forgotpass: remove secretkey stuff because of new session handling; use stylesheet...

[tt-rss.git] / classes / handler / public.php

diff --git a/classes/handler/public.php b/classes/handler/public.php
index 902e836fc52098af598f9e921719e5b5de6f317a..6822faa771832f295232d10b73b3a22fc69e4716 100644 (file)
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -723,15 +723,13 @@ class Handler_Public extends Handler {
 
        function forgotpass() {
                header('Content-Type: text/html; charset=utf-8');
-               print "<html>
-                               <head>
-                                       <title>Tiny Tiny RSS</title>
-                                       <link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
-                                       <script type=\"text/javascript\" src=\"lib/prototype.js\"></script>
-                                       <script type=\"text/javascript\" src=\"lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls\"></script>
-                                       <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
-                               </head>
-                               <body id='forgotpass'>";
+               print "<html><head><title>Tiny Tiny RSS</title>";
+
+               print stylesheet_tag("utility.css");
+               print javascript_tag("lib/prototype.js");
+
+               print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
+                       </head><body id='forgotpass'>";
 
                print '<div class="floatingLogo"><img src="images/logo_small.png"></div>';
                print "<h1>".__("Password recovery")."</h1>";
@@ -740,13 +738,9 @@ class Handler_Public extends Handler {
                @$method = $_POST['method'];
 
                if (!$method) {
-                       $secretkey = uniqid();
-                       $_SESSION["secretkey"] = $secretkey;
-
                        print_notice(__("You will need to provide valid account name and email. New password will be sent on your email address."));
 
                        print "<form method='POST' action='public.php'>";
-                       print "<input type='hidden' name='secretkey' value='$secretkey'>";
                        print "<input type='hidden' name='method' value='do'>";
                        print "<input type='hidden' name='op' value='forgotpass'>";
 
@@ -771,7 +765,6 @@ class Handler_Public extends Handler {
                        print "</form>";
                } else if ($method == 'do') {
 
-                       $secretkey = $_POST["secretkey"];
                        $login = db_escape_string($this->link, $_POST["login"]);
                        $email = db_escape_string($this->link, $_POST["email"]);
                        $test = db_escape_string($this->link, $_POST["test"]);
@@ -784,7 +777,7 @@ class Handler_Public extends Handler {
                                        <input type=\"submit\" value=\"".__("Go back")."\">
                                        </form>";
 
-                       } else if ($_SESSION["secretkey"] == $secretkey) {
+                       } else {
 
                                $result = db_query($this->link, "SELECT id FROM ttrss_users
                                        WHERE login = '$login' AND email = '$email'");
@@ -796,7 +789,7 @@ class Handler_Public extends Handler {
 
                                        print "<p>";
 
-                                       print_notice("Completed.");
+                                       print "<p>"."Completed."."</p>";
 
                                        print "<form method=\"GET\" action=\"index.php\">
                                                <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
@@ -811,14 +804,6 @@ class Handler_Public extends Handler {
                                                </form>";
 
                                }
-
-                       } else {
-                               print_error(__("Form secret key incorrect. Please enable cookies and try again."));
-                               print "<form method=\"GET\" action=\"public.php\">
-                                       <input type=\"hidden\" name=\"op\" value=\"forgotpass\">
-                                       <input type=\"submit\" value=\"".__("Go back")."\">
-                                       </form>";
-
                        }
 
                }