2010-07-18 08:24:51 +00:00
< ? php
2017-12-01 19:57:13 +00:00
/**
2023-01-01 14:36:24 +00:00
* @ copyright Copyright ( C ) 2010 - 2023 , the Friendica project
2020-02-09 15:18:46 +00:00
*
* @ license GNU AGPL version 3 or any later version
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation , either version 3 of the
* License , or ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
*
* You should have received a copy of the GNU Affero General Public License
* along with this program . If not , see < https :// www . gnu . org / licenses />.
*
2017-12-01 19:57:13 +00:00
*/
2018-01-20 03:27:31 +00:00
2017-04-30 04:07:00 +00:00
use Friendica\App ;
2018-10-31 14:35:50 +00:00
use Friendica\Core\Renderer ;
2018-07-20 12:19:26 +00:00
use Friendica\Database\DBA ;
2019-12-15 23:28:31 +00:00
use Friendica\DI ;
2018-01-20 03:49:06 +00:00
use Friendica\Model\User ;
2018-01-27 02:38:34 +00:00
use Friendica\Util\DateTimeFormat ;
2018-11-08 15:14:37 +00:00
use Friendica\Util\Strings ;
2017-04-30 04:07:00 +00:00
2018-01-20 03:27:31 +00:00
function lostpass_post ( App $a )
{
2021-11-05 19:59:18 +00:00
$loginame = trim ( $_POST [ 'login-name' ]);
2018-01-20 03:27:31 +00:00
if ( ! $loginame ) {
2019-12-15 23:28:31 +00:00
DI :: baseUrl () -> redirect ();
2018-01-20 03:27:31 +00:00
}
2010-07-18 08:24:51 +00:00
2023-09-08 15:01:51 +00:00
$condition = [ '(`email` = ? OR `nickname` = ?) AND `verified` AND NOT `blocked` AND NOT `account_removed` AND NOT `account_expired`' , $loginame , $loginame ];
2019-01-04 01:42:29 +00:00
$user = DBA :: selectFirst ( 'user' , [ 'uid' , 'username' , 'nickname' , 'email' , 'language' ], $condition );
2018-07-21 12:46:04 +00:00
if ( ! DBA :: isResult ( $user )) {
2022-10-17 11:27:32 +00:00
DI :: sysmsg () -> addNotice ( DI :: l10n () -> t ( 'No valid account found.' ));
2019-12-15 23:28:31 +00:00
DI :: baseUrl () -> redirect ();
2011-06-29 07:59:21 +00:00
}
2020-04-04 08:06:49 +00:00
$pwdreset_token = Strings :: getRandomHex ( 32 );
2010-07-18 08:24:51 +00:00
2018-01-20 23:15:55 +00:00
$fields = [
2020-04-04 08:10:39 +00:00
'pwdreset' => hash ( 'sha256' , $pwdreset_token ),
2018-01-27 02:38:34 +00:00
'pwdreset_time' => DateTimeFormat :: utcNow ()
2018-01-20 23:15:55 +00:00
];
2018-07-20 12:19:26 +00:00
$result = DBA :: update ( 'user' , $fields , [ 'uid' => $user [ 'uid' ]]);
2018-01-20 03:27:31 +00:00
if ( $result ) {
2022-10-17 18:55:22 +00:00
DI :: sysmsg () -> addInfo ( DI :: l10n () -> t ( 'Password reset request issued. Check your email.' ));
2018-01-20 03:27:31 +00:00
}
2010-07-18 08:24:51 +00:00
2020-01-19 20:21:13 +00:00
$sitename = DI :: config () -> get ( 'config' , 'sitename' );
2019-12-30 22:00:08 +00:00
$resetlink = DI :: baseUrl () . '/lostpass/' . $pwdreset_token ;
2014-09-07 08:27:39 +00:00
2020-01-18 19:52:34 +00:00
$preamble = Strings :: deindent ( DI :: l10n () -> t ( '
2014-09-07 09:20:06 +00:00
Dear % 1 $s ,
A request was recently received at " %2 $s " to reset your account
password . In order to confirm this request , please select the verification link
below or paste it into your web browser address bar .
