Users Plugin: email templates added. Improve Password Reset: two step password reset.

plugins/box/users/users.plugin.php

@@ -255,12 +255,51 @@
 
                 $errors = array();
 
-                $user_login = Request::post('login');
+                $site_url  = Option::get('siteurl');
+                $site_name = Option::get('sitename');
+
+                // Reset Password from hash
+                if (Request::get('hash')) {
+                    
+                    // Get user with specific hash
+                    $user = Users::$users->select("[hash='" . Request::get('hash') . "']", null);
+
+                    // If user exists
+                    if ((count($user) > 0) && ($user['hash'] == Request::get('hash'))) {
+
+                        // Generate new password
+                        $new_password = Text::random('alnum', 6);
+
+                        // Update user profile
+                        // Set new hash and new password
+                        Users::$users->updateWhere("[login='" . $user['login'] . "']", array('hash' => Text::random('alnum', 12), 'password' => Security::encryptPassword($new_password)));
+
+                        // Message
+                        $message = View::factory('box/users/views/frontend/new_password_email')
+                            ->assign('site_url', $site_url)
+                            ->assign('site_name', $site_name)
+                            ->assign('user_id', $user['id'])
+                            ->assign('user_login', $user['login'])
+                            ->assign('new_password', $new_password)                                
+                            ->render();
+
+
+                        // Send
+                        @mail($user['email'], "Your new password for {$site_name}", $message);
+
+                        // Set notification
+                        Notification::set('success', __('New password has been sent', 'users'));
+
+                        // Redirect to password-reset page
+                        Request::redirect(Site::url().'users/password-reset');
+
+                    }
+                }
 
                 // Reset Password Form Submit
                 if (Request::post('reset_password_submit')) {
 
-                    $user_login = trim($user_login);
+                    $user_login = trim(Request::post('login'));
 
                     // Check csrf
                     if (Security::check(Request::post('csrf'))) {
@@ -271,28 +310,35 @@
 
                         if (count($errors) == 0) {
 
+                            // Get user
                             $user = Users::$users->select("[login='" . $user_login . "']", null);
 
-                            // Generate new password
-                            $new_password = Text::random('alnum', 6);
+                            // Generate new hash
+                            $new_hash = Text::random('alnum', 12);
 
-                            // Update user profile
-                            Users::$users->updateWhere("[login='" . $user_login . "']", array('password' => Security::encryptPassword($new_password)));
+                            // Update user hash
+                            Users::$users->updateWhere("[login='" . $user_login . "']", array('hash' => $new_hash));
 
                             // Message
-                            $message = "Login: {$user['login']}\nNew Password: {$new_password}";
+                            $message = View::factory('box/users/views/frontend/reset_password_email')
+                                ->assign('site_url', $site_url)
+                                ->assign('site_name', $site_name)
+                                ->assign('user_id', $user['id'])
+                                ->assign('user_login', $user['login'])
+                                ->assign('new_hash', $new_hash)                                
+                                ->render();
+
 
                             // Send
-                            @mail($user['email'], 'MonstraPasswordReset', $message);
+                            @mail($user['email'], "Your login details for {$site_name}", $message);
 
                             // Set notification
-                            Notification::set('success', __('New password has been sent', 'users'));
+                            Notification::set('success', __('Your login details for :site_name has been sent', 'users', array(':site_name' => $site_name)));
 
                             // Redirect to password-reset page
                             Request::redirect(Site::url().'users/password-reset');
 
                         }
-
                     
                     } else { die('csrf detected!'); }
 

plugins/box/users/views/frontend/new_password_email.view.php

@@ -0,0 +1,11 @@
+Dear <?php echo $user_login ?>,
+<br><br>
+As you requested, your password has now been reset. Your new details are as follows:
+<br><br>   
+Username: <?php echo $user_login; ?><br>
+Password: <?php echo $new_password; ?>
+<br><br>
+To change your password, please visit this page: <?php echo $site_url; ?>users/<?php echo $user_id; ?>
+<br><br>
+All the best,
+<?php echo $site_name; ?>

plugins/box/users/views/frontend/reset_password_email.view.php

@@ -0,0 +1,17 @@
+Dear <?php echo $user_login; ?>,
+<br><br>
+You have requested to reset your password on <?php echo $site_name; ?> because you have forgotten your password.
+If you did not request this, please ignore it. It will expire and become useless in 24 hours time.
+<br><br>
+To reset your password, please visit the following page:
+<?php echo $site_url; ?>users/password-reset?hash=<?php echo $new_hash; ?>
+<br><br>    
+When you visit that page, your password will be reset, and the new password will be emailed to you.
+<br><br>
+Your username is: <?php echo $user_login; ?>
+<br><br>
+To edit your profile, go to this page:
+<?php echo $site_url ?>users/<?php echo $user_id; ?>
+<br><br>
+All the best,
+<?php echo $site_name; ?>