summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorPhilip Häusler <msquare@notrademark.de>2013-12-26 13:34:48 +0100
committerPhilip Häusler <msquare@notrademark.de>2013-12-26 13:34:48 +0100
commit0c98f13eee10a61cabdc13e7aa75916d50b8b078 (patch)
treed3931a0b5ffb03e59c3589de5dcfa3910e10bca6 /includes
parent3cc147d235bc977aedb660d896cbb54d1a4f92ec (diff)
user password recovery
Diffstat (limited to 'includes')
-rw-r--r--includes/controller/users_controller.php84
-rw-r--r--includes/helper/email_helper.php16
-rw-r--r--includes/helper/internationalization_helper.php16
-rw-r--r--includes/model/User_model.php46
-rw-r--r--includes/pages/guest_login.php3
-rw-r--r--includes/sys_auth.php2
-rw-r--r--includes/view/User_view.php66
7 files changed, 211 insertions, 22 deletions
diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php
new file mode 100644
index 00000000..8e0aace7
--- /dev/null
+++ b/includes/controller/users_controller.php
@@ -0,0 +1,84 @@
+<?php
+
+/**
+ * User password recovery. (By email)
+ */
+function user_password_recovery_controller() {
+ if (isset($_REQUEST['token'])) {
+ $user_source = User_by_password_recovery_token($_REQUEST['token']);
+ if ($user_source === false)
+ engelsystem_error("Unable to load user.");
+ if ($user_source == null) {
+ error(_("Token is not correct."));
+ redirect(page_link_to('login'));
+ }
+
+ if (isset($_REQUEST['submit'])) {
+ $ok = true;
+
+ if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
+ if ($_REQUEST['password'] != $_REQUEST['password2']) {
+ $ok = false;
+ error(_("Your passwords don't match."));
+ }
+ } else {
+ $ok = false;
+ error(_("Your password is to short (please use at least 6 characters)."));
+ }
+
+ if ($ok) {
+ $result = set_password($user_source['UID'], $_REQUEST['password']);
+ if ($result === false)
+ engelsystem_error(_("Password could not be updated."));
+
+ success(_("Password saved."));
+ redirect(page_link_to('login'));
+ }
+ }
+
+ return User_password_set_view();
+ } else {
+ if (isset($_REQUEST['submit'])) {
+ $ok = true;
+
+ if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) {
+ $email = strip_request_item('email');
+ if (check_email($email)) {
+ $user_source = User_by_email($email);
+ if ($user_source === false)
+ engelsystem_error("Unable to load user.");
+ if ($user_source == null) {
+ $ok = false;
+ $msg .= error(_("E-mail address is not correct."), true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error(_("E-mail address is not correct."), true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error(_("Please enter your e-mail."), true);
+ }
+
+ if ($ok) {
+ $token = User_generate_password_recovery_token($user_source);
+ if ($token === false)
+ engelsystem_error("Unable to generate password recovery token.");
+ $result = engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token));
+ if ($result === false)
+ engelsystem_error("Unable to send password recovery email.");
+
+ success(_("We sent an email containing your password recovery link."));
+ redirect(page_link_to('login'));
+ }
+ }
+
+ return User_password_recovery_view();
+ }
+}
+
+function user_password_recovery_title() {
+ return _("Password recovery");
+}
+
+?> \ No newline at end of file
diff --git a/includes/helper/email_helper.php b/includes/helper/email_helper.php
new file mode 100644
index 00000000..98cfd0f3
--- /dev/null
+++ b/includes/helper/email_helper.php
@@ -0,0 +1,16 @@
+<?php
+
+function engelsystem_email_to_user($user, $title, $message) {
+ gettext_locale($user['Sprache']);
+
+ $message = sprintf(_("Hi %s,"), $user['Nick']) . "\n\n" . _("here is a message for you from the engelsystem:") . "\n\n" . $message . "\n\n" . _("This email is autogenerated and has not to be signed. You got this email because you are registered in the engelsystem.");
+
+ gettext_locale();
+ return engelsystem_email($user['email'], $title, $message);
+}
+
+function engelsystem_email($address, $title, $message) {
+ return mail($address, $title, $message, "Content-Type: text/plain; charset=UTF-8\r\nFrom: Engelsystem <noreply@engelsystem.de>");
+}
+
+?> \ No newline at end of file
diff --git a/includes/helper/internationalization_helper.php b/includes/helper/internationalization_helper.php
index ae88eb21..db150fec 100644
--- a/includes/helper/internationalization_helper.php
+++ b/includes/helper/internationalization_helper.php
@@ -17,14 +17,26 @@ function gettext_init() {
elseif (! isset($_SESSION['locale']))
$_SESSION['locale'] = $default_locale;
- putenv('LC_ALL=' . $_SESSION['locale']);
- setlocale(LC_ALL, $_SESSION['locale']);
+ gettext_locale();
bindtextdomain('default', '../locale');
bind_textdomain_codeset('default', 'UTF-8');
textdomain('default');
}
/**
+ * Swich gettext locale.
+ *
+ * @param string $locale
+ */
+function gettext_locale($locale = null) {
+ if ($locale == null)
+ $locale = $_SESSION['locale'];
+
+ putenv('LC_ALL=' . $locale);
+ setlocale(LC_ALL, $locale);
+}
+
+/**
* Renders language selection.
