Home Explore Help
Register Sign In
SylvieLorxu
/
freepost
forked from zPlus/freepost
Watch 1
Star 0
Fork 0
Files
Branch: master
Branches Tags
freepost
/
login_reset.php

login_reset.php 2.8 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. <?php
    2. 

  2. 

  3. require_once 'session.php';
    4. 

  4. require_once 'database.php';
    5. 

  5. require_once 'twig.php';
    6. 

  6. 

  7. // Do not re-login if already loged in
    8. 

  8. if (Session::is_valid())
    9. 

  9. {
    10. 

  10.     header ('Location: ./login');
    11. 

  11.     exit ();
    12. 

  12. }
    13. 

  13. 

  14. $db = new Database ();
    15. 

  15. $db->connect ();
    16. 

  16. 

  17. // POST: Process form submission     ===========================================
    18. 

  18. 

  19. 

  20. if ($_SERVER['REQUEST_METHOD'] === 'POST')
    21. 

  21. {
    22. 

  22.     // User asked to reset his password
    23. 

  23.     if (isset ($_POST['reset']))
    24. 

  24.     {
    25. 

  25.         if (!isset ($_POST['username']))
    26. 

  26.         {
    27. 

  27.             header ('Location: ./login');
    28. 

  28.             exit ();
    29. 

  29.         }
    30. 

  30.         
    31. 

  31.         // Make sure the user exists
    32. 

  32.         $user = $db->get_user ($_POST['username']);
    33. 

  33.         
    34. 

  34.         // User exists
    35. 

  35.         if (is_null ($user) || empty ($user))
    36. 

  36.         {
    37. 

  37.             header ('Location: ./login_reset');
    38. 

  38.             exit ();
    39. 

  39.         }
    40. 

  40.         
    41. 

  41.         // Get a new secret token
    42. 

  42.         $token = $db->password_reset ($user['hashId']);
    43. 

  43.         
    44. 

  44.         // Send reset token by email
    45. 

  45.         if (!is_null ($token))
    46. 

  46.         {
    47. 

  47.             mail ($user['email'],
    48. 

  48.                 'freepost: password reset',
    49. 

  49.                 $twig->render ('login_reset_email.twig', array ('token' => $token)),
    50. 

  50.                 'From: freepost <noreply@freepo.st>' . "\r\n" . 'Reply-To: freepost <noreply@freepo.st>');
    51. 

  51.         }
    52. 

  52.         
    53. 

  53.         // Render template (tell user the password was sent)
    54. 

  54.         echo $twig->render (
    55. 

  55.             'login_reset.twig',
    56. 

  56.             array ('token_sent' => true));
    57. 

  57.         
    58. 

  58.         exit ();
    59. 

  59.     }
    60. 

  60.     
    61. 

  61.     // Validate secret token sent by email
    62. 

  62.     if (isset ($_POST['validate']))
    63. 

  63.     {
    64. 

  64.         // POST form must have a token and a password
    65. 

  65.         if (!isset ($_POST['token']) || !isset ($_POST['password']))
    66. 

  66.         {
    67. 

  67.             header ('Location: ./login_reset');
    68. 

  68.             exit ();
    69. 

  69.         }
    70. 

  70.         
    71. 

  71.         $token = $_POST['token'];
    72. 

  72.         $new_password = $_POST['password'];
    73. 

  73.         
    74. 

  74.         // Check password length
    75. 

  75.         if (strlen ($new_password) < 8)
    76. 

  76.         {
    77. 

  77.             // Render template
    78. 

  78.             echo $twig->render (
    79. 

  79.                 'login_reset.twig',
    80. 

  80.                 array (
    81. 

  81.                     'token'    => $token,
    82. 

  82.                     'feedback' => 'Password must be at least 8 characters long'));
    83. 

  83.                 
    84. 

  84.                 exit ();
    85. 

  85.         }
    86. 

  86.         
    87. 

  87.         // Is the token valid?
    88. 

  88.         $user = $db->password_reset_validate ($token, $new_password);
    89. 

  89.         
    90. 

  90.         header ('Location: ./login');
    91. 

  91.         exit ();
    92. 

  92.     }
    93. 

  93. }
    94. 

  94. 

  95. 

  96. // GET: show reset form     ====================================================
    97. 

  97. 

  98. 

  99. // Form for resetting password (this is displayed when user clicks email link)
    100. 

  100. if (isset ($_GET['token']))
    101. 

  101. {
    102. 

  102.     // Render template
    103. 

  103.     echo $twig->render (
    104. 

  104.         'login_reset.twig',
    105. 

  105.         array ('token' => $_GET['token']));
    106. 

  106.         
    107. 

  107.     exit ();
    108. 

  108. }
    109. 

  109. 

  110. // Render template
    111. 

  111. echo $twig->render ('login_reset.twig');
    112. 

  112. 

  113.