Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/frontend/pages
diff options
context:
space:
mode:
Diffstat (limited to 'frontend/pages')
-rw-r--r--frontend/pages/login.php45
-rw-r--r--frontend/pages/register.php6
-rw-r--r--frontend/pages/users/forgot-password.php29
-rw-r--r--frontend/pages/users/reset-password.php49
4 files changed, 108 insertions, 21 deletions
diff --git a/frontend/pages/login.php b/frontend/pages/login.php
index 953d2c4..d821396 100644
--- a/frontend/pages/login.php
+++ b/frontend/pages/login.php
@@ -1,24 +1,35 @@
<?php
function init_login(&$S) {
if (isset($S['user'])) {
+ if (isset($_REQUEST['go']))
+ header('Location: '.url($_REQUEST['go']));
// Should we let you continue to $_REQUEST['go'] instead?
return 'welcome';
- } else {
- if (isset($_REQUEST['email']) && isset($_REQUEST['password'])) {
- $r=query('SELECT * FROM `users` WHERE `email`='.$S['pdo']->quote($_REQUEST['email']).' AND `passhash`="'.sha1($_REQUEST['password']).'"');
- if ($r->rowCount()) {
- $S['user']=new sql_user($r->fetch(PDO::FETCH_ASSOC));
- $S['login.result']=sql_session::create();
- } else {
- $S['login.result']=false;
- }
+ }
+ if (substr($S['request'], 0, 5) != 'login')
+ $_REQUEST['go']=$S['request'];
+ $S['login']['form']=new form(url('login'));
+ $form=&$S['login']['form'];
+ if (isset($_REQUEST['go']))
+ $form->hidden('go', 'go', $_REQUEST['go']);
+ $form->text_input('email', 'email', 'Email');
+ $form->password('password', 'password', 'Password');
+ $form->submit();
+ $S['login']['data']=isset($_REQUEST['email'])?$form->process():array();
+ $data=&$S['login']['data'];
+ if (isset($data['email'], $data['password'])) {
+ $r=query('SELECT * FROM `users` WHERE `email`='.$S['pdo']->quote($data['email']).' AND `passhash`="'.sha1($data['password']).'"');
+ if ($r->rowCount()) {
+ $S['user']=new sql_user($r->fetch(PDO::FETCH_ASSOC));
+ $S['login.result']=sql_session::create();
+ } else {
+ $S['login.result']=false;
}
- return array('title' => 'Login');
}
+ $S['title']='Login';
}
function body_login(&$S) {
- if (substr($S['request'], 0, 5) != 'login') {
- $_REQUEST['go']=$S['request'];
+ if (isset($_REQUEST['go']) && $_REQUEST['go'] == $S['request']) {
echo print_warning('Please sign in to access this page.');
}
if (isset($S['login.result'])) {
@@ -27,15 +38,13 @@ function body_login(&$S) {
} elseif ($S['login.result']) {
echo print_success('Welcome, '.$S['user']->name);
echo '<a href="'.url(isset($_REQUEST['go'])?$_REQUEST['go']:'').'">Continue</a>';
-die;
+ return;
} else {
echo print_error('Your email and password combination was not recognized.');
}
}
- echo '<h3>Login</h3><form action="'.url('login').'" method="post">';
- if (isset($_REQUEST['go'])) {
- echo '<input type="hidden" name="go" value="'.htmlentities($_REQUEST['go']).'" />';
- }
- echo 'Email: <input name="email" /><br/>Password: <input type="password" name="password" /><br/><input type="submit" value="Submit" /></form>';
+ echo '<h3>Login</h3>';
+ echo $S['login']['form']->output($S['login']['data']);
+ echo '<a href="'.url('forgot').'">Forgot password?</a>';
}
?>
diff --git a/frontend/pages/register.php b/frontend/pages/register.php
index 441269c..9f33e8b 100644
--- a/frontend/pages/register.php
+++ b/frontend/pages/register.php
@@ -4,8 +4,8 @@ function init_register(&$S) {
header('Location: '.url());
return 'welcome';
}
- if (isset($_REQUEST['token']) && preg_match('/^[a-zA-Z0-9]{30}$/', $_REQUEST['token'])) {
- $r=query('SELECT * FROM `registrationtokens` WHERE `id`=\''.$_REQUEST['token'].'\'');
+ if (isset($_REQUEST['token']) && strlen($_REQUEST['token']) == 30 && ctype_alnum($_REQUEST['token'])) {
+ $r=query('SELECT * FROM `registrationtokens` WHERE `id`="'.$_REQUEST['token'].'" AND `expire` > '.time());
if ($r->rowCount()) {
$S['register.token']=new sql_registrationtoken($r->fetch(PDO::FETCH_ASSOC));
if (isset($_REQUEST['password'])) {
@@ -37,7 +37,7 @@ function body_register(&$S) {
if (query('SELECT COUNT(*) FROM `users` WHERE `email`='.$S['pdo']->quote($_REQUEST['email']))->fetch(PDO::FETCH_COLUMN))
