 100644 index 000000000..bc7448833 --- /dev/null +++ b/application/views/user/reset_password_success.php @@ -0,0 +1,3 @@ +<div class="center"> + <p>Your password has been changed successfully.</p> +</div> diff --git a/application/views/user/reset_password_username_form.php b/application/views/user/reset_password_username_form.php new file mode 100644 index 000000000..dde6d5aa0 --- /dev/null +++ b/application/views/user/reset_password_username_form.php @@ -0,0 +1,12 @@ +<?php echo form_open('user/reset_password'); ?> + <table> + <tr> + <td>Username</td> + <td> <input type="text" name="username" /></td> + </tr><tr> + <td></td> + <td><input type="submit" value="Send mail" name="process" /></td> + </tr> + </table> +</form> + |