convert password forgotten page to quickform and add captcha
This commit is contained in:
parent
4f1daa96df
commit
5f99b64744
@ -4,21 +4,26 @@ $this->includeTemplate($GLOBALS['top_include']);
|
||||
|
||||
<p><?php echo sprintf(T_('If you have forgotten your password, %s can generate a new one. Enter the username and e-mail address of your account into the form below and we will e-mail your new password to you.'), $GLOBALS['sitename']); ?></p>
|
||||
|
||||
<form action="<?php echo $formaction; ?>" method="post">
|
||||
<table>
|
||||
<tr>
|
||||
<th align="left"><label for="username"><?php echo T_('Username'); ?></label></th>
|
||||
<td><input type="text" id="username" name="username" size="20" class="required" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th align="left"><label for="email"><?php echo T_('E-mail'); ?></label></th>
|
||||
<td><input type="text" id="email" name="email" size="40" class="required" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td></td>
|
||||
<td><input type="submit" name="submitted" value="<?php echo T_('Generate Password'); ?>" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
<form<?php echo $form['attributes']; ?>>
|
||||
<?php echo implode('', $form['hidden']); ?>
|
||||
<table>
|
||||
<tr>
|
||||
<th align="left"><?php echo $form['username']['labelhtml']; ?></th>
|
||||
<td><?php echo $form['username']['html']; ?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th align="left"><?php echo $form['email']['labelhtml']; ?></th>
|
||||
<td><?php echo $form['email']['html']; ?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th align="left"><?php echo $form['captcha']['labelhtml']; ?></th>
|
||||
<td><?php echo $form['captcha']['html']; ?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td></td>
|
||||
<td><?php echo $form['submit']['html']; ?></td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
|
@ -188,7 +188,15 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
||||
return sprintf($this->profileurl, urlencode($id), urlencode($username));
|
||||
}
|
||||
|
||||
function getUserByUsername($username) {
|
||||
/**
|
||||
* Fetches a user by the given user name
|
||||
*
|
||||
* @param string $username Nickname of the user
|
||||
*
|
||||
* @return array Database row or boolean false on error
|
||||
*/
|
||||
public function getUserByUsername($username)
|
||||
{
|
||||
return $this->_getuser($this->getFieldName('username'), $username);
|
||||
}
|
||||
|
||||
@ -299,14 +307,54 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
||||
return $currentObjectUser;
|
||||
}
|
||||
|
||||
function existsUserWithUsername($username) {
|
||||
if($this->getUserByUsername($username) != '') {
|
||||
|
||||
|
||||
/**
|
||||
* Checks if the user with the given username exists
|
||||
* in database.
|
||||
*
|
||||
* @param string $username Nickname of user
|
||||
*
|
||||
* @return boolean True if it exists, false if not
|
||||
*/
|
||||
public function existsUserWithUsername($username)
|
||||
{
|
||||
if ($this->getUserByUsername($username) != '') {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Checks if the given username and email combination is
|
||||
* valid (user with nickname and email address exists).
|
||||
* Used on forgot-password page.
|
||||
*
|
||||
* @param string $username Nickname of user
|
||||
* @param string $email Email address of user
|
||||
*
|
||||
* @return boolean True if a user with both nickname and
|
||||
* email address exists, false if not.
|
||||
*/
|
||||
public function userEmailCombinationValid($username, $email)
|
||||
{
|
||||
$user = $this->getUserByUsername($username);
|
||||
if ($user === false) {
|
||||
//user does not exist
|
||||
return false;
|
||||
} else if ($user['email'] != $email) {
|
||||
//email wrong
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
function existsUser($id) {
|
||||
if($this->getUser($id) != '') {
|
||||
return true;
|
||||
|
231
www/password.php
231
www/password.php
@ -1,78 +1,189 @@
|
||||
<?php
|
||||
/***************************************************************************
|
||||
Copyright (C) 2005 Scuttle project
|
||||
https://sourceforge.net/projects/scuttle/
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
***************************************************************************/
|
||||
|
||||
/**
|
||||
* SemanticScuttle - your social bookmark manager.
|
||||
* User password reset form.
|
||||
*
|
||||
* PHP version 5.
