/**
* Send a reset key to a specific e-mail address
*
* @param string $email E-mail address of the user resetting their password
* @param bool $welcome Whether to use the welcome message
*
* @return void
*/
function send_resetkey($email, $welcome = false)
{
$uid = uid_from_email($email);
if ($uid == null) {
return;
}
/* We (ab)use new_sid() to get a random 32 characters long string. */
$resetkey = new_sid();
create_resetkey($resetkey, $uid);
/* Send e-mail with confirmation link. */
notify(array($welcome ? 'welcome' : 'send-resetkey', $uid));
}
/**
* Determine the user's ID in the database using a username or email address
*
* @param string $username The username or email address of an account
*
* @return string Return user ID if exists, otherwise null
*/
function uid_from_loginname($loginname)
{
$uid = uid_from_username($loginname);
if (!$uid) {
$uid = uid_from_email($loginname);
}
return $uid;
}
if (empty($error)) {
$dbh = db_connect();
# The query below won't affect any records unless the ResetKey
# and Email combination is correct and ResetKey is nonempty
$q = "UPDATE Users\n\t\t SET Passwd = '" . md5($password) . "',\n\t\t ResetKey = ''\n\t\t WHERE ResetKey != ''\n\t\t AND ResetKey = '" . mysql_real_escape_string($resetkey) . "'\n\t\t AND Email = '" . mysql_real_escape_string($email) . "'";
$result = db_query($q, $dbh);
if (!mysql_affected_rows($dbh)) {
$error = __('Invalid e-mail and reset key combination.');
} else {
header('Location: passreset.php?step=complete');
exit;
}
}
} elseif (isset($_POST['email'])) {
$email = $_POST['email'];
$uid = uid_from_email($email);
if ($uid != NULL && $uid != 'None') {
# We (ab)use new_sid() to get a random 32 characters long string
$resetkey = new_sid();
$dbh = db_connect();
$q = "UPDATE Users\n\t\t SET ResetKey = '{$resetkey}'\n\t\t WHERE ID = '{$uid}'";
db_query($q, $dbh);
# Send email with confirmation link
$body = __('A password reset request was submitted for the account ' . 'associated with your e-mail address. If you wish to reset ' . 'your password follow the link below, otherwise ignore ' . 'this message and nothing will happen.') . "\n\n" . 'http://aur.archlinux.org/passreset.php?' . "resetkey={$resetkey}";
$body = wordwrap($body, 70);
$headers = "To: {$email}\nReply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR";
@mail(' ', 'AUR Password Reset', $body, $headers);
}
header('Location: passreset.php?step=confirm');
exit;
}
} elseif ($password != $confirm) {
$error = __('Password fields do not match.');
} elseif (!good_passwd($password)) {
$length_min = config_get_int('options', 'passwd_min_len');
$error = __("Your password must be at least %s characters.", $length_min);
} elseif ($uid == null) {
$error = __('Invalid e-mail.');
}
if (empty($error)) {
$salt = generate_salt();
$hash = salted_hash($password, $salt);
$error = password_reset($hash, $salt, $resetkey, $email);
}
} elseif (isset($_POST['email'])) {
$email = $_POST['email'];
$username = username_from_id(uid_from_email($email));
if (empty($email)) {
$error = __('Missing a required field.');
} else {
send_resetkey($email);
header('Location: ' . get_uri('/passreset/') . '?step=confirm');
exit;
}
}
$step = isset($_GET['step']) ? $_GET['step'] : NULL;
html_header(__("Password Reset"));
?>
<div class="box">
<h2><?php
echo __("Password Reset");
