} } else { Cookie::set('login_attempts', 1, 600); } } } Notification::setNow('error', $login_error); } // Errors $errors = array(); $site_url = Option::get('siteurl'); $site_name = Option::get('sitename'); $user_login = trim(Request::post('login')); // Reset Password Form Submit if (Request::post('reset_password_submit')) { if (Option::get('captcha_installed') == 'true' && !CryptCaptcha::check(Request::post('answer'))) { $errors['users_captcha_wrong'] = __('Captcha code is wrong', 'users'); } if ($user_login == '') { $errors['users_empty_field'] = __('Required field', 'users'); } if ($user_login != '' && !$users->select("[login='******']")) { $errors['users_user_doesnt_exists'] = __('This user doesnt exist', 'users'); } if (count($errors) == 0) { // Get user $user = $users->select("[login='******']", null); // Generate new hash $new_hash = Text::random('alnum', 12); // Update user hash $users->updateWhere("[login='******']", array('hash' => $new_hash));
<?php if (Option::get('captcha_installed') == 'true') { ?> <div class="form-group"> <label><?php echo __('Captcha', 'users'); ?> </label> <input type="text" name="answer" class="form-control"><?php if (isset($errors['users_captcha_wrong'])) { echo Html::nbsp(3) . '<span class="error">' . $errors['users_captcha_wrong'] . '</span>'; } ?> <br> <?php CryptCaptcha::draw(); ?> </div> <?php } ?> <div class="form-group"> <input type="submit" class="btn btn-primary" value="<?php echo __('Register', 'users'); ?> " name="register"> </div> </form> </div> </div>
/** * Get Password Reset */ public static function getPasswordReset() { // Is User Loged in ? if (!Session::get('user_id')) { $errors = array(); $site_url = Option::get('siteurl'); $site_name = Option::get('sitename'); // Reset Password from hash if (Request::get('hash')) { // Get user with specific hash $user = Users::$users->select("[hash='" . Request::get('hash') . "']", null); // If user exists if (count($user) > 0 && $user['hash'] == Request::get('hash')) { // Generate new password $new_password = Text::random('alnum', 6); // Update user profile // Set new hash and new password Users::$users->updateWhere("[login='******'login'] . "']", array('hash' => Text::random('alnum', 12), 'password' => Security::encryptPassword($new_password))); $mail = new PHPMailer(); $mail->CharSet = 'utf-8'; $mail->ContentType = 'text/html'; $mail->SetFrom(Option::get('system_email')); $mail->AddReplyTo(Option::get('system_email')); $mail->AddAddress($user['email'], $user['login']); $mail->Subject = __('Your new password for :site_name', 'users', array(':site_name' => $site_name)); $mail->MsgHTML(View::factory('box/emails/views/emails/email_layout')->assign('site_url', $site_url)->assign('site_name', $site_name)->assign('user_id', $user['id'])->assign('user_login', $user['login'])->assign('new_password', $new_password)->assign('email_template', 'new-password')->render()); $mail->Send(); // Set notification Notification::set('success', __('New password has been sent', 'users')); // Redirect to password-reset page Request::redirect(Site::url() . '/users/login'); } } // Reset Password Form Submit if (Request::post('reset_password_submit')) { $user_login = trim(Request::post('login')); // Check csrf if (Security::check(Request::post('csrf'))) { if (Option::get('captcha_installed') == 'true' && !CryptCaptcha::check(Request::post('answer'))) { $errors['users_captcha_wrong'] = __('Captcha code is wrong', 'users'); } if ($user_login == '') { $errors['users_empty_field'] = __('Required field', 'users'); } if ($user_login != '' && !Users::$users->select("[login='******']")) { $errors['users_user_doesnt_exists'] = __('This user doesnt exist', 'users'); } if (count($errors) == 0) { // Get user $user = Users::$users->select("[login='******']", null); // Generate new hash $new_hash = Text::random('alnum', 12); // Update user hash Users::$users->updateWhere("[login='******']", array('hash' => $new_hash)); $mail = new PHPMailer(); $mail->CharSet = 'utf-8'; $mail->ContentType = 'text/html'; $mail->SetFrom(Option::get('system_email')); $mail->AddReplyTo(Option::get('system_email')); $mail->AddAddress($user['email'], $user['login']); $mail->Subject = __('Your login details for :site_name', 'users', array(':site_name' => $site_name)); $mail->MsgHTML(View::factory('box/emails/views/emails/email_layout')->assign('site_url', $site_url)->assign('site_name', $site_name)->assign('user_id', $user['id'])->assign('user_login', $user['login'])->assign('new_hash', $new_hash)->assign('email_template', 'reset-password')->render()); $mail->Send(); // Set notification Notification::set('success', __('Your login details for :site_name has been sent', 'users', array(':site_name' => $site_name))); // Redirect to password-reset page Request::redirect(Site::url() . '/users/password-reset'); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } View::factory('box/users/views/frontend/password_reset')->assign('errors', $errors)->assign('user_login', trim(Request::post('login')))->display(); } }