From e3db7e0a02dac4bdbc886a531e6e0aeaa20de7a7 Mon Sep 17 00:00:00 2001
From: Neozonz <neozonz@gmail.com>
Date: Mon, 30 Dec 2013 03:29:20 -0500
Subject: [PATCH 1/3] Initial commit for pin reset functionality

---
 public/include/classes/user.class.php         | 29 +++++++++++++++++++
 public/include/pages/account/edit.inc.php     | 10 ++++++-
 .../templates/mpos/account/edit/default.tpl   | 23 +++++++++++++++
 3 files changed, 61 insertions(+), 1 deletion(-)

diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index b5184924..d4ccba10 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -167,6 +167,35 @@ class User extends Base {
     return false;
   }
 
+public function generatePin($userID, $current) {
+    $this->debug->append("STA " . __METHOD__, 4);
+    $username = $this->getUserName($userID);
+    $email = $this->getUserEmail($username);
+    $current = $this->getHash($current);
+    $newpin = intval( "0" . rand(1,9) . rand(0,9) . rand(0,9) . rand(0,9) );
+    $aData['username'] = $username;
+    $aData['email'] = $email;
+    $aData['pin'] = $newpin;
+	$newpin = $this->getHash($newpin);
+    $aData['subject'] = 'PIN Reset Request';
+    $stmt = $this->mysqli->prepare("UPDATE $this->table SET pin = ? WHERE ( id = ? AND pass = ? )");
+
+    if ($this->checkStmt($stmt) && $stmt->bind_param('sis', $newpin, $userID, $current) && $stmt->execute())
+    {
+        if ($stmt->errno == 0 && $stmt->affected_rows === 1) {
+            if ($this->mail->sendMail('pin/reset', $aData)) {
+            return true;
+            } else {
+            $this->setErrorMessage('Unable to send mail to your address');
+            return false;
+            }
+        }
+        $stmt->close();
+    }
+    $this->setErrorMessage( 'Unable to generate PIN, current password incorrect?' );
+    return false;
+}
+
   /**
    * Get all users that have auto payout setup
    * @param none
diff --git a/public/include/pages/account/edit.inc.php b/public/include/pages/account/edit.inc.php
index 3bb9c778..0ca82ef9 100644
--- a/public/include/pages/account/edit.inc.php
+++ b/public/include/pages/account/edit.inc.php
@@ -5,6 +5,14 @@ if (!defined('SECURITY'))
   die('Hacking attempt');
 
 if ($user->isAuthenticated()) {
+if (isset($_POST['do']) && $_POST['do'] == 'genPin') {
+      if ($user->generatePin($_SESSION['USERDATA']['id'], $_POST['currentPassword'])) {
+        $_SESSION['POPUP'][] = array('CONTENT' => 'Your PIN # has been sent to your email.', 'TYPE' => 'success');
+      } else {
+        $_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg');
+      }
+}
+else {
   if ( @$_POST['do'] && (! $user->checkPin($_SESSION['USERDATA']['id'], @$_POST['authPin']))) {
     $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid PIN. ' . ($config['maxfailed']['pin'] - $user->getUserPinFailed($_SESSION['USERDATA']['id'])) . ' attempts remaining.', 'TYPE' => 'errormsg');
   } else {
@@ -49,7 +57,7 @@ if ($user->isAuthenticated()) {
     }
   }
 }
-
+}
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
 ?>
diff --git a/public/templates/mpos/account/edit/default.tpl b/public/templates/mpos/account/edit/default.tpl
index 11d82b1e..c03e80c1 100644
--- a/public/templates/mpos/account/edit/default.tpl
+++ b/public/templates/mpos/account/edit/default.tpl
@@ -131,3 +131,26 @@
     </footer>
   </article>
 </form>
+
+
+	<form action="{$smarty.server.PHP_SELF}" method="post">
+            <input type="hidden" name="page" value="{$smarty.request.page|escape}">
+            <input type="hidden" name="action" value="{$smarty.request.action|escape}">
+            <input type="hidden" name="do" value="genPin">
+			<article class="module width_half">
+			 <header>
+				<h3>Reset PIN</h3>
+			</header>
+			<div class="module_content">
+         <fieldset>
+			<label>Current Password</label>
+			<input type="password" name="currentPassword" />
+		</fieldset>
+		</div>
+		    <footer>
+            <div class="submit_link">
+                        <button type="submit" class="alt_btn" value="Reset PIN">
+            </div>
+			</footer>
+  </article>
+        </form>

From 5e401bd6ddbd726169ce302fb696e066bd716e5a Mon Sep 17 00:00:00 2001
From: Neozonz <neozonz@gmail.com>
Date: Mon, 30 Dec 2013 09:17:22 -0800
Subject: [PATCH 2/3] fixed indent

---
 public/include/classes/user.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index d4ccba10..f09d1bf1 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -176,7 +176,7 @@ public function generatePin($userID, $current) {
     $aData['username'] = $username;
     $aData['email'] = $email;
     $aData['pin'] = $newpin;
-	$newpin = $this->getHash($newpin);
+    $newpin = $this->getHash($newpin);
     $aData['subject'] = 'PIN Reset Request';
     $stmt = $this->mysqli->prepare("UPDATE $this->table SET pin = ? WHERE ( id = ? AND pass = ? )");
 

From 33b06946f4db96d496acf66bc427f9007d4bcf2b Mon Sep 17 00:00:00 2001
From: Neozonz <neozonz@gmail.com>
Date: Mon, 30 Dec 2013 11:45:39 -0800
Subject: [PATCH 3/3] PIN Reset email template

---
 public/templates/mail/pin/reset.tpl | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 public/templates/mail/pin/reset.tpl

diff --git a/public/templates/mail/pin/reset.tpl b/public/templates/mail/pin/reset.tpl
new file mode 100644
index 00000000..b7b0d5f1
--- /dev/null
+++ b/public/templates/mail/pin/reset.tpl
@@ -0,0 +1,9 @@
+<html>
+<body>
+<p>Hello {$DATA.username},</p><br />
+<p>You have requested a PIN reset through our online form.</p>
+<p>Randomly Generated PIN: {$DATA.pin}</p>
+<p>Cheers,</p>
+<p>Website Administration</p>
+</body>
+</html>