This allows for reusing reset key submission for other things, such as
sending an initial password reset code during account registration.
Signed-off-by: Lukas Fleischer <archli...@cryptocrack.de>
---
web/html/passreset.php | 22 +++++-----------------
web/lib/acctfuncs.inc.php | 26 ++++++++++++++++++++++++++
2 files changed, 31 insertions(+), 17 deletions(-)
diff --git a/web/html/passreset.php b/web/html/passreset.php
index 064e3de..94a1ad9 100644
--- a/web/html/passreset.php
+++ b/web/html/passreset.php
@@ -37,24 +37,12 @@ if (isset($_GET['resetkey'], $_POST['email'],
$_POST['password'], $_POST['confir
}
} elseif (isset($_POST['email'])) {
$email = $_POST['email'];
- $uid = uid_from_email($email);
- if ($uid != NULL && $uid != 'None') {
- # We (ab)use new_sid() to get a random 32 characters long string
- $resetkey = new_sid();
- create_resetkey($resetkey, $uid);
- # Send email with confirmation link
- $body = __('A password reset request was submitted for the
account '.
- 'associated with your e-mail address. If you wish to
reset '.
- 'your password follow the link below, otherwise
ignore '.
- 'this message and nothing will happen.').
- "\n\n".
- "{$AUR_LOCATION}/" . get_uri('/passreset/') . "?".
- "resetkey={$resetkey}";
- $body = wordwrap($body, 70);
- $headers = "Reply-to:
nob...@archlinux.org\nFrom:aur-not...@archlinux.org\nX-Mailer: PHP\nX-MimeOLE:
Produced By AUR";
- @mail($email, 'AUR Password Reset', $body, $headers);
+ $body = __('A password reset request was submitted for the account '.
+ 'associated with your e-mail address. If you wish to reset '.
+ 'your password follow the link below, otherwise ignore '.
+ 'this message and nothing will happen.').
+ send_resetkey($email, $body);
- }
header('Location: ' . get_uri('/passreset/') . '?step=confirm');
exit();
}
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 9c0998a..edca8a3 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -582,6 +582,32 @@ function create_resetkey($resetkey, $uid) {
}
/**
+ * Send a reset key to a specific e-mail address
+ *
+ * @param string $email E-mail address of the user resetting their password
+ * @param string $body Body of the email
+ *
+ * @return void
+ */
+function send_resetkey($email, $body) {
+ global $AUR_LOCATION;
+
+ $uid = uid_from_email($email);
+ if ($uid != NULL && $uid != 'None') {
+ # We (ab)use new_sid() to get a random 32 characters long string
+ $resetkey = new_sid();
+ create_resetkey($resetkey, $uid);
+ # Send email with confirmation link
+ $body = wordwrap($body, 70);
+ $body .= "\n\n".
+ "{$AUR_LOCATION}/" . get_uri('/passreset/') . "?".
+ "resetkey={$resetkey}";
+ $headers = "Reply-to:
nob...@archlinux.org\nFrom:aur-not...@archlinux.org\nX-Mailer: PHP\nX-MimeOLE:
Produced By AUR";
+ @mail($email, 'AUR Password Reset', $body, $headers);
+ }
+}
+
+/**
* Change a user's password in the database if reset key and e-mail are correct
*
* @param string $hash New MD5 hash of a user's password
--
1.8.2.480.g556678c
