Closed #62
This commit is contained in:
Marcin Kurczewski
parent
039d56c260
commit
bb01ae7fca
4 changed files with 119 additions and 21 deletions
18
config.ini
18
config.ini
|
|
@ -41,15 +41,25 @@ needEmailForRegistering = 1
|
|||
needEmailForCommenting = 0
|
||||
needEmailForUploading = 1
|
||||
confirmationEmailEnabled = 1
|
||||
confirmationEmailSenderName = "{host} registration engine"
|
||||
confirmationEmailSenderName = "{host} mailing system"
|
||||
confirmationEmailSenderEmail = "noreply@{host}"
|
||||
confirmationEmailSubject = "{host} activation"
|
||||
confirmationEmailSubject = "{host} - account activation"
|
||||
confirmationEmailBody = "Hello,
|
||||
|
||||
You received this e-mail because someone registered a user with this address at {host}. If it's you, visit {link} to finish registration process, otherwise you may ignore and delete this e-mail.
|
||||
You received this e-mail because someone registered a user with this e-mail address at {host}. If it's you, visit {link} to finish registration process, otherwise you may ignore and delete this e-mail.
|
||||
|
||||
Kind regards,
|
||||
{host} registration engine"
|
||||
{host} mailing system"
|
||||
|
||||
passwordResetEmailSenderName = "{host} mailing system"
|
||||
passwordResetEmailSenderEmail = "noreply@{host}"
|
||||
passwordResetEmailSubject = "{host} - password reset"
|
||||
passwordResetEmailBody = "Hello,
|
||||
|
||||
You received this e-mail because someone requested a password reset for user with this e-mail address at {host}. If it's you, visit {link} to finish password reset process, otherwise you may ignore and delete this e-mail.
|
||||
|
||||
Kind regards,
|
||||
{host} mailing system"
|
||||
|
||||
[privileges]
|
||||
uploadPost=registered
|
||||
|
|
|
|||
|
|
@ -32,6 +32,9 @@ class UserController
|
|||
$senderName = TextHelper::replaceTokens($senderName, $tokens);
|
||||
$senderEmail = TextHelper::replaceTokens($senderEmail, $tokens);
|
||||
|
||||
if (empty($recipientEmail))
|
||||
throw new SimpleException('Destination e-mail address was not found');
|
||||
|
||||
$headers = [];
|
||||
$headers []= sprintf('MIME-Version: 1.0');
|
||||
$headers []= sprintf('Content-Transfer-Encoding: 7bit');
|
||||
|
|
@ -71,6 +74,23 @@ class UserController
|
|||
$tokens);
|
||||
}
|
||||
|
||||
private static function sendPasswordResetConfirmation($user)
|
||||
{
|
||||
$regConfig = \Chibi\Registry::getConfig()->registration;
|
||||
|
||||
$tokens = [];
|
||||
$tokens['link'] = \Chibi\UrlHelper::route('user', 'password-reset', ['token' => '{token}']);
|
||||
|
||||
return self::sendTokenizedEmail(
|
||||
$user,
|
||||
$regConfig->passwordResetEmailBody,
|
||||
$regConfig->passwordResetEmailSubject,
|
||||
$regConfig->passwordResetEmailSenderName,
|
||||
$regConfig->passwordResetEmailSenderEmail,
|
||||
$user->email_confirmed,
|
||||
$tokens);
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
|
|
@ -519,18 +539,7 @@ class UserController
|
|||
$this->context->subTitle = 'account activation';
|
||||
$this->context->viewName = 'message';
|
||||
|
||||
if (empty($token))
|
||||
throw new SimpleException('Invalid activation token');
|
||||
|
||||
$dbToken = R::findOne('usertoken', 'token = ?', [$token]);
|
||||
if ($dbToken === null)
|
||||
throw new SimpleException('No user with such activation token');
|
||||
|
||||
if ($dbToken->used)
|
||||
throw new SimpleException('This user was already activated');
|
||||
|
||||
if ($dbToken->expires !== null and time() > $dbToken->expires)
|
||||
throw new SimpleException('Activation link expired');
|
||||
$dbToken = Model_Token::locate($token);
|
||||
|
||||
$dbUser = $dbToken->user;
|
||||
$dbUser->email_confirmed = $dbUser->email_unconfirmed;
|
||||
|
|
@ -554,14 +563,67 @@ class UserController
|
|||
|
||||
|
