add basic password recovery thing

diff --git a/classes/handler/public.php b/classes/handler/public.php
index 6b588f813e31c3c714eca82d9e8be13f92d1bce7..53051a1f8ccdaae5e3757a35485d1d6a3e394875 100644 (file)
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -708,5 +708,92 @@ class Handler_Public extends Handler {
                print json_encode(array("error" => array("code" => 7)));
        }
 
+       function forgotpass() {
+               header('Content-Type: text/html; charset=utf-8');
+               print "<html>
+                               <head>
+                                       <title>Tiny Tiny RSS</title>
+                                       <link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
+                                       <script type=\"text/javascript\" src=\"lib/prototype.js\"></script>
+                                       <script type=\"text/javascript\" src=\"lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls\"></script>
+                                       <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
+                               </head>
+                               <body id='forgotpass'>";
+
+               print '<div class="floatingLogo"><img src="images/logo_wide.png"></div>';
+               print "<h1>".__("Reset password")."</h1>";
+
+               @$method = $_POST['method'];
+
+               if (!$method) {
+                       $secretkey = uniqid();
+                       $_SESSION["secretkey"] = $secretkey;
+
+                       print "<form method='POST' action='public.php'>";
+                       print "<input type='hidden' name='secretkey' value='$secretkey'>";
+                       print "<input type='hidden' name='method' value='do'>";
+                       print "<input type='hidden' name='op' value='forgotpass'>";
+
+                       print "<fieldset>";
+                       print "<label>".__("Login:")."</label>";
+                       print "<input type='text' name='login' value='' required>";
+                       print "</fieldset>";
+
+                       print "<fieldset>";
+                       print "<label>".__("Email:")."</label>";
+                       print "<input type='email' name='email' value='' required>";
+                       print "</fieldset>";
+
+                       print "<fieldset>";
+                       print "<label>".__("How much is two plus two:")."</label>";
+                       print "<input type='text' name='test' value='' required>";
+                       print "</fieldset>";
+
+                       print "<p/>";
+                       print "<button type='submit'>".__("Reset password")."</button>";
+
+                       print "</form>";
+               } else if ($method == 'do') {
+
+                       $secretkey = $_POST["secretkey"];
+                       $login = db_escape_string($this->link, $_POST["login"]);
+                       $email = db_escape_string($this->link, $_POST["email"]);
+                       $test = db_escape_string($this->link, $_POST["test"]);
+
+                       if (($test != 4 && $test != 'four') || !$email || !$login) {
+                               print_error(__('Some of the required form parameters are missing or incorrect.'));
+
+                               print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>";
+
+                       } else if ($_SESSION["secretkey"] == $secretkey) {
+
+                               $result = db_query($this->link, "SELECT id FROM ttrss_users
+                                       WHERE login = '$login' AND email = '$email'");
+
+                               if (db_num_rows($result) != 0) {
+                                       $id = db_fetch_result($result, 0, "id");
+
+                                       Pref_Users::resetUserPassword($this->link, $id, false);
+
+                                       print "<p>".__("Completed.")."</p>";
+
+                               } else {
+                                       print_error(__("Sorry, login and email combination not found."));
+                                       print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>";
+                               }
+
+                       } else {
+                               print_error(__("Form secret key incorrect. Please enable cookies and try again."));
+                               print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>";
+
+                       }
+
+               }
+
+               print "</body>";
+               print "</html>";
+
+       }
+
 }
 ?>

diff --git a/classes/pref/users.php b/classes/pref/users.php
index fbba5e407436731defa45e5914afeeea63c0c86a..b4f043775c082d31effc3b7c49bfec34de58c9ec 100644 (file)
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -270,11 +270,9 @@ class Pref_Users extends Handler_Protected {
                        }
                }
 
-               function resetPass() {
-
-                       $uid = db_escape_string($this->link, $_REQUEST["id"]);
+               static function resetUserPassword($link, $uid, $show_password) {
 
-                       $result = db_query($this->link, "SELECT login,email
+                       $result = db_query($link, "SELECT login,email
                                FROM ttrss_users WHERE id = '$uid'");
 
