external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move reset key submission to a separate function

Browse source 
This allows for reusing reset key submission for other things, such as
sending an initial password reset code during account registration.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2013-03-19 13:10:12 +01:00
parent a386bbd35d
commit 5d31bb2450
2 changed files with 31 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
web/html/passreset.php
View file

@ -37,24 +37,12 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
} }
} elseif (isset($_POST['email'])) { } elseif (isset($_POST['email'])) {
$email = $_POST['email']; $email = $_POST['email'];
$uid = uid_from_email($email);
if ($uid != NULL && $uid != 'None') {
# We (ab)use new_sid() to get a random 32 characters long string
$resetkey = new_sid();
create_resetkey($resetkey, $uid);
# Send email with confirmation link
$body = __('A password reset request was submitted for the account '. $body = __('A password reset request was submitted for the account '.
'associated with your e-mail address. If you wish to reset '. 'associated with your e-mail address. If you wish to reset '.
'your password follow the link below, otherwise ignore '. 'your password follow the link below, otherwise ignore '.
'this message and nothing will happen.'). 'this message and nothing will happen.').
"\n\n". send_resetkey($email, $body);
"{$AUR_LOCATION}/" . get_uri('/passreset/') . "?".
"resetkey={$resetkey}";
$body = wordwrap($body, 70);
$headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR";
@mail($email, 'AUR Password Reset', $body, $headers);
}
header('Location: ' . get_uri('/passreset/') . '?step=confirm'); header('Location: ' . get_uri('/passreset/') . '?step=confirm');
exit(); exit();
} }

26
web/lib/acctfuncs.inc.php
View file

@ -581,6 +581,32 @@ function create_resetkey($resetkey, $uid) {
$dbh->exec($q); $dbh->exec($q);
} }
/**
* Send a reset key to a specific e-mail address
*
* @param string $email E-mail address of the user resetting their password
* @param string $body Body of the email
*
* @return void
*/
function send_resetkey($email, $body) {
global $AUR_LOCATION;
$uid = uid_from_email($email);
if ($uid != NULL && $uid != 'None') {
# We (ab)use new_sid() to get a random 32 characters long string
$resetkey = new_sid();
create_resetkey($resetkey, $uid);
# Send email with confirmation link
$body = wordwrap($body, 70);
$body .= "\n\n".
"{$AUR_LOCATION}/" . get_uri('/passreset/') . "?".
"resetkey={$resetkey}";
$headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR";
@mail($email, 'AUR Password Reset', $body, $headers);
}
}
/** /**
* Change a user's password in the database if reset key and e-mail are correct * Change a user's password in the database if reset key and e-mail are correct
* *