password recovery
diff --git a/captcha.php b/captcha.php
index 89a9959..af7f3c1 100644
--- a/captcha.php
+++ b/captcha.php
@@ -18,6 +18,8 @@
$builder->setDistortion(1);
if (isset($SIMPLECAPTCHA) && $SIMPLECAPTCHA) $builder->build(250, 40);
else $builder->buildAgainstOCR(250, 40);
+ $builder = new CaptchaBuilder;
+ $builder->build();
$_SESSION['captcha'] = $builder->getPhrase();
$builder->output();
}else echo "huh?";
diff --git a/config.php.example b/config.php.example
index d2a1f9f..c873baa 100755
--- a/config.php.example
+++ b/config.php.example
@@ -76,9 +76,26 @@
</body></html>"
];
+$RECOVERY_EMAIL_TEMPLATE = (object)[
+ "subject" => "Change your password!",
+ "text" => "Seems you requested a password change. If that wasn't you please ignore this message. Otherwise go to this url to change your password: {{url}}",
+ "html" => "<html><body>
+ <h3>Seems you requested a password change. If that wasn't you please ignore this message. Otherwise go to this url to change your password</h3>
+ <a href='{{url}}'>Click here</a> to change your password
+ </body></html>"
+];
+
+
+$PASSWORD_CHANGED_EMAIL_TEMPLATE = (object)[
+ "subject" => "Your password was changed",
+ "text" => "Your password was chanegd successfully. If this wasn't you please contact support",
+ "html" => "<html><body>
+ <h3>Your password was chanegd successfully. If this wasn't you please contact support</h3>
+ </body></html>"
+];
+
// url to redirect to after mail confirmation. It will be 5 seconds of delay. Leave empty to none
$REDIRECT_TO = "";
// displays php errors on the html page. Set to false for production
$DEBUG = false;
-?>
diff --git a/index.php b/index.php
index 6f8f6c4..e1b57df 100755
--- a/index.php
+++ b/index.php
@@ -1,8 +1,11 @@
<?php
require_once 'vendor/autoload.php';
-include_once 'config.php';
+include 'config.php';
include_once 'redis.php';
include_once 'utils.php';
+include_once 'mail.php';
+include_once 'ldap.php';
+include_once 'validators.php';
if (!$DEBUG) error_reporting(0);
else error_reporting(1);
@@ -27,10 +30,8 @@
function send_confirmation_email(string $mail, object $smtp, string $url)
{
include 'config.php';
- include 'utils.php';
- include "mail.php";
$TEMPLATE = template_path();
- include $TEMPLATE . "emails.php";
+ include $TEMPLATE . "email.php";
send_mail($mail, $smtp, (object) [
"subject" => $MAIL_TEMPLATE->subject,
@@ -42,10 +43,8 @@
function send_recovery_email(string $mail, object $smtp, string $url)
{
include 'config.php';
- include 'utils.php';
- include "mail.php";
$TEMPLATE = template_path();
- include $TEMPLATE . "emails.php";
+ include $TEMPLATE . "email.php";
send_mail($mail, $smtp, (object) [
"subject" => $RECOVERY_EMAIL_TEMPLATE->subject,
@@ -100,7 +99,6 @@
{
$TEMPLATE = template_path();
unset($_SESSION['captcha_token']);
- include 'validators.php';
include $TEMPLATE . 'strings.php';
$password = $_POST["password"];
$error = "";
@@ -122,7 +120,7 @@
function approve_request($user)
{
- include "mail.php";
+ include 'config.php';
$token = generateRandomString();
redis_set($token, $user, $MAIL_CONFIRMATION_AWAIT_DELAY);
$pending = redis_get("pending");
@@ -146,12 +144,30 @@
include $TEMPLATE . "confirm_your_email.htm";
}
+function recover_form($error = null)
+{
+ $TEMPLATE = template_path();
+ include 'config.php';
+ $_SESSION["captcha_token"] = generateRandomString(12);
+ if ($error)
+ include $TEMPLATE . 'error.htm';
+ include $TEMPLATE . "recover_email_form.htm";
+ reload_captcha_script();
+}
+
+function new_password_form($error = null)
+{
+ $TEMPLATE = template_path();
+ if ($error)
+ include $TEMPLATE . 'error.htm';
+ include $TEMPLATE . "recover_new_password_form.htm";
+}
+
// PAGE
include $TEMPLATE . "header.htm";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