echo print_warning('An account already exists with this email address.').'<a href="'.url('login').'">Login</a>';
else {
- if ($token=query('SELECT * FROM `registrationtokens` WHERE `email`='.$S['pdo']->quote($_REQUEST['email']))->fetch(PDO::FETCH_ASSOC)) {
+ if ($token=query('SELECT * FROM `registrationtokens` WHERE `expire` > '.time().' AND `email`='.$S['pdo']->quote($_REQUEST['email']))->fetch(PDO::FETCH_ASSOC)) {
echo print_warning('A confirmation email has already been sent to this email address... sending another email.');
$token=new sql_registrationtoken($token);
} else {
diff --git a/frontend/pages/users/forgot-password.php b/frontend/pages/users/forgot-password.php
new file mode 100644
index 0000000..b781cec
--- /dev/null
+++ b/frontend/pages/users/forgot-password.php
@@ -0,0 +1,29 @@
+<?php
+function init_users_forgot_password(&$S) {
+ if (isset($S['user'])) return 'login';
+ $S['title']='Forgot Password';
+}
+function body_users_forgot_password(&$S) {
+ $form=new form();
+ $form->text('<h3>Reset password</h3>');
+ $form->text_input('email', 'email', 'Email');
+ $form->submit();
+ if (isset($_REQUEST['email'])) {
+ $data=$form->process();
+ $r=query('SELECT * FROM `users` WHERE `email`='.$S['pdo']->quote($data['email']));
+ if ($r->rowCount()) {
+ $user=new sql_user($r->fetch(PDO::FETCH_ASSOC));
+ $token=sql_registrationtoken::create();
+ $token->owner=$user->id;
+ $token->email=$user->email;
+ $token->expire=time()+24*3600;
+ $token->write();
+ $url=url('reset?email='.urlencode($token->email).'&token='.$token->id);
+ xhtmlemail($user->email, $S['conf']['emailfrom'], $S['conf']['title'].' password', 'You requested to reset your '.$S['conf']['title'].' password. You may do so by going to <a href="'.$url.'">'.$url.'</a> or by entering your email and the reset key "'.$token->id.'" at '.url('reset').'. This link will expire in twenty-four hours. If you did not request to reset your password, you may safely ignore this message.');
+ }
+ echo print_success('Success.', 'You have been sent an email (if you have an '.$S['conf']['title'].' account) with further instructions to reset your password.');
+ } else {
+ $form->output();
+ }
+}
+?>
diff --git a/frontend/pages/users/reset-password.php b/frontend/pages/users/reset-password.php
new file mode 100644
index 0000000..683a67a
--- /dev/null
+++ b/frontend/pages/users/reset-password.php
@@ -0,0 +1,49 @@
+<?php
+function init_users_reset_password(&$S) {
+ if (isset($S['user'])) return 'login';
+ $S['title']='Forgot Password';
+}
+function body_users_reset_password(&$S) {
+ $form1=new form();
+ $form1->text('<h3>Reset password</h3>');
+ $form1->text_input('email', 'email', 'Email');
+ $form1->text_input('token', 'token', 'Reset key');
+ $form1->submit();
+ $data=array();
+ if (isset($_REQUEST['email']) && ($data=$form1->process()) && $form1->verify($data)) {
+ $user=new sql_user($data['email']);
+ $token=new sql_registrationtoken(query('SELECT * FROM `registrationtokens` WHERE `expire` > '.time().' AND `id`='.$S['pdo']->quote($data['token']))->fetch(PDO::FETCH_ASSOC));
+ if ($token->email != $user->email) {
+ echo print_warning('Your email/key combination is invalid.');
+ $form1->output($data);
+ }
+ $form2=new form();
+ $form2->text('<h3>Reset password</h3>');
+ $form2->hidden('email', 'email', $data['email']);
+ $form2->hidden('token', 'token', $data['token']);
+ $form2->password('pass', 'pass', 'New password');
+ $form2->password('repeat', 'repeat', 'Repeat new password');
+ $form2->submit();
+ if (isset($_REQUEST['pass'])) {
+ $data=$form2->process();
+ if ($form2->verify($data)) {
+ if ($data['pass'] == $data['repeat']) {
+ $user->passhash=sha1($data['pass']);
+ $user->write();
+ $token->delete();
+ echo print_success('Password changed.', '<a href="'.url('login').'">Login</a>');
+ } else {
+ echo print_warning('The passwords you entered do not match.');
+ $form2->output($data);
+ }
+ } else {
+ $form2->output($data);
+ }
+ } else {
+ $form2->output($data);
+ }
+ } else {
+ $form1->output($data);
+ }
+}
+?>