/qa-include/pages/reset.php
PHP | 195 lines | 128 code | 35 blank | 32 comment | 23 complexity | e2bbfc87c100b56af17567a98ca0cd9a MD5 | raw file
Possible License(s): LGPL-2.1
- <?php
- /*
- Question2Answer by Gideon Greenspan and contributors
- http://www.question2answer.org/
- Description: Controller for password reset page (comes after forgot page)
- This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License
- as published by the Free Software Foundation; either version 2
- of the License, or (at your option) any later version.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- More about this license: http://www.question2answer.org/license.php
- */
- if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
- header('Location: ../../');
- exit;
- }
- // Check we're not using single-sign on integration and that we're not logged in
- if (QA_FINAL_EXTERNAL_USERS) {
- qa_fatal_error('User login is handled by external code');
- }
- if (qa_is_logged_in()) {
- qa_redirect('');
- }
- // Fetch the email or handle from POST or GET
- $emailHandle = qa_post_text('emailhandle');
- if (!isset($emailHandle)) {
- $emailHandle = qa_get('e');
- }
- $emailHandle = trim($emailHandle); // if $emailHandle is null, trim returns an empty string
- // Fetch the code from POST or GET
- $code = qa_post_text('code');
- if (!isset($code)) {
- $code = qa_get('c');
- }
- $code = trim($code); // if $code is null, trim returns an empty string
- $forgotPath = strlen($emailHandle) > 0 ? qa_path('forgot', array('e' => $emailHandle)) : qa_path('forgot');
- $focusId = 'code';
- $errors = array();
- $fields = array(
- 'email_handle' => array(
- 'type' => 'static',
- 'label' => qa_lang_html(qa_opt('allow_login_email_only') ? 'users/email_label' : 'users/email_handle_label'),
- 'value' => qa_html($emailHandle),
- ),
- 'code' => array(
- 'label' => qa_lang_html('users/email_code_label'),
- 'tags' => 'name="code" id="code"',
- 'value' => isset($code) ? qa_html($code) : null,
- 'note_force' => true,
- 'note' => qa_lang_html('users/email_code_emailed') . ' - ' .
- '<a href="' . qa_html($forgotPath) . '">' . qa_lang_html('users/email_code_another') . '</a>',
- ),
- );
- $buttons = array(
- 'next' => array(
- 'tags' => 'name="donext"',
- 'label' => qa_lang_html('misc/next_step'),
- ),
- );
- $hidden = array(
- 'formcode' => qa_get_form_security_code('reset'),
- );
- if (strlen($emailHandle) > 0) {
- require_once QA_INCLUDE_DIR . 'app/users-edit.php';
- require_once QA_INCLUDE_DIR . 'db/users.php';
- $hidden['emailhandle'] = $emailHandle;
- $matchingUsers = qa_opt('allow_login_email_only') || strpos($emailHandle, '@') !== false // handles can't contain @ symbols
- ? qa_db_user_find_by_email($emailHandle)
- : qa_db_user_find_by_handle($emailHandle);
- // Make sure there is only one match
- if (count($matchingUsers) == 1) {
- require_once QA_INCLUDE_DIR . 'db/selects.php';
- // strlen() check is vital otherwise we can reset code for most users by entering the empty string
- if (strlen($code) > 0) {
- $userId = $matchingUsers[0];
- $userInfo = qa_db_select_with_pending(qa_db_user_account_selectspec($userId, true));
- if (strtolower(trim($userInfo['emailcode'])) == strtolower($code)) {
- // User input a valid code so no need to ask for it but pass it to the next step
- unset($fields['code']);
- $hidden['code'] = $code;
- $buttons = array(
- 'change' => array(
- 'tags' => 'name="dochangepassword"',
- 'label' => qa_lang_html('users/change_password'),
- ),
- );
- $focusId = 'newpassword1';
- if (qa_clicked('dochangepassword')) {
- $newPassword = qa_post_text('newpassword1');
- $repeatPassword = qa_post_text('newpassword2');
- if (!qa_check_form_security_code('reset', qa_post_text('formcode'))) {
- $errors['page'] = qa_lang_html('misc/form_security_again');
- } else {
- $passwordError = qa_password_validate($newPassword, $userInfo);
- if (!empty($passwordError)) {
- $errors['new_1'] = $passwordError['password'];
- }
- if ($newPassword != $repeatPassword) {
- $errors['new_2'] = qa_lang('users/password_mismatch');
- }
- if (empty($errors)) {
- // Update password, login user, fire events and redirect to home page
- qa_finish_reset_user($userId, $newPassword);
- qa_redirect('');
- }
- }
- }
- $fields['new_1'] = array(
- 'label' => qa_lang_html('users/new_password_1'),
- 'tags' => 'name="newpassword1" id="newpassword1"',
- 'type' => 'password',
- 'error' => qa_html(isset($errors['new_1']) ? $errors['new_1'] : null),
- );
- $fields['new_2'] = array(
- 'label' => qa_lang_html('users/new_password_2'),
- 'tags' => 'name="newpassword2"',
- 'type' => 'password',
- 'error' => qa_html(isset($errors['new_2']) ? $errors['new_2'] : null),
- );
- } else {
- // User input wrong code so show field with error
- $fields['code']['error'] = qa_lang('users/email_code_wrong');
- }
- } elseif (qa_clicked('donext')) {
- // If user submitted the form with an empty code
- $fields['code']['error'] = qa_lang('users/email_code_wrong');
- }
- } else {
- // If match more than one (should be impossible), consider it a non-match
- $errors['page'] = qa_lang_html('users/user_not_found');
- }
- } else {
- // If there is no handle notify the user
- $errors['page'] = qa_lang_html('users/user_not_found');
- }
- // Prepare content for theme
- $qa_content = qa_content_prepare();
- $qa_content['title'] = qa_lang_html('users/reset_title');
- $qa_content['error'] = isset($errors['page']) ? $errors['page'] : null;
- if (!isset($errors['page'])) {
- // Using this form action instead of qa_self_html() to get rid of the 's' (success) GET parameter from forgot.php
- $qa_content['form'] = array(
- 'tags' => 'method="post" action="' . qa_path_html('reset') . '"',
- 'style' => 'tall',
- 'ok' => qa_get('s') ? qa_lang_html('users/email_code_emailed') : null,
- 'fields' => $fields,
- 'buttons' => $buttons,
- 'hidden' => $hidden,
- );
- }
- $qa_content['focusid'] = $focusId;
- return $qa_content;