- include 'ldap.php';
if (isset($_POST['type'])) {
switch ($_POST['type']) {
case "register":
@@ -173,6 +189,7 @@
$email = $_POST["email"];
if (!ldap_mail_count($email)) {
+ unset($_POST['email']);
$error = $error . $STRINGS->recover_email_not_registered;
}
@@ -185,9 +202,7 @@
include $TEMPLATE . "registration_limit.htm";
} else {
if ($error) {
- include $TEMPLATE . 'error.htm';
- include $TEMPLATE . "register.htm";
- reload_captcha_script();
+ recover_form($error);
} else {
include $TEMPLATE . 'strings.php';
$token = generateRandomString();
@@ -198,32 +213,26 @@
$smtp = $FALLBACK_SMTP;
else
$smtp = $SMTP;
- send_confirmation_email($user->email, $smtp, $url);
$_SESSION['resend'] = generateRandomString(12);
$_SESSION['token'] = $token;
$_SESSION['email'] = $email;
$_SESSION['recover'] = $email;
$TEMPLATE = template_path();
- include $TEMPLATE . "confirm_your_email.htm";
send_recovery_email($email, $smtp, $url);
+ include $TEMPLATE . "confirm_your_email.htm";
}
}
break;
case "password_change":
- include 'validators.php';
- include 'ldap.php';
- $TEMPLATE = template_path();
- include $TEMPLATE . "register.htm";
$password = $_POST['password'];
$error = validate_password($password);
if ($error) {
- include $TEMPLATE . 'error.htm';
- include $TEMPLATE . "recover_new_password_form.htm";
- }else {
+ new_password_form($error);
+ } else {
+ $TEMPLATE = template_path();
include $TEMPLATE . "recover_success.htm";
include $TEMPLATE . "email.php";
- include 'mail.php';
$email = $_SESSION["email_change"];
if (change_password($email, $password)) {
if (in_array(explode("@", $email)[1], $MAIL_HOST_DIRECT_FALLBACK))
@@ -231,14 +240,15 @@
else
$smtp = $SMTP;
send_mail($email, $smtp, $PASSWORD_CHANGED_EMAIL_TEMPLATE);
- unset($_SESSION["email_change"]);
- }
- else {
+ } else {
include $TEMPLATE . "strings.php";
echo $STRINGS->change_password_ldap_error;
}
+ unset($_SESSION["email_change"]);
+ redis_delete($_SESSION['token']);
}
break;
+ }
}
} elseif (isset($_GET['type'])) {
switch ($_GET['type']) {
@@ -246,7 +256,6 @@
if (!isset($_GET["token"])) {
echo $RUNTIME_ERROR->user_trying_invalid_get;
} else {
- include "ldap.php";
$token = $_GET["token"];
$user = redis_get($token);
if ($user && gettype($user) == "object") {
@@ -282,12 +291,11 @@
$url = $BASE_URL . "?type=confirmation&token=" . $token;
$smtp = $FALLBACK_SMTP;
$address = $_SESSION["email"];
- if (isset($_SESSION['recover'])){
+ if (isset($_SESSION['recover'])) {
$url = $BASE_URL . "?type=password_change&token=" . $token;
send_recovery_email($address, $smtp, $url);
unset($_SESSION['recover']);
- }
- else
+ } else
send_confirmation_email($address, $smtp, $url);
unset($_SESSION['resend']);
unset($_SESSION['token']);
@@ -296,21 +304,17 @@
break;
case "recover":
- $TEMPLATE = template_path();
- include $TEMPLATE . "register.htm";
- include 'config.php';
- $_SESSION["captcha_token"] = generateRandomString(12);
- reload_captcha_script();
+ recover_form();
break;
case "password_change":
$TEMPLATE = template_path();
- include $TEMPLATE . "register.htm";
$token = $_GET["token"];
$email = redis_get($token);
$_SESSION["email_change"] = $email;
- if ($email && gettype($email) == "string"){
- include $TEMPLATE . "recover_new_password_form.htm";
+ $_SESSION["token"] = $token;
+ if ($email && gettype($email) == "string") {
+ new_password_form();
} else {
include $TEMPLATE . "token_expired.htm";
}
diff --git a/templates/recover_new_password_form.htm b/templates/recover_new_password_form.htm
index b83b8e8..e990585 100644
--- a/templates/recover_new_password_form.htm
+++ b/templates/recover_new_password_form.htm
@@ -1,4 +1,4 @@
-<h2>Renewing: <?php echo $email;?></h2>
+<h2>Renewing: <?php echo $_SESSION['email_change'];?></h2>
<form action="" method="POST">
<!-- Password input -->