From 5d31bb24502536d53968f1ba0062d2b0aedb11c5 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Tue, 19 Mar 2013 13:10:12 +0100 Subject: Move reset key submission to a separate function This allows for reusing reset key submission for other things, such as sending an initial password reset code during account registration. Signed-off-by: Lukas Fleischer --- web/html/passreset.php | 22 +++++----------------- web/lib/acctfuncs.inc.php | 26 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 17 deletions(-) (limited to 'web') diff --git a/web/html/passreset.php b/web/html/passreset.php index 064e3de..94a1ad9 100644 --- a/web/html/passreset.php +++ b/web/html/passreset.php @@ -37,24 +37,12 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir } } elseif (isset($_POST['email'])) { $email = $_POST['email']; - $uid = uid_from_email($email); - if ($uid != NULL && $uid != 'None') { - # We (ab)use new_sid() to get a random 32 characters long string - $resetkey = new_sid(); - create_resetkey($resetkey, $uid); - # Send email with confirmation link - $body = __('A password reset request was submitted for the account '. - 'associated with your e-mail address. If you wish to reset '. - 'your password follow the link below, otherwise ignore '. - 'this message and nothing will happen.'). - "\n\n". - "{$AUR_LOCATION}/" . get_uri('/passreset/') . "?". - "resetkey={$resetkey}"; - $body = wordwrap($body, 70); - $headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR"; - @mail($email, 'AUR Password Reset', $body, $headers); + $body = __('A password reset request was submitted for the account '. + 'associated with your e-mail address. If you wish to reset '. + 'your password follow the link below, otherwise ignore '. + 'this message and nothing will happen.'). + send_resetkey($email, $body); - } header('Location: ' . get_uri('/passreset/') . '?step=confirm'); exit(); } diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 9c0998a..edca8a3 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -581,6 +581,32 @@ function create_resetkey($resetkey, $uid) { $dbh->exec($q); } +/** + * Send a reset key to a specific e-mail address + * + * @param string $email E-mail address of the user resetting their password + * @param string $body Body of the email + * + * @return void + */ +function send_resetkey($email, $body) { + global $AUR_LOCATION; + + $uid = uid_from_email($email); + if ($uid != NULL && $uid != 'None') { + # We (ab)use new_sid() to get a random 32 characters long string + $resetkey = new_sid(); + create_resetkey($resetkey, $uid); + # Send email with confirmation link + $body = wordwrap($body, 70); + $body .= "\n\n". + "{$AUR_LOCATION}/" . get_uri('/passreset/') . "?". + "resetkey={$resetkey}"; + $headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR"; + @mail($email, 'AUR Password Reset', $body, $headers); + } +} + /** * Change a user's password in the database if reset key and e-mail are correct * -- cgit v1.2.3-70-g09d2