external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move reset key submission to a separate function

Browse source 
This allows for reusing reset key submission for other things, such as
sending an initial password reset code during account registration.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2013-03-19 13:10:12 +01:00
parent a386bbd35d
commit 5d31bb2450
2 changed files with 31 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
web/html/passreset.php
View file

@ -37,24 +37,12 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
}
} elseif (isset($_POST['email'])) {
$email = $_POST['email'];
$uid = uid_from_email($email);
if ($uid != NULL && $uid != 'None') {
# We (ab)use new_sid() to get a random 32 characters long string
$resetkey = new_sid();
create_resetkey($resetkey, $uid);
# Send email with confirmation link
$body = __('A password reset request was submitted for the account '.
'associated with your e-mail address. If you wish to reset '.
'your password follow the link below, otherwise ignore '.
'this message and nothing will happen.').
"\n\n".
"{$AUR_LOCATION}/" . get_uri('/passreset/') . "?".
"resetkey={$resetkey}";
$body = wordwrap($body, 70);
$headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR";
@mail($email, 'AUR Password Reset', $body, $headers);
send_resetkey($email, $body);
}
header('Location: ' . get_uri('/passreset/') . '?step=confirm');
exit();
}

26
web/lib/acctfuncs.inc.php
View file

@ -581,6 +581,32 @@ function create_resetkey($resetkey, $uid) {
$dbh->exec($q);
}
/**
* Send a reset key to a specific e-mail address
*
* @param string $email E-mail address of the user resetting their password
* @param string $body Body of the email
*
* @return void
*/
function send_resetkey($email, $body) {
global $AUR_LOCATION;
$uid = uid_from_email($email);
if ($uid != NULL && $uid != 'None') {
# We (ab)use new_sid() to get a random 32 characters long string
$resetkey = new_sid();
create_resetkey($resetkey, $uid);
# Send email with confirmation link
$body = wordwrap($body, 70);
$body .= "\n\n".
"{$AUR_LOCATION}/" . get_uri('/passreset/') . "?".
"resetkey={$resetkey}";
$headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR";
@mail($email, 'AUR Password Reset', $body, $headers);
}
}
/**
* Change a user's password in the database if reset key and e-mail are correct
*