home » zplus/freepost.git
ID: 652172fdd254216d7e05bb958c2d7b496f5f6260
112 lines — 3K — View raw 


  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
<?php

require_once 'session.php';
require_once 'database.php';
require_once 'twig.php';

// Do not re-login if already loged in
if (Session::is_valid())
{
    header ('Location: ./login');
    exit ();
}

$db = new Database ();
$db->connect ();

// POST: Process form submission     ===========================================


if ($_SERVER['REQUEST_METHOD'] === 'POST')
{
    // User asked to reset his password
    if (isset ($_POST['reset']))
    {
        if (!isset ($_POST['username']))
        {
            header ('Location: ./login');
            exit ();
        }
        
        // Make sure the user exists
        $user = $db->get_user ($_POST['username']);
        
        // User exists
        if (is_null ($user) || empty ($user))
        {
            header ('Location: ./login_reset');
            exit ();
        }
        
        // Get a new secret token
        $token = $db->password_reset ($user['hashId']);
        
        // Send reset token by email
        if (!is_null ($token))
        {
            mail ($user['email'],
                'freepost: password reset',
                $twig->render ('login_reset_email.twig', array ('token' => $token)),
                'From: freepost <noreply@freepo.st>' . "\r\n" . 'Reply-To: freepost <noreply@freepo.st>');
        }
        
        // Render template (tell user the password was sent)
        echo $twig->render (
            'login_reset.twig',
            array ('token_sent' => true));
        
        exit ();
    }
    
    // Validate secret token sent by email
    if (isset ($_POST['validate']))
    {
        // POST form must have a token and a password
        if (!isset ($_POST['token']) || !isset ($_POST['password']))
        {
            header ('Location: ./login_reset');
            exit ();
        }
        
        $token = $_POST['token'];
        $new_password = $_POST['password'];
        
        // Check password length
        if (strlen ($new_password) < 8)
        {
            // Render template
            echo $twig->render (
                'login_reset.twig',
                array (
                    'token'    => $token,
                    'feedback' => 'Password must be at least 8 characters long'));
                
                exit ();
        }
        
        // Is the token valid?
        $user = $db->password_reset_validate ($token, $new_password);
        
        header ('Location: ./login');
        exit ();
    }
}


// GET: show reset form     ====================================================


// Form for resetting password (this is displayed when user clicks email link)
if (isset ($_GET['token']))
{
    // Render template
    echo $twig->render (
        'login_reset.twig',
        array ('token' => $_GET['token']));
        
    exit ();
}

// Render template
echo $twig->render ('login_reset.twig');