add basic password recovery thing
This commit is contained in:
parent
1da5179c5d
commit
f43e9e97a5
|
@ -708,5 +708,92 @@ class Handler_Public extends Handler {
|
||||||
print json_encode(array("error" => array("code" => 7)));
|
print json_encode(array("error" => array("code" => 7)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function forgotpass() {
|
||||||
|
header('Content-Type: text/html; charset=utf-8');
|
||||||
|
print "<html>
|
||||||
|
<head>
|
||||||
|
<title>Tiny Tiny RSS</title>
|
||||||
|
<link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
|
||||||
|
<script type=\"text/javascript\" src=\"lib/prototype.js\"></script>
|
||||||
|
<script type=\"text/javascript\" src=\"lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls\"></script>
|
||||||
|
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
|
||||||
|
</head>
|
||||||
|
<body id='forgotpass'>";
|
||||||
|
|
||||||
|
print '<div class="floatingLogo"><img src="images/logo_wide.png"></div>';
|
||||||
|
print "<h1>".__("Reset password")."</h1>";
|
||||||
|
|
||||||
|
@$method = $_POST['method'];
|
||||||
|
|
||||||
|
if (!$method) {
|
||||||
|
$secretkey = uniqid();
|
||||||
|
$_SESSION["secretkey"] = $secretkey;
|
||||||
|
|
||||||
|
print "<form method='POST' action='public.php'>";
|
||||||
|
print "<input type='hidden' name='secretkey' value='$secretkey'>";
|
||||||
|
print "<input type='hidden' name='method' value='do'>";
|
||||||
|
print "<input type='hidden' name='op' value='forgotpass'>";
|
||||||
|
|
||||||
|
print "<fieldset>";
|
||||||
|
print "<label>".__("Login:")."</label>";
|
||||||
|
print "<input type='text' name='login' value='' required>";
|
||||||
|
print "</fieldset>";
|
||||||
|
|
||||||
|
print "<fieldset>";
|
||||||
|
print "<label>".__("Email:")."</label>";
|
||||||
|
print "<input type='email' name='email' value='' required>";
|
||||||
|
print "</fieldset>";
|
||||||
|
|
||||||
|
print "<fieldset>";
|
||||||
|
print "<label>".__("How much is two plus two:")."</label>";
|
||||||
|
print "<input type='text' name='test' value='' required>";
|
||||||
|
print "</fieldset>";
|
||||||
|
|
||||||
|
print "<p/>";
|
||||||
|
print "<button type='submit'>".__("Reset password")."</button>";
|
||||||
|
|
||||||
|
print "</form>";
|
||||||
|
} else if ($method == 'do') {
|
||||||
|
|
||||||
|
$secretkey = $_POST["secretkey"];
|
||||||
|
$login = db_escape_string($this->link, $_POST["login"]);
|
||||||
|
$email = db_escape_string($this->link, $_POST["email"]);
|
||||||
|
$test = db_escape_string($this->link, $_POST["test"]);
|
||||||
|
|
||||||
|
if (($test != 4 && $test != 'four') || !$email || !$login) {
|
||||||
|
print_error(__('Some of the required form parameters are missing or incorrect.'));
|
||||||
|
|
||||||
|
print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>";
|
||||||
|
|
||||||
|
} else if ($_SESSION["secretkey"] == $secretkey) {
|
||||||
|
|
||||||
|
$result = db_query($this->link, "SELECT id FROM ttrss_users
|
||||||
|
WHERE login = '$login' AND email = '$email'");
|
||||||
|
|
||||||
|
if (db_num_rows($result) != 0) {
|
||||||
|
$id = db_fetch_result($result, 0, "id");
|
||||||
|
|
||||||
|
Pref_Users::resetUserPassword($this->link, $id, false);
|
||||||
|
|
||||||
|
print "<p>".__("Completed.")."</p>";
|
||||||
|
|
||||||
|
} else {
|
||||||
|
print_error(__("Sorry, login and email combination not found."));
|
||||||
|
print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>";
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
print_error(__("Form secret key incorrect. Please enable cookies and try again."));
|
||||||
|
print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
print "</body>";
|
||||||
|
print "</html>";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -270,11 +270,9 @@ class Pref_Users extends Handler_Protected {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function resetPass() {
|
static function resetUserPassword($link, $uid, $show_password) {
|
||||||
|
|
||||||
$uid = db_escape_string($this->link, $_REQUEST["id"]);
|
$result = db_query($link, "SELECT login,email
|
||||||
|
|
||||||
$result = db_query($this->link, "SELECT login,email
|
|
||||||
FROM ttrss_users WHERE id = '$uid'");
|