2014-09-07 08:27:39 +00:00
2014-09-07 09:20:06 +00:00
If you did NOT request this change , please DO NOT follow the link
2018-01-21 00:12:14 +00:00
provided and ignore and / or delete this email , the request will expire shortly .
2014-09-07 08:27:39 +00:00
2014-09-07 09:20:06 +00:00
Your password will not be changed unless we can verify that you
2018-01-20 03:27:31 +00:00
issued this request . ', $user[' username ' ], $sitename ));
2020-01-18 19:52:34 +00:00
$body = Strings :: deindent ( DI :: l10n () -> t ( '
2018-01-21 00:12:14 +00:00
Follow this link soon to verify your identity :
2014-09-07 08:27:39 +00:00
2014-09-07 09:20:06 +00:00
% 1 $s
2014-09-07 08:27:39 +00:00
2014-09-07 09:20:06 +00:00
You will then receive a follow - up message containing the new password .
You may change that password from your account settings page after logging in .
2014-09-07 08:27:39 +00:00
2014-09-07 09:20:06 +00:00
The login details are as follows :
2014-09-07 08:27:39 +00:00
2014-09-07 09:20:06 +00:00
Site Location : % 2 $s
2019-12-30 22:00:08 +00:00
Login Name : % 3 $s ', $resetlink, DI::baseUrl(), $user[' nickname ' ]));
2014-09-07 08:27:39 +00:00
2020-02-01 19:08:54 +00:00
$email = DI :: emailer ()
2020-02-04 20:04:08 +00:00
-> newSystemMail ()
2020-02-02 08:22:30 +00:00
-> withMessage ( DI :: l10n () -> t ( 'Password reset requested at %s' , $sitename ), $preamble , $body )
2020-02-04 20:04:08 +00:00
-> forUser ( $user )
2020-02-02 08:22:30 +00:00
-> withRecipient ( $user [ 'email' ])
-> build ();
2020-02-01 19:08:54 +00:00
DI :: emailer () -> send ( $email );
2019-12-15 23:28:31 +00:00
DI :: baseUrl () -> redirect ();
2016-02-05 20:52:39 +00:00
}
2010-07-18 08:24:51 +00:00
2018-01-20 03:27:31 +00:00
function lostpass_content ( App $a )
{
2021-07-25 13:08:22 +00:00
if ( DI :: args () -> getArgc () > 1 ) {
$pwdreset_token = DI :: args () -> getArgv ()[ 1 ];
2016-02-07 14:11:34 +00:00
2020-04-04 08:10:39 +00:00
$user = DBA :: selectFirst ( 'user' , [ 'uid' , 'username' , 'nickname' , 'email' , 'pwdreset_time' , 'language' ], [ 'pwdreset' => hash ( 'sha256' , $pwdreset_token )]);
2018-07-21 12:46:04 +00:00
if ( ! DBA :: isResult ( $user )) {
2022-10-17 11:27:32 +00:00
DI :: sysmsg () -> addNotice ( DI :: l10n () -> t ( " Request could not be verified. \x28 You may have previously submitted it. \x29 Password reset failed. " ));
2018-01-20 23:15:55 +00:00
return lostpass_form ();
2010-07-18 08:24:51 +00:00
}
2018-01-21 00:15:05 +00:00
// Password reset requests expire in 60 minutes
2018-01-27 02:38:34 +00:00
if ( $user [ 'pwdreset_time' ] < DateTimeFormat :: utc ( 'now - 1 hour' )) {
2018-01-20 23:15:55 +00:00
$fields = [
'pwdreset' => null ,
'pwdreset_time' => null
];
2018-07-20 12:19:26 +00:00
DBA :: update ( 'user' , $fields , [ 'uid' => $user [ 'uid' ]]);
2018-01-20 23:15:55 +00:00
2022-10-17 11:27:32 +00:00
DI :: sysmsg () -> addNotice ( DI :: l10n () -> t ( 'Request has expired, please make a new one.' ));
2018-01-20 23:15:55 +00:00
return lostpass_form ();
2010-07-18 08:24:51 +00:00
}
2018-01-20 23:15:55 +00:00
return lostpass_generate_password ( $user );
2018-01-20 03:27:31 +00:00
} else {
2018-01-20 23:15:55 +00:00
