[IMPROVED] Unlock notification mails on auto-locks

* Added new token type: account_unlock * Added update SQL File * Updated base structure with new token type * Added empty template * Updated user class to send mail on failed passwords * Added unlock account page to use tokens Addresses #670
2014-01-02 11:51:22 +01:00 · 2014-01-02 11:51:22 +01:00 · 878fa1c1c8
commit 878fa1c1c8
parent 5c5db8dc93
6 changed files with 43 additions and 3 deletions
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@ -124,7 +124,7 @@ class User extends Base {
      }
    }
    if ($this->isLocked($this->getUserId($username))) {
-      $this->setErrorMessage("Account is locked. Please contact site support.");
+      $this->setErrorMessage('Account locked.');
      return false;
    }
    if ($this->checkUserPassword($username, $password)) {
@ -136,8 +136,17 @@ class User extends Base {
    if ($id = $this->getUserId($username)) {
      $this->incUserFailed($id);
      // Check if this account should be locked
-      if (isset($this->config['maxfailed']['login']) && $this->getUserFailed($id) >= $this->config['maxfailed']['login'])
+      if (isset($this->config['maxfailed']['login']) && $this->getUserFailed($id) >= $this->config['maxfailed']['login']) {
        $this->changeLocked($id);
+        if ($token = $this->token->createToken('account_unlock', $id)) {
+          $aData['token'] = $token;
+          $aData['username'] = $username;
+          $aData['email'] = $this->getUserEmail($username);;
+          $aData['subject'] = 'Account auto-locked';
+          if (!$this->mail->sendMail('notifications/locked', $aData))
+            return false;
+        }
+      }
    }

    return false;
--- a/public/include/pages/account/unlock.inc.php
+++ b/public/include/pages/account/unlock.inc.php
@ -0,0 +1,20 @@
+<?php
+
+// Make sure we are called from index.php
+if (!defined('SECURITY')) die('Hacking attempt');
+
+// Confirm an account by token
+if (!isset($_GET['token']) || empty($_GET['token'])) {
+  $_SESSION['POPUP'][] = array('CONTENT' => 'Missing token', 'TYPE' => 'errormsg');
+} else if (!$aToken = $oToken->getToken($_GET['token'], 'account_unlock')) {
+  $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to re-activate your account. Invalid token.', 'TYPE' => 'errormsg');
+} else {
+  if ($user->setUserFailed($aToken['account_id'], 0) && $user->setUserPinFailed($aToken['account_id'], 0) && $user->changeLocked($aToken['account_id'])) {
+    $oToken->deleteToken($aToken['token']);
+    $_SESSION['POPUP'][] = array('CONTENT' => 'Account re-activated. Please login.');
+  } else {
+    $_SESSION['POPUP'][] = array('CONTENT' => 'Failed to re-activate account. Contact site support.', 'TYPE' => 'errormsg');
+  }
+}
+$smarty->assign('CONTENT', 'default.tpl');
+?>
--- a/public/templates/mail/notifications/locked.tpl
+++ b/public/templates/mail/notifications/locked.tpl
@ -0,0 +1,8 @@
+<html>
+<body>
+<p>You account has been locked due to too many failed password or PIN attempts. Please follow the URL below to unlock your account.</p>
+<p>http://{$smarty.server.SERVER_NAME}{$smarty.server.PHP_SELF}?page=account&action=unlock&token={nocache}{$DATA.token}{/nocache}</p>
+<br/>
+<br/>
+</body>
+</html>
--- a/public/templates/mpos/account/unlock/default.tpl
+++ b/public/templates/mpos/account/unlock/default.tpl
@ -0,0 +1 @@
+
--- a/sql/000_base_structure.sql
+++ b/sql/000_base_structure.sql
@ -197,7 +197,8 @@ CREATE TABLE IF NOT EXISTS `token_types` (
 INSERT INTO `token_types` (`id`, `name`, `expiration`) VALUES
 (1, 'password_reset', 3600),
 (2, 'confirm_email', 0),
-(3, 'invitation', 0);
+(3, 'invitation', 0),
+(4, 'account_unlock', 0);

 CREATE TABLE IF NOT EXISTS `transactions` (
  `id` int(255) NOT NULL AUTO_INCREMENT,
--- a/sql/010_tokentype_update.sql
+++ b/sql/010_tokentype_update.sql
@ -0,0 +1 @@
+INSERT INTO `token_types` (`name`, `expiration`) VALUES ('account_unlock', 0);
				`@ -0,0 +1 @@`
				INSERT INTO `token_types` (`name`, `expiration`) VALUES ('account_unlock', 0);