RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

working version of password reset with one time token

Browse Source
This commit is contained in:
Sebastian Grewe 2013-05-25 12:08:51 +02:00
parent 2a0a781052
commit 787942b6f9
7 changed files with 78 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
public/include/classes/user.class.php
View File

@ -43,6 +43,10 @@ class User {
return $this->getSingle($id, 'token', 'id'); return $this->getSingle($id, 'token', 'id');
} }
public function getIdFromToken($token) {
return $this->getSingle($token, 'id', 'token', 's');
}
public function setUserToken($id) { public function setUserToken($id) {
$field = array( $field = array(
'name' => 'token', 'name' => 'token',
@ -322,7 +326,30 @@ class User {
return false; return false;
} }
public function resetPassword($username) { public function useToken($token, $new1, $new2) {
$this->debug->append("STA " . __METHOD__, 4);
if ($id = $this->getIdFromToken($token)) {
if ($new1 !== $new2) {
$this->setErrorMessage( 'New passwords do not match' );
return false;
}
if ( strlen($new1) < 8 ) {
$this->setErrorMessage( 'New password is too short, please use more than 8 chars' );
return false;
}
$new = hash('sha256', $new1.$this->salt);
$stmt = $this->mysqli->prepare("UPDATE $this->table SET pass = ?, token = NULL WHERE id = ? AND token = ?");
if ($this->checkStmt($stmt) && $stmt->bind_param('sis', $new, $id, $token) && $stmt->execute() && $stmt->affected_rows === 1) {
return true;
}
} else {
$this->setErrorMessage("Unable find user for your token");
return false;
}
return false;
}
public function resetPassword($username, $smarty) {
$this->debug->append("STA " . __METHOD__, 4); $this->debug->append("STA " . __METHOD__, 4);
// Fetch the users mail address // Fetch the users mail address
if (!$email = $this->getUserEmail($username)) { if (!$email = $this->getUserEmail($username)) {
@ -338,10 +365,10 @@ class User {
$this->setErrorMessage("Unable fetch token for password reset"); $this->setErrorMessage("Unable fetch token for password reset");
return false; return false;
} }
$subject = "[" . $this->config['website']['name'] . "] Password Reset Request"; $smarty->assign('TOKEN', $token);
$header = "From: " . $this->config['website']['email']; $smarty->assign('USERNAME', $username);
$message = "Please follow the link to reset your password\n\n" . $this->config['website']['url']['password_reset'] . "/index.php?page=password&action=change&token=$token"; $smarty->assign('WEBSITENAME', $this->config['website']['name']);
if (mail($email, 'Password Reset Request', $message)) { if (mail($email, $smarty->fetch('templates/mail/subject.tpl'), $smarty->fetch('templates/mail/body.tpl'))) {
return true; return true;
} else { } else {
$this->setErrorMessage("Unable to send mail to your address"); $this->setErrorMessage("Unable to send mail to your address");

1
public/include/config/global.inc.dist.php
View File

@ -24,6 +24,7 @@ $config = array(
'website' => array( 'website' => array(
'name' => 'The Pool', 'name' => 'The Pool',
'slogan' => 'Resistance is futile', 'slogan' => 'Resistance is futile',
'email' => 'test@example.com', // Mail address used for notifications
), ),
'fees' => 0, 'fees' => 0,
'difficulty' => '31', // Target difficulty for this pool as set in pushpoold json 'difficulty' => '31', // Target difficulty for this pool as set in pushpoold json

17
public/include/pages/password/change.inc.php Normal file
View File

@ -0,0 +1,17 @@
<?php
// Make sure we are called from index.php
if (!defined('SECURITY'))
die('Hacking attempt');
if ($_POST['do'] == 'useToken') {
if ($user->useToken($_POST['token'], $_POST['newPassword'], $_POST['newPassword2'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Password reset complete! Please login.');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg');
}
}
// Tempalte specifics
$smarty->assign("CONTENT", "default.tpl");
?>

3
public/include/pages/password/reset.inc.php
View File

@ -4,7 +4,8 @@
if (!defined('SECURITY')) if (!defined('SECURITY'))
die('Hacking attempt'); die('Hacking attempt');
if ($user->resetPassword($_POST['username'])) { // Process password reset request
if ($user->resetPassword($_POST['username'], $smarty)) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mail account to finish your password reset'); $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mail account to finish your password reset');
} else { } else {
$_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg'); $_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg');

13
public/templates/mail/body.tpl Normal file
View File

@ -0,0 +1,13 @@
Hello {$USERNAME},
You have requested a password reset through our online form.
In order to complete the request please follow this link
http://{$smarty.server.SERVER_NAME}{$smarty.server.PHP_SELF}?page=password&action=change&token={$TOKEN}
You will be asked to change your password. You can then use this new
password to login to your account.
Cheers,
Website Administration

1
public/templates/mail/subject.tpl Normal file
View File

@ -0,0 +1 @@
[ {$WEBSITENAME} ] Password Reset Request

12
public/templates/mmcFE/password/change/default.tpl Normal file
View File

@ -0,0 +1,12 @@
{include file="global/block_header.tpl" BLOCK_HEADER="Change Password"}
<form action="{$smarty.server.PHP_SELF}" method="post">
<input type="hidden" name="token" value="{$smarty.request.token|escape}">
<input type="hidden" name="page" value="{$smarty.request.page|escape}">
<input type="hidden" name="action" value="{$smarty.request.action|escape}">
<input type="hidden" name="do" value="useToken">
<table>
<tr><td>New Password: </td><td><input type="password" name="newPassword"></td></tr>
<tr><td>New Password Repeat: </td><td><input type="password" name="newPassword2"></td></tr>
</tbody></table>
<input type="submit" class="submit long" value="Change Password"></form>
{include file="global/block_footer.tpl"}