*
* @return string
diff --git a/includes/model/User_model.php b/includes/model/User_model.php
index 884aeae8..523685df 100644
--- a/includes/model/User_model.php
+++ b/includes/model/User_model.php
@@ -31,9 +31,39 @@ function User_by_api_key($api_key) {
}
/**
+ * Returns User by email.
+ *
+ * @param string $email
+ * @return Matching user, null or false on error
+ */
+function User_by_email($email) {
+ $user = sql_select("SELECT * FROM `User` WHERE `email`='" . sql_escape($email) . "' LIMIT 1");
+ if ($user === false)
+ return false;
+ if (count($user) == 0)
+ return null;
+ return $user[0];
+}
+
+/**
+ * Returns User by password token.
+ *
+ * @param string $token
+ * @return Matching user, null or false on error
+ */
+function User_by_password_recovery_token($token) {
+ $user = sql_select("SELECT * FROM `User` WHERE `password_recovery_token`='" . sql_escape($token) . "' LIMIT 1");
+ if ($user === false)
+ return false;
+ if (count($user) == 0)
+ return null;
+ return $user[0];
+}
+
+/**
* Generates a new api key for given user.
*
- * @param User $user
+ * @param User $user
*/
function User_reset_api_key(&$user) {
$user['api_key'] = md5($user['Nick'] . time() . rand());
@@ -43,4 +73,18 @@ function User_reset_api_key(&$user) {
engelsystem_log("API key resetted.");
}
+/**
+ * Generates a new password recovery token for given user.
+ *
+ * @param User $user
+ */
+function User_generate_password_recovery_token(&$user) {
+ $user['password_recovery_token'] = md5($user['Nick'] . time() . rand());
+ $result = sql_query("UPDATE `User` SET `password_recovery_token`='" . sql_escape($user['password_recovery_token']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
+ if ($result === false)
+ return false;
+ engelsystem_log("Password recovery for " . $user['Nick'] . " started.");
+ return $user['password_recovery_token'];
+}
+
?> \ No newline at end of file
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index f072e411..605d32b1 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -216,6 +216,9 @@ function guest_login() {
form_password('password', _("Password")),
form_submit('submit', _("Login"))
)),
+ buttons(array(
+ button(page_link_to('user_password_recovery'), _("I forgot my password"))
+ )),
info(_("Please note: You have to activate cookies!"), true)
));
}
diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index 3902aea2..e9fa197d 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -30,7 +30,7 @@ function generate_salt($length = 16) {
// set the password of a user
function set_password($uid, $password) {
- return sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1");
+ return sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1");
}
// verify a password given a precomputed salt.
diff --git a/includes/view/User_view.php b/includes/view/User_view.php
index ef4f9831..eda29d58 100644
--- a/includes/view/User_view.php
+++ b/includes/view/User_view.php
@@ -3,25 +3,55 @@
/**
* Available T-Shirt sizes
*/
-$tshirt_sizes = array (
- '' => _("Please select..."),
- 'S' => "S",
- 'M' => "M",
- 'L' => "L",
- 'XL' => "XL",
- '2XL' => "2XL",
- '3XL' => "3XL",
- '4XL' => "4XL",
- '5XL' => "5XL",
- 'S-G' => "S Girl",
- 'M-G' => "M Girl",
- 'L-G' => "L Girl",
- 'XL-G' => "XL Girl"
+$tshirt_sizes = array(
+ '' => _("Please select..."),
+ 'S' => "S",
+ 'M' => "M",
+ 'L' => "L",
+ 'XL' => "XL",
+ '2XL' => "2XL",
+ '3XL' => "3XL",
+ '4XL' => "4XL",
+ '5XL' => "5XL",
+ 'S-G' => "S Girl",
+ 'M-G' => "M Girl",
+ 'L-G' => "L Girl",
+ 'XL-G' => "XL Girl"
);
/**
+ * View for password recovery step 1: E-Mail
+ */
+function User_password_recovery_view() {
+ return page(array(
+ msg(),
+ _("We will send you an e-mail with a password recovery link. Please use the email address you used for registration."),
+ form(array(
+ form_text('email', _("E-Mail"), ""),
+ form_submit('submit', _("Recover"))
+ ))
+ ));
+}
+
+/**
+ * View for password recovery step 2: New password
+ */
+function User_password_set_view() {
+ return page(array(
+ msg(),
+ _("Please enter a new password."),
+ form(array(
+ form_password('password', _("Password")),
+ form_password('password2', _("Confirm password")),
+ form_submit('submit', _("Save"))
+ ))
+ ));
+}
+
+/**
* Render a users avatar.
- * @param User $user
+ *
+ * @param User $user
* @return string
*/
function User_Avatar_render($user) {
@@ -30,16 +60,16 @@ function User_Avatar_render($user) {
/**
* Render a user nickname.
- * @param User $user_source
+ *
+ * @param User $user_source
* @return string
*/
function User_Nick_render($user_source) {
global $user, $privileges;
- if($user['UID'] == $user_source['UID'] || in_array('user_shifts_admin', $privileges))
+ if ($user['UID'] == $user_source['UID'] || in_array('user_shifts_admin', $privileges))
return '<a href="' . page_link_to('user_myshifts') . '&amp;id=' . $user_source['UID'] . '">' . htmlspecialchars($user_source['Nick']) . '</a>';
else
return htmlspecialchars($user_source['Nick']);
}
-
?> \ No newline at end of file