search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
passreset.php: Pull out DB code
[aur.git] / web / html / passreset.php
blobcb88e5ab944880c17a8953ef7ba0d28fb4177c9a
1 <?php
2
3 set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
4
5 include_once("aur.inc.php"); # access AUR common functions
6
7 set_lang(); # this sets up the visitor's language
8 check_sid(); # see if they're still logged in
9
10 if (isset($_COOKIE["AURSID"])) {
11 header('Location: index.php');
12 exit();
13 }
14
15 $error = '';
16
17 if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confirm'])) {
18 $resetkey = $_GET['resetkey'];
19 $email = $_POST['email'];
20 $password = $_POST['password'];
21 $confirm = $_POST['confirm'];
22 $uid = uid_from_email($email);
23
24 if (empty($email) || empty($password)) {
25 $error = __('Missing a required field.');
26 } elseif ($password != $confirm) {
27 $error = __('Password fields do not match.');
28 } elseif ($uid == NULL || $uid == 'None') {
29 $error = __('Invalid e-mail.');
30 }
31
32 if (empty($error)) {
33 $salt = generate_salt();
34 $hash = salted_hash($password, $salt);
35
36 $error = password_reset($hash, $salt, $resetkey, $email);
37 }
38 } elseif (isset($_POST['email'])) {
39 $email = $_POST['email'];
40 $uid = uid_from_email($email);
41 if ($uid != NULL && $uid != 'None') {
42 # We (ab)use new_sid() to get a random 32 characters long string
43 $resetkey = new_sid();
44 create_resetkey($resetkey, $uid);
45 # Send email with confirmation link
46 $body = __('A password reset request was submitted for the account '.
47 'associated with your e-mail address. If you wish to reset '.
48 'your password follow the link below, otherwise ignore '.
49 'this message and nothing will happen.').
50 "\n\n".
51 "{$AUR_LOCATION}/passreset.php?".
52 "resetkey={$resetkey}";
53 $body = wordwrap($body, 70);
54 $headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR";
55 @mail($email, 'AUR Password Reset', $body, $headers);
56
57 }
58 header('Location: passreset.php?step=confirm');
59 exit();
60 }
61
62 $step = isset($_GET['step']) ? $_GET['step'] : NULL;
63
64 html_header(__("Password Reset"));
65
66 ?>
67
68 <div class="box">
69 <h2><?php print __("Password Reset"); ?></h2>
70
71 <?php if ($error): ?>
72 <p><span class="error"><?php echo $error ?></span></p>
73 <?php endif;?>
74 <?php
75 if ($step == 'confirm') {
76 echo __('Check your e-mail for the confirmation link.');
77 } elseif ($step == 'complete') {
78 echo __('Your password has been reset successfully.');
79 } elseif (isset($_GET['resetkey'])) {
80 ?>
81 <form action="" method="post">
82 <table>
83 <tr>
84 <td><?php echo __("Confirm your e-mail address:"); ?></td>
85 <td><input type="text" name="email" size="30" maxlength="64" /></td>
86 </tr>
87 <tr>
88 <td><?php echo __("Enter your new password:"); ?></td>
89 <td><input type="password" name="password" size="30" maxlength="32" /></td>
90 </tr>
91 <tr>
92 <td><?php echo __("Confirm your new password:"); ?></td>
93 <td><input type="password" name="confirm" size="30" maxlength="32" /></td>
94 </tr>
95 </table>
96 <br />
97 <input type="submit" class="button" value="<?php echo __('Continue') ?>" />
98 </form>
99 <?php
100 } else {
101 ?>
102 <p><?php echo __('If you have forgotten the e-mail address you used to register, please send a message to the %saur-general%s mailing list.',
103 '<a href="http://mailman.archlinux.org/mailman/listinfo/aur-general">',
104 '</a>'); ?></p>
105 <form action="" method="post">
106 <p><?php echo __("Enter your e-mail address:"); ?>
107 <input type="text" name="email" size="30" maxlength="64" /></p>
108 <input type="submit" class="button" value="<?php echo __('Continue') ?>" />
109 </form>
110 <?php } ?>
111 </div>
112
113 <?php
114
115 html_footer(AUR_VERSION);
Arch User-Community Repository (AUR)