||||
/**
|
||||
* @route /activation-retry/
|
||||
* @route /password-reset/{token}
|
||||
*/
|
||||
public function activationRetryAction()
|
||||
public function passwordResetAction($token)
|
||||
{
|
||||
$this->context->subTitle = 'activation retry';
|
||||
$this->context->subTitle = 'password reset';
|
||||
$this->context->viewName = 'message';
|
||||
|
||||
$this->context->stylesheets []= 'auth.css';
|
||||
$dbToken = Model_Token::locate($token);
|
||||
|
||||
$alphabet = array_merge(range('A', 'Z'), range('a', 'z'), range('0', '9'));
|
||||
$randomPassword = join('', array_map(function($x) use ($alphabet)
|
||||
{
|
||||
return $alphabet[$x];
|
||||
}, array_rand($alphabet, 8)));
|
||||
|
||||
$dbUser = $dbToken->user;
|
||||
$dbUser->pass_hash = Model_User::hashPassword($randomPassword, $dbUser->pass_salt);
|
||||
$dbToken->used = true;
|
||||
R::store($dbToken);
|
||||
R::store($dbUser);
|
||||
|
||||
$message = 'Password reset successfuly. Your new password is **' . $randomPassword . '**.';
|
||||
StatusHelper::success($message);
|
||||
|
||||
$this->context->user = $dbUser;
|
||||
AuthController::doReLog();
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @route /password-reset-proxy
|
||||
*/
|
||||
public function passwordResetProxyAction()
|
||||
{
|
||||
$this->context->subTtile = 'password reset';
|
||||
$this->context->viewName = 'user-select';
|
||||
$this->context->stylesheets []= 'auth.css';
|
||||
|
||||
if (InputHelper::get('submit'))
|
||||
{
|
||||
$name = InputHelper::get('name');
|
||||
$user = Model_User::locate($name);
|
||||
if (empty($user->email_confirmed))
|
||||
throw new SimpleException('This user has no e-mail confirmed; password reset cannot proceed');
|
||||
|
||||
self::sendPasswordResetConfirmation($user);
|
||||
StatusHelper::success('E-mail sent. Follow instructions to reset password.');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @route /activation-proxy
|
||||
*/
|
||||
public function activationProxyAction()
|
||||
{
|
||||
$this->context->subTitle = 'account activation';
|
||||
$this->context->viewName = 'user-select';
|
||||
$this->context->stylesheets []= 'auth.css';
|
||||
|
||||
if (InputHelper::get('submit'))
|
||||
{
|
||||
$name = InputHelper::get('name');
|
||||
|
|
|
|||
25
src/Models/Model_Token.php
Normal file
25
src/Models/Model_Token.php
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
<?php
|
||||
class Model_Token extends AbstractModel
|
||||
{
|
||||
public static function locate($key, $throw = true)
|
||||
{
|
||||
if (empty($key))
|
||||
throw new SimpleException('Invalid security token');
|
||||
|
||||
$token = R::findOne('usertoken', 'token = ?', [$key]);
|
||||
if ($token === null)
|
||||
{
|
||||
if ($throw)
|
||||
throw new SimpleException('No user with security token');
|
||||
return null;
|
||||
}
|
||||
|
||||
if ($token->used)
|
||||
throw new SimpleException('This token was already used');
|
||||
|
||||
if ($token->expires !== null and time() > $token->expires)
|
||||
throw new SimpleException('This token has expired');
|
||||
|
||||
return $token;
|
||||
}
|
||||
}
|
||||
|
|
@ -35,7 +35,8 @@
|
|||
<div>
|
||||
<p>Problems logging in?</p>
|
||||
<ul>
|
||||
<li><a href="<?php echo \Chibi\UrlHelper::route('user', 'activation-retry') ?>">I haven't received activation e-mail</a></li>
|
||||
<li><a href="<?php echo \Chibi\UrlHelper::route('user', 'password-reset-proxy') ?>">I don't remember my password</a></li>
|
||||
<li><a href="<?php echo \Chibi\UrlHelper::route('user', 'activation-proxy') ?>">I haven't received activation e-mail</a></li>
|
||||
<li><a href="<?php echo \Chibi\UrlHelper::route('user', 'registration') ?>">I don't have account</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
|
|
|||
Loading…
Reference in a new issue