From 56389defa2e7b7fc0903aea9f939ef1a696cf11d Mon Sep 17 00:00:00 2001 From: Awilum Date: Sun, 30 Sep 2012 14:49:13 +0300 Subject: [PATCH] Users Plugin: email templates added. Improve Password Reset: two step password reset. --- plugins/box/users/users.plugin.php | 66 ++++++++++++++++--- .../frontend/new_password_email.view.php | 11 ++++ .../frontend/reset_password_email.view.php | 17 +++++ 3 files changed, 84 insertions(+), 10 deletions(-) create mode 100644 plugins/box/users/views/frontend/new_password_email.view.php create mode 100644 plugins/box/users/views/frontend/reset_password_email.view.php diff --git a/plugins/box/users/users.plugin.php b/plugins/box/users/users.plugin.php index 6820486..78206c8 100644 --- a/plugins/box/users/users.plugin.php +++ b/plugins/box/users/users.plugin.php @@ -255,12 +255,51 @@ $errors = array(); - $user_login = Request::post('login'); + $site_url = Option::get('siteurl'); + $site_name = Option::get('sitename'); + + // Reset Password from hash + if (Request::get('hash')) { + + // Get user with specific hash + $user = Users::$users->select("[hash='" . Request::get('hash') . "']", null); + + // If user exists + if ((count($user) > 0) && ($user['hash'] == Request::get('hash'))) { + + // Generate new password + $new_password = Text::random('alnum', 6); + + // Update user profile + // Set new hash and new password + Users::$users->updateWhere("[login='" . $user['login'] . "']", array('hash' => Text::random('alnum', 12), 'password' => Security::encryptPassword($new_password))); + + // Message + $message = View::factory('box/users/views/frontend/new_password_email') + ->assign('site_url', $site_url) + ->assign('site_name', $site_name) + ->assign('user_id', $user['id']) + ->assign('user_login', $user['login']) + ->assign('new_password', $new_password) + ->render(); + + + // Send + @mail($user['email'], "Your new password for {$site_name}", $message); + + // Set notification + Notification::set('success', __('New password has been sent', 'users')); + + // Redirect to password-reset page + Request::redirect(Site::url().'users/password-reset'); + + } + } // Reset Password Form Submit if (Request::post('reset_password_submit')) { - $user_login = trim($user_login); + $user_login = trim(Request::post('login')); // Check csrf if (Security::check(Request::post('csrf'))) { @@ -271,28 +310,35 @@ if (count($errors) == 0) { + // Get user $user = Users::$users->select("[login='" . $user_login . "']", null); - // Generate new password - $new_password = Text::random('alnum', 6); + // Generate new hash + $new_hash = Text::random('alnum', 12); - // Update user profile - Users::$users->updateWhere("[login='" . $user_login . "']", array('password' => Security::encryptPassword($new_password))); + // Update user hash + Users::$users->updateWhere("[login='" . $user_login . "']", array('hash' => $new_hash)); // Message - $message = "Login: {$user['login']}\nNew Password: {$new_password}"; + $message = View::factory('box/users/views/frontend/reset_password_email') + ->assign('site_url', $site_url) + ->assign('site_name', $site_name) + ->assign('user_id', $user['id']) + ->assign('user_login', $user['login']) + ->assign('new_hash', $new_hash) + ->render(); + // Send - @mail($user['email'], 'MonstraPasswordReset', $message); + @mail($user['email'], "Your login details for {$site_name}", $message); // Set notification - Notification::set('success', __('New password has been sent', 'users')); + Notification::set('success', __('Your login details for :site_name has been sent', 'users', array(':site_name' => $site_name))); // Redirect to password-reset page Request::redirect(Site::url().'users/password-reset'); } - } else { die('csrf detected!'); } diff --git a/plugins/box/users/views/frontend/new_password_email.view.php b/plugins/box/users/views/frontend/new_password_email.view.php new file mode 100644 index 0000000..146e4c0 --- /dev/null +++ b/plugins/box/users/views/frontend/new_password_email.view.php @@ -0,0 +1,11 @@ +Dear , +

+As you requested, your password has now been reset. Your new details are as follows: +

+Username:
+Password: +

+To change your password, please visit this page: users/ +

+All the best, + \ No newline at end of file diff --git a/plugins/box/users/views/frontend/reset_password_email.view.php b/plugins/box/users/views/frontend/reset_password_email.view.php new file mode 100644 index 0000000..48651f8 --- /dev/null +++ b/plugins/box/users/views/frontend/reset_password_email.view.php @@ -0,0 +1,17 @@ +Dear , +

+You have requested to reset your password on because you have forgotten your password. +If you did not request this, please ignore it. It will expire and become useless in 24 hours time. +

+To reset your password, please visit the following page: +users/password-reset?hash= +

+When you visit that page, your password will be reset, and the new password will be emailed to you. +

+Your username is: +

+To edit your profile, go to this page: +users/ +

+All the best, + \ No newline at end of file