return lostpass_form ();
}
}
function lostpass_form ()
{
2018-10-31 14:44:06 +00:00
$tpl = Renderer :: getMarkupTemplate ( 'lostpass.tpl' );
2018-10-31 14:35:50 +00:00
$o = Renderer :: replaceMacros ( $tpl , [
2020-01-18 19:52:34 +00:00
'$title' => DI :: l10n () -> t ( 'Forgot your Password?' ),
'$desc' => DI :: l10n () -> t ( 'Enter your email address and submit to have your password reset. Then check your email for further instructions.' ),
'$name' => DI :: l10n () -> t ( 'Nickname or Email: ' ),
'$submit' => DI :: l10n () -> t ( 'Reset' )
2018-01-20 23:15:55 +00:00
]);
return $o ;
}
function lostpass_generate_password ( $user )
{
$o = '' ;
$new_password = User :: generateNewPassword ();
$result = User :: updatePassword ( $user [ 'uid' ], $new_password );
2018-07-21 12:46:04 +00:00
if ( DBA :: isResult ( $result )) {
2018-10-31 14:44:06 +00:00
$tpl = Renderer :: getMarkupTemplate ( 'pwdreset.tpl' );
2018-10-31 14:35:50 +00:00
$o .= Renderer :: replaceMacros ( $tpl , [
2020-01-18 19:52:34 +00:00
'$lbl1' => DI :: l10n () -> t ( 'Password Reset' ),
'$lbl2' => DI :: l10n () -> t ( 'Your password has been reset as requested.' ),
'$lbl3' => DI :: l10n () -> t ( 'Your new password is' ),
'$lbl4' => DI :: l10n () -> t ( 'Save or copy your new password - and then' ),
'$lbl5' => '<a href="' . DI :: baseUrl () . '">' . DI :: l10n () -> t ( 'click here to login' ) . '</a>.' ,
'$lbl6' => DI :: l10n () -> t ( 'Your password may be changed from the <em>Settings</em> page after successful login.' ),
2018-01-20 23:15:55 +00:00
'$newpass' => $new_password ,
2018-01-15 13:05:12 +00:00
]);
2010-07-18 08:24:51 +00:00
2022-10-17 18:55:22 +00:00
DI :: sysmsg () -> addInfo ( DI :: l10n () -> t ( " Your password has been reset. " ));
2018-01-20 23:15:55 +00:00
2020-01-19 20:21:13 +00:00
$sitename = DI :: config () -> get ( 'config' , 'sitename' );
2020-01-18 19:52:34 +00:00
$preamble = Strings :: deindent ( DI :: l10n () -> t ( '
2018-01-20 23:15:55 +00:00
Dear % 1 $s ,
Your password has been changed as requested . Please retain this
2018-01-24 21:51:32 +00:00
information for your records ' . "\x28" . ' or change your password immediately to
something that you will remember ' . "\x29" . ' .
2018-01-20 23:15:55 +00:00
', $user[' username ' ]));
2020-01-18 19:52:34 +00:00
$body = Strings :: deindent ( DI :: l10n () -> t ( '
2018-01-20 23:15:55 +00:00
Your login details are as follows :
Site Location : % 1 $s
Login Name : % 2 $s
Password : % 3 $s
You may change that password from your account settings page after logging in .
2019-12-30 22:00:08 +00:00
', DI::baseUrl(), $user[' nickname ' ], $new_password ));
2018-01-20 23:15:55 +00:00
2020-02-01 19:08:54 +00:00
$email = DI :: emailer ()
2020-02-04 20:04:08 +00:00
-> newSystemMail ()
2020-02-02 08:15:05 +00:00
-> withMessage ( DI :: l10n () -> t ( 'Your password has been changed at %s' , $sitename ), $preamble , $body )
2020-02-04 20:04:08 +00:00
-> forUser ( $user )
2020-02-02 08:15:05 +00:00
-> withRecipient ( $user [ 'email' ])
-> build ();
2020-02-01 19:08:54 +00:00
DI :: emailer () -> send ( $email );
2010-07-18 08:24:51 +00:00
}
2018-01-20 23:15:55 +00:00
return $o ;
2011-05-23 09:39:57 +00:00
}