|
||||
*
|
||||
* @category Bookmarking
|
||||
* @package SemanticScuttle
|
||||
* @author Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net>
|
||||
* @author Christian Weiske <cweiske@cweiske.de>
|
||||
* @author Eric Dane <ericdane@users.sourceforge.net>
|
||||
* @author Marcus Campbell <marcus.campbell@gmail.com>
|
||||
* @license GPL http://www.gnu.org/licenses/gpl.html
|
||||
* @link http://sourceforge.net/projects/semanticscuttle
|
||||
*/
|
||||
require_once 'www-header.php';
|
||||
|
||||
/* Service creation: only useful services are created */
|
||||
// No specific services
|
||||
require_once 'HTML/QuickForm2.php';
|
||||
require_once 'SemanticScuttle/QuickForm2/Renderer/CoolArray.php';
|
||||
require_once 'HTML/QuickForm2/Element/NumeralCaptcha.php';
|
||||
|
||||
/* Managing all possible inputs */
|
||||
isset($_POST['submitted']) ? define('POST_SUBMITTED', $_POST['submitted']): define('POST_SUBMITTED', '');
|
||||
isset($_POST['username']) ? define('POST_USERNAME', $_POST['username']): define('POST_USERNAME', '');
|
||||
isset($_POST['email']) ? define('POST_EMAIL', $_POST['email']): define('POST_EMAIL', '');
|
||||
|
||||
// IF SUBMITTED
|
||||
if (POST_SUBMITTED != '') {
|
||||
|
||||
// NO USERNAME
|
||||
if (!POST_USERNAME) {
|
||||
$tplVars['error'] = T_('You must enter your username.');
|
||||
//we register a strange name here so we can change the class
|
||||
// itself easily
|
||||
HTML_QuickForm2_Factory::registerElement(
|
||||
'sc-captcha',
|
||||
'HTML_QuickForm2_Element_NumeralCaptcha'
|
||||
);
|
||||
|
||||
// NO E-MAIL
|
||||
} elseif (!POST_EMAIL) {
|
||||
$tplVars['error'] = T_('You must enter your <abbr title="electronic mail">e-mail</abbr> address.');
|
||||
//do not append '-0' to IDs
|
||||
HTML_Common2::setOption('id_force_append_index', false);
|
||||
|
||||
// USERNAME AND E-MAIL
|
||||
} else {
|
||||
$form = new HTML_QuickForm2(
|
||||
'registration', 'post',
|
||||
array('action' => createURL('password')),
|
||||
true
|
||||
);
|
||||
|
||||
// NO MATCH
|
||||
$userinfo = $userservice->getObjectUserByUsername(POST_USERNAME);
|
||||
if ($userinfo == NULL) {
|
||||
$tplVars['error'] = T_('No matches found for that username.');
|
||||
$user = $form->addElement(
|
||||
'text', 'username',
|
||||
array(
|
||||
'size' => 20,
|
||||
'class' => 'required'
|
||||
)
|
||||
)->setLabel(T_('Username'));
|
||||
$user->addRule(
|
||||
'required',
|
||||
T_('You <em>must</em> enter a username, password and e-mail address.')
|
||||
);
|
||||
$user->addRule(
|
||||
'callback',
|
||||
T_('This username is not valid (too short, too long, forbidden characters...), please make another choice.'),
|
||||
array($userservice, 'isValidUsername')
|
||||
);
|
||||
$user->addRule(
|
||||
'notcallback',
|
||||
T_('This username has been reserved, please make another choice.'),
|
||||
array($userservice, 'isReserved')
|
||||
);
|
||||
$user->addRule(
|
||||
'callback',
|
||||
T_('No matches found for that username.'),
|
||||
array($userservice, 'existsUserWithUsername')
|
||||
);
|
||||
$form->addRule(
|
||||
'callback',
|
||||
T_('No matches found for that combination of username and <abbr title="electronic mail">e-mail</abbr> address.'),
|
||||
'checkUserEmailCombination'
|
||||
);
|
||||
|
||||
} elseif (POST_EMAIL != $userinfo->getEmail()) {
|
||||
$tplVars['error'] = T_('No matches found for that combination of username and <abbr title="electronic mail">e-mail</abbr> address.');
|
||||
|
||||
// MATCH
|
||||
} else {
|
||||
$email = $form->addElement(
|
||||
'text', 'email',
|
||||
array(
|
||||
'size' => 40,
|
||||
'class' => 'required'
|
||||
)
|
||||
)->setLabel(T_('E-mail'));
|
||||
$email->addRule(
|
||||
'required',
|
||||
T_('You <em>must</em> enter a username, password and e-mail address.')
|
||||
);
|
||||
$email->addRule(
|
||||
'callback',
|
||||
T_('E-mail address is not valid. Please try again.'),
|
||||
array($userservice, 'isValidEmail')
|
||||
);
|
||||
|
||||
// GENERATE AND STORE PASSWORD
|
||||
$password = $userservice->generatePassword($userinfo->getId());
|
||||
if (!($password = $userservice->generatePassword($userinfo->getId()))) {
|
||||
$tplVars['error'] = T_('There was an error while generating your new password. Please try again.');
|
||||
|
||||
} else {
|
||||
// SEND E-MAIL
|
||||
$message = T_('Your new password is:') ."\n". $password ."\n\n". T_('To keep your bookmarks secure, you should change this password in your profile the next time you log in.');
|
||||
$message = wordwrap($message, 70);
|
||||
$headers = 'From: '. $adminemail;
|
||||
$mail = mail(POST_EMAIL, sprintf(T_('%s Account Information'), $sitename), $message);
|
||||
$form->addElement(
|
||||
'sc-captcha', 'captcha',
|
||||
array(
|
||||
'size' => 40
|
||||
),
|
||||
array(
|
||||
'captchaSolutionWrong'
|
||||
=> T_('Antispam answer is not valid. Please try again.')
|
||||
)
|
||||
)
|
||||
->setLabel(T_('Antispam question'));
|
||||
|
||||
$tplVars['msg'] = sprintf(T_('New password generated and sent to %s'), POST_EMAIL);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$form->addElement(
|
||||
'submit', 'submit',
|
||||
array('value' => T_('Generate Password'))
|
||||
);
|
||||
|
||||
/**
|
||||
* Checks if the user and email combination exists in the database.
|
||||
*
|
||||
* @param array $arValues Key-value array of form values
|
||||
*
|
||||
* @return boolean True if it exists, false if not
|
||||
*/
|
||||
function checkUserEmailCombination($arValues)
|
||||
{
|
||||
//FIXME: remove this once HTML_QuickForm2 calls form rules
|
||||
// only after element rules match
|
||||
// http://pear.php.net/bugs/17576
|
||||
if (trim($arValues['username']) == ''
|
||||
|| trim($arValues['email']) == ''
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$userservice = SemanticScuttle_Service_Factory::get('User');
|
||||
return $userservice->userEmailCombinationValid(
|
||||
$arValues['username'], $arValues['email']
|
||||
);
|
||||
}
|
||||
|
||||
$templatename = 'password.tpl';
|
||||
|
||||
|
||||
$tplVars['error'] = '';
|
||||
if ($form->validate()) {
|
||||
$arValues = $form->getValue();
|
||||
$arUser = $userservice->getUserByUsername($arValues['username']);
|
||||
$password = $userservice->generatePassword($arUser['uId']);
|
||||
if ($password === false) {
|
||||
$tplVars['error'] = T_('There was an error while generating your new password. Please try again.');
|
||||
} else {
|
||||
//change password and send email out
|
||||
$message = T_('Your new password is:')
|
||||
. "\n" . $password . "\n\n"
|
||||
. T_('To keep your bookmarks secure, you should change this password in your profile the next time you log in.');
|
||||
$message = wordwrap($message, 70);
|
||||
$headers = 'From: '. $adminemail;
|
||||
$mail = mail(
|
||||
$arValues['email'],
|
||||
sprintf(T_('%s Account Information'), $sitename),
|
||||
$message
|
||||
);
|
||||
$tplVars['msg'] = sprintf(
|
||||
T_('New password generated and sent to %s'),
|
||||
$arValues['email']
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
HTML_QuickForm2_Renderer::register(
|
||||
'coolarray',
|
||||
'SemanticScuttle_QuickForm2_Renderer_CoolArray'
|
||||
);
|
||||
//$renderer = HTML_QuickForm2_Renderer::factory('coolarray')
|
||||
$renderer = new SemanticScuttle_QuickForm2_Renderer_CoolArray();
|
||||
$renderer->setOption(
|
||||
array(
|
||||
'group_hiddens' => true,
|
||||
'group_errors' => true
|
||||
)
|
||||
);
|
||||
|
||||
$tplVars['form'] = $form->render($renderer);
|
||||
$tplVars['loadjs'] = true;
|
||||
$tplVars['subtitle'] = T_('Forgotten Password');
|
||||
$tplVars['formaction'] = createURL('password');
|
||||
$templateservice->loadTemplate($templatename, $tplVars);
|
||||
//fscking form error is not in form|errors
|
||||
$tplVars['error'] .= implode(
|
||||
'<br/>',
|
||||
array_unique(
|
||||
array_merge(
|
||||
$tplVars['form']['errors'],
|
||||
array($form->getError())
|
||||
)
|
||||
)
|
||||
);
|
||||
$templateservice->loadTemplate('password.tpl', $tplVars);
|
||||
?>
|
||||
|
Loading…
Reference in New Issue
Block a user