/** * @return string the user's new password. */ public static function resetPassword($username, $expires, $hash, $password = null) { $user = User::get($username); $validhash = User::getPasswordResetHash($username, $expires, $user); if (!$validhash) { return false; } if ($expires < time()) { return false; } if ($hash != $validhash) { return false; } if ($user === false || $user->username != $username) { return false; } if ($password === null) { //If we don't get a password, generate an 8-character one for the user, using the Base64 character set (0-9A-Za-z+-. $password = base64_encode(pack("n*", mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535))); } User::changePassword($user->username, $password); return $password; }
function send_reset_email($username, $email) { $user = User::get($username); if ($user === false || $user->username != $username || $user->email != $email) { return false; } $expires = time() + 24 * 60 * 60; $hash = User::getPasswordResetHash($user->username, $expires, $user); if (!$hash) { return false; } $url = 'http://' . $_SERVER['SERVER_NAME'] . '/passwordreset.php?u=' . $user->username . '&e=' . $expires . '&h=' . $hash; $emailbody = "Dear [{$user->username}],\n\n"; $emailbody .= "We received a request at www.grinnellplans.com to reset your Plans password.\n"; $emailbody .= "To confirm this request and reset your GrinnellPlans password, please click the link below: \n\n"; $emailbody .= $url . "\n\n"; $emailbody .= "If you are still having trouble accessing your GrinnellPlans account, reply to this email, and tell us what's going on.\n"; $emailbody .= "If you did not request a password reset, you may safely ignore this email. Your password will not be changed.\n\n"; $emailbody .= "Thanks for your continued interest in Plans!\nThe Plans Admins"; return send_mail($email, "GrinnellPlans password reset", $emailbody); }