FROM ttrss_users WHERE id = '$uid'");
|
||||||
|
|
||||||
$login = db_fetch_result($result, 0, "login");
|
$login = db_fetch_result($result, 0, "login");
|
||||||
|
@ -286,18 +284,20 @@ class Pref_Users extends Handler_Protected {
|
||||||
|
|
||||||
$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
|
$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
|
||||||
|
|
||||||
db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt'
|
db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt'
|
||||||
WHERE id = '$uid'");
|
WHERE id = '$uid'");
|
||||||
|
|
||||||
|
if ($show_password) {
|
||||||
print T_sprintf("Changed password of user <b>%s</b>
|
print T_sprintf("Changed password of user <b>%s</b>
|
||||||
to <b>%s</b>", $login, $tmp_user_pwd);
|
to <b>%s</b>", $login, $tmp_user_pwd);
|
||||||
|
} else {
|
||||||
|
print T_sprintf("Sending new password of user <b>%s</b>
|
||||||
|
to <b>%s</b>", $login, $email);
|
||||||
|
}
|
||||||
|
|
||||||
require_once 'lib/phpmailer/class.phpmailer.php';
|
require_once 'lib/phpmailer/class.phpmailer.php';
|
||||||
|
|
||||||
if ($email) {
|
if ($email) {
|
||||||
print " ";
|
|
||||||
print T_sprintf("Notifying <b>%s</b>.", $email);
|
|
||||||
|
|
||||||
require_once "lib/MiniTemplator.class.php";
|
require_once "lib/MiniTemplator.class.php";
|
||||||
|
|
||||||
$tpl = new MiniTemplator;
|
$tpl = new MiniTemplator;
|
||||||
|
@ -340,8 +340,11 @@ class Pref_Users extends Handler_Protected {
|
||||||
|
|
||||||
if (!$rc) print_error($mail->ErrorInfo);
|
if (!$rc) print_error($mail->ErrorInfo);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
print "</div>";
|
function resetPass() {
|
||||||
|
$uid = db_escape_string($this->link, $_REQUEST["id"]);
|
||||||
|
Pref_Users::resetUserPassword($this->link, $uid, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
function index() {
|
function index() {
|
||||||
|
|
|
@ -65,6 +65,20 @@
|
||||||
font-size : 12px;
|
font-size : 12px;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
a.forgotpass {
|
||||||
|
text-align : right;
|
||||||
|
font-size : 11px;
|
||||||
|
display : inline-block;
|
||||||
|
}
|
||||||
|
|
||||||
|
a {
|
||||||
|
color : #4684ff;
|
||||||
|
}
|
||||||
|
|
||||||
|
a:hover {
|
||||||
|
color : black;
|
||||||
|
}
|
||||||
|
|
||||||
div.footer a {
|
div.footer a {
|
||||||
color : gray;
|
color : gray;
|
||||||
}
|
}
|
||||||
|
@ -179,6 +193,8 @@ function bwLimitChange(elem) {
|
||||||
<input type="password" name="password" required="1"
|
<input type="password" name="password" required="1"
|
||||||
style="width : 220px" class="input"
|
style="width : 220px" class="input"
|
||||||
value="<?php echo $_SESSION["fake_password"] ?>"/>
|
value="<?php echo $_SESSION["fake_password"] ?>"/>
|
||||||
|
<label></label>
|
||||||
|
<a class='forgotpass' href="public.php?op=forgotpass"><?php echo __("I forgot my password") ?></a>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="row">
|
<div class="row">
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<!-- $BeginBlock message -->
|
<!-- $BeginBlock message -->
|
||||||
Hello, ${LOGIN}.
|
Hello, ${LOGIN}.
|
||||||
|
|
||||||
Your password for this Tiny Tiny RSS installation has been reset by an administrator.
|
Your password for this Tiny Tiny RSS installation has been reset.
|
||||||
|
|
||||||
Your new password is ${NEWPASS}, please remember it for later reference.
|
Your new password is ${NEWPASS}, please remember it for later reference.
|
||||||
|
|
||||||
|
|
22
utility.css
22
utility.css
|
@ -182,3 +182,25 @@ div.autocomplete ul li {
|
||||||
cursor : pointer;
|
cursor : pointer;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fieldset {
|
||||||
|
border-width : 0px;
|
||||||
|
padding : 0px 0px 5px 0px;
|
||||||
|
margin : 0px;
|
||||||
|
}
|
||||||
|
|
||||||
|
fieldset input {
|
||||||
|
font-family : sans-serif;
|
||||||
|
font-size : medium;
|
||||||
|
border-spacing : 2px;
|
||||||
|
border : 1px solid #b5bcc7;
|
||||||
|
padding : 2px;
|
||||||
|
}
|
||||||
|
|
||||||
|
fieldset label {
|
||||||
|
width : 120px;
|
||||||
|
margin-right : 20px;
|
||||||
|
display : inline-block;
|
||||||
|
text-align : right;
|
||||||
|
color : gray;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue