external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add option to send reset key for a given user name

Browse source 
In addition to supporting email addresses in the reset key form, also
support user names. The reset key is then sent to the email address in
the user's profile.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit is contained in:
Lukas Fleischer 2020-01-30 16:57:22 +01:00
parent 23c0c9c372
commit e5a839bf0b
2 changed files with 19 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
web/html/passreset.php
View file

@ -11,14 +11,14 @@ if (isset($_COOKIE["AURSID"])) {
$error = ''; $error = '';
if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confirm'])) { if (isset($_GET['resetkey'], $_POST['user'], $_POST['password'], $_POST['confirm'])) {
$resetkey = $_GET['resetkey']; $resetkey = $_GET['resetkey'];
$email = $_POST['email']; $user = $_POST['user'];
$password = $_POST['password']; $password = $_POST['password'];
$confirm = $_POST['confirm']; $confirm = $_POST['confirm'];
$uid = uid_from_email($email); $uid = uid_from_loginname($user);
if (empty($email) || empty($password)) { if (empty($user) || empty($password)) {
$error = __('Missing a required field.'); $error = __('Missing a required field.');
} elseif ($password != $confirm) { } elseif ($password != $confirm) {
$error = __('Password fields do not match.'); $error = __('Password fields do not match.');
@ -31,16 +31,15 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
} }
if (empty($error)) { if (empty($error)) {
$error = password_reset($password, $resetkey, $email); $error = password_reset($password, $resetkey, $user);
} }
} elseif (isset($_POST['email'])) { } elseif (isset($_POST['user'])) {
$email = $_POST['email']; $user = $_POST['user'];
$username = username_from_id(uid_from_email($email));
if (empty($email)) { if (empty($user)) {
$error = __('Missing a required field.'); $error = __('Missing a required field.');
} else { } else {
send_resetkey($email); send_resetkey($user);
header('Location: ' . get_uri('/passreset/') . '?step=confirm'); header('Location: ' . get_uri('/passreset/') . '?step=confirm');
exit(); exit();
} }
@ -67,7 +66,7 @@ html_header(__("Password Reset"));
<table> <table>
<tr> <tr>
<td><?= __("Confirm your e-mail address:"); ?></td> <td><?= __("Confirm your e-mail address:"); ?></td>
<td><input type="text" name="email" size="30" maxlength="64" /></td> <td><input type="text" name="user" size="30" maxlength="64" /></td>
</tr> </tr>
<tr> <tr>
<td><?= __("Enter your new password:"); ?></td> <td><?= __("Enter your new password:"); ?></td>
@ -89,8 +88,8 @@ html_header(__("Password Reset"));
<ul class="errorlist"><li><?= $error ?></li></ul> <ul class="errorlist"><li><?= $error ?></li></ul>
<?php endif; ?> <?php endif; ?>
<form action="" method="post"> <form action="" method="post">
<p><?= __("Enter your e-mail address:"); ?> <p><?= __("Enter your user name or your e-mail address:"); ?>
<input type="text" name="email" size="30" maxlength="64" /></p> <input type="text" name="user" size="30" maxlength="64" /></p>
<input type="submit" class="button" value="<?= __('Continue') ?>" /> <input type="submit" class="button" value="<?= __('Continue') ?>" />
</form> </form>
<?php endif; ?> <?php endif; ?>

13
web/lib/acctfuncs.inc.php
View file

@ -755,13 +755,13 @@ function create_resetkey($resetkey, $uid) {
/** /**
* Send a reset key to a specific e-mail address * Send a reset key to a specific e-mail address
* *
* @param string $email E-mail address of the user resetting their password * @param string $user User name or email address of the user
* @param bool $welcome Whether to use the welcome message * @param bool $welcome Whether to use the welcome message
* *
* @return void * @return void
*/ */
function send_resetkey($email, $welcome=false) { function send_resetkey($user, $welcome=false) {
$uid = uid_from_email($email); $uid = uid_from_loginname($user);
if ($uid == null) { if ($uid == null) {
return; return;
} }
@ -779,11 +779,11 @@ function send_resetkey($email, $welcome=false) {
* *
* @param string $password The new password * @param string $password The new password
* @param string $resetkey Code e-mailed to a user to reset a password * @param string $resetkey Code e-mailed to a user to reset a password
* @param string $email E-mail address of the user resetting their password * @param string $user User name or email address of the user
* *
* @return string|void Redirect page if successful, otherwise return error message * @return string|void Redirect page if successful, otherwise return error message
*/ */
function password_reset($password, $resetkey, $email) { function password_reset($password, $resetkey, $user) {
$hash = password_hash($password, PASSWORD_DEFAULT); $hash = password_hash($password, PASSWORD_DEFAULT);
$dbh = DB::connect(); $dbh = DB::connect();
@ -792,7 +792,8 @@ function password_reset($password, $resetkey, $email) {
$q.= "ResetKey = '' "; $q.= "ResetKey = '' ";
$q.= "WHERE ResetKey != '' "; $q.= "WHERE ResetKey != '' ";
$q.= "AND ResetKey = " . $dbh->quote($resetkey) . " "; $q.= "AND ResetKey = " . $dbh->quote($resetkey) . " ";
$q.= "AND Email = " . $dbh->quote($email); $q.= "AND (Email = " . $dbh->quote($user) . " OR ";
$q.= "UserName = " . $dbh->quote($user) . ")";
$result = $dbh->exec($q); $result = $dbh->exec($q);
if (!$result) { if (!$result) {