Allow resetting password through email.
This also adopts the use of an Alert template for error and success messages.
This commit is contained in:
@@ -29,9 +29,12 @@ class Login extends HTMLController
|
||||
if (isset($_POST['redirect_url']))
|
||||
header('Location: ' . base64_decode($_POST['redirect_url']));
|
||||
elseif (isset($_SESSION['login_url']))
|
||||
{
|
||||
unset($_SESSION['redirect_url']);
|
||||
header('Location: ' . $_SESSION['redirect_url']);
|
||||
}
|
||||
else
|
||||
header('Location: ' . BASEURL . '/admin/');
|
||||
header('Location: ' . BASEURL . '/');
|
||||
exit;
|
||||
}
|
||||
else
|
||||
@@ -39,15 +42,28 @@ class Login extends HTMLController
|
||||
}
|
||||
|
||||
parent::__construct('Log in - ' . SITE_TITLE);
|
||||
$this->page->appendStylesheet(BASEURL . '/css/admin.css');
|
||||
$form = new LogInForm('Log in');
|
||||
if ($login_error)
|
||||
$form->setErrorMessage('Invalid email address or password.');
|
||||
$form->adopt(new Alert('', 'Invalid email address or password.', 'error'));
|
||||
|
||||
// Tried anything? Be helpful, at least.
|
||||
if (isset($_POST['emailaddress']))
|
||||
$form->setEmail($_POST['emailaddress']);
|
||||
|
||||
// A message from the past/present/future?
|
||||
if (isset($_SESSION['login_msg']))
|
||||
{
|
||||
$form->adopt(new Alert($_SESSION['login_msg'][0], $_SESSION['login_msg'][1], $_SESSION['login_msg'][2]));
|
||||
unset($_SESSION['login_msg']);
|
||||
}
|
||||
|
||||
// Going somewhere?
|
||||
if (!empty($_GET['redirect']) && ($url = base64_decode($_GET['redirect'])))
|
||||
{
|
||||
$_SESSION['login_url'] = $url;
|
||||
$form->setRedirectUrl($url);
|
||||
}
|
||||
|
||||
$this->page->adopt($form);
|
||||
}
|
||||
}
|
||||
|
||||
81
controllers/ResetPassword.php
Normal file
81
controllers/ResetPassword.php
Normal file
@@ -0,0 +1,81 @@
|
||||
<?php
|
||||
/*****************************************************************************
|
||||
* ResetPassword.php
|
||||
* Contains the controller for the reset password procedure.
|
||||
*
|
||||
* Kabuki CMS (C) 2013-2016, Aaron van Geffen
|
||||
*****************************************************************************/
|
||||
|
||||
class ResetPassword extends HTMLController
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
// Already logged in? Then you don't need this.
|
||||
if (Registry::get('user')->isLoggedIn())
|
||||
throw new UserFacingException('You are already logged in.');
|
||||
|
||||
// Verifying an existing reset key?
|
||||
if (isset($_GET['step'], $_GET['email'], $_GET['key']) && $_GET['step'] == 2)
|
||||
{
|
||||
$email = rawurldecode($_GET['email']);
|
||||
$id_user = Authentication::getUserid($email);
|
||||
if ($id_user === false)
|
||||
throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.');
|
||||
|
||||
$key = $_GET['key'];
|
||||
if (!Authentication::checkResetKey($id_user, $key))
|
||||
throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.');
|
||||
|
||||
parent::__construct('Reset password - ' . SITE_TITLE);
|
||||
$form = new PasswordResetForm($email, $key);
|
||||
$this->page->adopt($form);
|
||||
|
||||
// Are they trying to set something already?
|
||||
if (isset($_POST['password1'], $_POST['password2']))
|
||||
{
|
||||
$missing = [];
|
||||
if (strlen($_POST['password1']) < 6 || !preg_match('~[^A-z]~', $_POST['password1']))
|
||||
$missing[] = 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).';
|
||||
if ($_POST['password1'] != $_POST['password2'])
|
||||
$missing[] = 'The passwords you entered do not match.';
|
||||
|
||||
// So, are we good to go?
|
||||
if (empty($missing))
|
||||
{
|
||||
Authentication::updatePassword($id_user, Authentication::computeHash($_POST['password1']));
|
||||
$_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success'];
|
||||
header('Location: ' . BASEURL . '/login/');
|
||||
exit;
|
||||
}
|
||||
else
|
||||
$form->adopt(new Alert('Some fields require your attention', '<ul><li>' . implode('</li><li>', $missing) . '</li></ul>', 'error'));
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
parent::__construct('Reset password - ' . SITE_TITLE);
|
||||
$form = new ForgotPasswordForm();
|
||||
$this->page->adopt($form);
|
||||
|
||||
// Have they submitted an email address yet?
|
||||
if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress'])))
|
||||
{
|
||||
$id_user = Authentication::getUserid(trim($_POST['emailaddress']));
|
||||
if ($id_user === false)
|
||||
{
|
||||
$form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'error'));
|
||||
return;
|
||||
}
|
||||
|
||||
Authentication::setResetKey($id_user);
|
||||
Email::resetMail($id_user);
|
||||
|
||||
// Show the success message
|
||||
$this->page->clear();
|
||||
$box = new DummyBox('An email has been sent');
|
||||
$box->adopt(new Alert('', 'We have sent an email to ' . $_POST['emailaddress'] . ' containing details on how to reset your password.', 'success'));
|
||||
$this->page->adopt($box);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user