-
Notifications
You must be signed in to change notification settings - Fork 28
/
password-reset.php
executable file
·132 lines (115 loc) · 4.67 KB
/
password-reset.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
<?php
/**
* copyright 2009 Lucas Baudin <[email protected]>
* 2012 - 2014 Stephen Just <[email protected]>
* 2013 Glenn De Jonghe
* 2014 - 2016 Daniel Butum <danibutum at gmail dot com>
* This file is part of stk-addons.
*
* stk-addons is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* stk-addons is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with stk-addons. If not, see <http://www.gnu.org/licenses/>.
*/
require_once(__DIR__ . DIRECTORY_SEPARATOR . "config.php");
Util::validateCaptchaKeysSet();
$tpl = StkTemplate::get('password-reset.tpl')
->assignTitle(_h('Reset Password'))
->addScriptIncludeWeb('https://www.google.com/recaptcha/api.js');
// Fill out various templates
$pw_res = [
'reset_form' => [
'display' => true,
'captcha_site_key' => CAPTCHA_SITE_KEY,
],
'pass_form' => [
'display' => false,
'user_id' => "",
'verification_code' => ""
]
];
// define possibly undefined variables
$_GET['action'] = isset($_GET['action']) ? $_GET['action'] : null;
switch ($_GET['action'])
{
case 'reset': // user sent reset activation link
$pw_res['reset_form']['display'] = false;
// Look up username and try to reset
try
{
if (Validate::ensureNotEmpty($_POST, ['g-recaptcha-response']))
throw new UserException(_h('You did not complete the reCAPTCHA field'));
// Check CAPTCHA
$captcha = new \ReCaptcha\ReCaptcha(CAPTCHA_SECRET);
$response = $captcha->verify($_POST['g-recaptcha-response'], Util::getClientIp());
if (!$response->isSuccess())
{
// codes reference https://developers.google.com/recaptcha/docs/verify#error-code-reference
throw new UserException(_h("The reCAPTCHA wasn't entered correctly. Go back and try it again."));
}
User::recover($_POST['user'], $_POST['mail']);
$tpl->assign("success", _h("Password reset link sent. Please reset your password using the link emailed to you."));
}
catch(UserException $e)
{
$tpl->assign("errors", $e->getMessage());
}
break;
case 'valid': // user comes from activation link
try
{
$user_id = isset($_GET['user']) ? $_GET['user'] : 0;
$verification_code = isset($_GET['num']) ? $_GET['num'] : "";
Verification::verify($user_id, $verification_code);
$pw_res['reset_form']['display'] = false;
$pw_res['pass_form'] = [
'display' => true,
'user_id' => $user_id,
'verification_code' => $verification_code
];
}
catch(UserException $e)
{
$tpl->assign("errors", $e->getMessage() . ". " . _h('Could not reset your password. The link you followed is not valid.'));
}
break;
case 'change': // change password clicked in the 'valid' page
$user_id = isset($_POST['user']) ? $_POST['user'] : 0;
$verification_code = isset($_POST['verify']) ? $_POST['verify'] : "";
$pass1 = isset($_POST['pass1']) ? $_POST['pass1'] : "";
$pass2 = isset($_POST['pass2']) ? $_POST['pass2'] : "";
try
{
// validate
Verification::verify($user_id, $verification_code);
User::validateNewPassword($pass1, $pass2);
// change password and clean up
User::changePassword($user_id, $pass1);
Verification::delete($user_id);
$pw_res['reset_form']['display'] = false;
$tpl->assign("success", _h('Changed password was successful.') . '<a href="login.php"> ' . _h('Click here to login') . '</a>');
}
catch(UserException $e)
{
$tpl->assign("errors", $e->getMessage());
$pw_res['reset_form']['display'] = false;
$pw_res['pass_form'] = [
'display' => true,
'user_id' => $user_id,
'verification_code' => $verification_code
];
}
break;
default:
break;
}
$tpl->assign('pass_reset', $pw_res);
echo $tpl;