                        $login = db_fetch_result($result, 0, "login");
@@ -286,18 +284,20 @@ class Pref_Users extends Handler_Protected {
 
                        $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
 
-                       db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt'
+                       db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt'
                                WHERE id = '$uid'");
 
-                       print T_sprintf("Changed password of user <b>%s</b>
-                                to <b>%s</b>", $login, $tmp_user_pwd);
+                       if ($show_password) {
+                               print T_sprintf("Changed password of user <b>%s</b>
+                                       to <b>%s</b>", $login, $tmp_user_pwd);
+                       } else {
+                               print T_sprintf("Sending new password of user <b>%s</b>
+                                       to <b>%s</b>", $login, $email);
+                       }
 
                        require_once 'lib/phpmailer/class.phpmailer.php';
 
                        if ($email) {
-                               print " ";
-                               print T_sprintf("Notifying <b>%s</b>.", $email);
-
                                require_once "lib/MiniTemplator.class.php";
 
                                $tpl = new MiniTemplator;
@@ -340,8 +340,11 @@ class Pref_Users extends Handler_Protected {
 
                                if (!$rc) print_error($mail->ErrorInfo);
                        }
+               }
 
-                       print "</div>";
+               function resetPass() {
+                       $uid = db_escape_string($this->link, $_REQUEST["id"]);
+                       Pref_Users::resetUserPassword($this->link, $uid, true);
                }
 
                function index() {

diff --git a/include/login_form.php b/include/login_form.php
index 68df544e30256f3f08f03baf2cda3c56e69c89eb..af451239d7e42510eb8780f3176adc4e7a9e077b 100644 (file)
--- a/include/login_form.php
+++ b/include/login_form.php
@@ -65,6 +65,20 @@
                font-size : 12px;
        }
 
+       a.forgotpass {
+               text-align : right;
+               font-size : 11px;
+               display : inline-block;
+       }
+
+       a {
+               color : #4684ff;
+       }
+
+       a:hover {
+               color : black;
+       }
+
        div.footer a {
                color : gray;
        }
@@ -179,6 +193,8 @@ function bwLimitChange(elem) {
                        <input type="password" name="password" required="1"
                                        style="width : 220px" class="input"
                                        value="<?php echo $_SESSION["fake_password"] ?>"/>
+                       <label></label>
+                       <a class='forgotpass' href="public.php?op=forgotpass"><?php echo __("I forgot my password") ?></a>
                </div>
 
                <div class="row">

diff --git a/templates/resetpass_template.txt b/templates/resetpass_template.txt
index dd96f2c92baccb585e9656fac26b4705e1d10354..c262f9a77c2419797e8d599df008b9f3e62c4e37 100644 (file)
--- a/templates/resetpass_template.txt
+++ b/templates/resetpass_template.txt
@@ -1,7 +1,7 @@
 <!-- $BeginBlock message -->
 Hello, ${LOGIN}.
 
-Your password for this Tiny Tiny RSS installation has been reset by an administrator.
+Your password for this Tiny Tiny RSS installation has been reset.
 
 Your new password is ${NEWPASS}, please remember it for later reference.
 

diff --git a/utility.css b/utility.css
index de0042a774c354c4a7759849f9ff00c7439c91cf..b520a49bd00c13caede1b295a89e591e952941e0 100644 (file)
--- a/utility.css
+++ b/utility.css
@@ -182,3 +182,25 @@ div.autocomplete ul li {
        cursor : pointer;
 }
 
+fieldset { 
+       border-width : 0px;
+       padding : 0px 0px 5px 0px;
+       margin : 0px;
+}
+
+fieldset input {
+       font-family : sans-serif;
+       font-size : medium;
+       border-spacing : 2px;
+       border : 1px solid #b5bcc7;
+       padding : 2px;
+}
+
+fieldset label {
+       width : 120px;
+       margin-right : 20px;
+       display : inline-block;
+       text-align : right;
+       color : gray;
+}
+