mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-08-06 05:07:49 +02:00
Code Issues Releases Wiki Activity

Users Plugin: email templates added. Improve Password Reset: two step password reset.

Browse Source
This commit is contained in:
Awilum
2012-09-30 14:49:13 +03:00
parent 7b179b051f
commit 56389defa2
3 changed files with 84 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
plugins/box/users/users.plugin.php
View File

@@ -255,12 +255,51 @@
$errors = array(); $errors = array();
$user_login = Request::post('login'); $site_url = Option::get('siteurl');
$site_name = Option::get('sitename');
// Reset Password from hash
if (Request::get('hash')) {
// Get user with specific hash
$user = Users::$users->select("[hash='" . Request::get('hash') . "']", null);
// If user exists
if ((count($user) > 0) && ($user['hash'] == Request::get('hash'))) {
// Generate new password
$new_password = Text::random('alnum', 6);
// Update user profile
// Set new hash and new password
Users::$users->updateWhere("[login='" . $user['login'] . "']", array('hash' => Text::random('alnum', 12), 'password' => Security::encryptPassword($new_password)));
// Message
$message = View::factory('box/users/views/frontend/new_password_email')
->assign('site_url', $site_url)
->assign('site_name', $site_name)
->assign('user_id', $user['id'])
->assign('user_login', $user['login'])
->assign('new_password', $new_password)
->render();
// Send
@mail($user['email'], "Your new password for {$site_name}", $message);
// Set notification
Notification::set('success', __('New password has been sent', 'users'));
// Redirect to password-reset page
Request::redirect(Site::url().'users/password-reset');
}
}
// Reset Password Form Submit // Reset Password Form Submit
if (Request::post('reset_password_submit')) { if (Request::post('reset_password_submit')) {
$user_login = trim($user_login); $user_login = trim(Request::post('login'));
// Check csrf // Check csrf
if (Security::check(Request::post('csrf'))) { if (Security::check(Request::post('csrf'))) {
@@ -271,28 +310,35 @@
if (count($errors) == 0) { if (count($errors) == 0) {
// Get user
$user = Users::$users->select("[login='" . $user_login . "']", null); $user = Users::$users->select("[login='" . $user_login . "']", null);
// Generate new password // Generate new hash
$new_password = Text::random('alnum', 6); $new_hash = Text::random('alnum', 12);
// Update user profile // Update user hash
Users::$users->updateWhere("[login='" . $user_login . "']", array('password' => Security::encryptPassword($new_password))); Users::$users->updateWhere("[login='" . $user_login . "']", array('hash' => $new_hash));
// Message // Message
$message = "Login: {$user['login']}\nNew Password: {$new_password}"; $message = View::factory('box/users/views/frontend/reset_password_email')
->assign('site_url', $site_url)
->assign('site_name', $site_name)
->assign('user_id', $user['id'])
->assign('user_login', $user['login'])
->assign('new_hash', $new_hash)
->render();
// Send // Send
@mail($user['email'], 'MonstraPasswordReset', $message); @mail($user['email'], "Your login details for {$site_name}", $message);
// Set notification // Set notification
Notification::set('success', __('New password has been sent', 'users')); Notification::set('success', __('Your login details for :site_name has been sent', 'users', array(':site_name' => $site_name)));
// Redirect to password-reset page // Redirect to password-reset page
Request::redirect(Site::url().'users/password-reset'); Request::redirect(Site::url().'users/password-reset');
} }
} else { die('csrf detected!'); } } else { die('csrf detected!'); }

11
plugins/box/users/views/frontend/new_password_email.view.php Normal file
View File

@@ -0,0 +1,11 @@
Dear <?php echo $user_login ?>,
<br><br>
As you requested, your password has now been reset. Your new details are as follows:
<br><br>
Username: <?php echo $user_login; ?><br>
Password: <?php echo $new_password; ?>
<br><br>
To change your password, please visit this page: <?php echo $site_url; ?>users/<?php echo $user_id; ?>
<br><br>
All the best,
<?php echo $site_name; ?>

17
plugins/box/users/views/frontend/reset_password_email.view.php Normal file
View File

@@ -0,0 +1,17 @@
Dear <?php echo $user_login; ?>,
<br><br>
You have requested to reset your password on <?php echo $site_name; ?> because you have forgotten your password.
If you did not request this, please ignore it. It will expire and become useless in 24 hours time.
<br><br>
To reset your password, please visit the following page:
<?php echo $site_url; ?>users/password-reset?hash=<?php echo $new_hash; ?>
<br><br>
When you visit that page, your password will be reset, and the new password will be emailed to you.
<br><br>
Your username is: <?php echo $user_login; ?>
<br><br>
To edit your profile, go to this page:
<?php echo $site_url ?>users/<?php echo $user_id; ?>
<br><br>
All the best,
<?php echo $site_name; ?>