Added generic "account" password recovery

2010-10-12 16:49:38 +00:00 · 2010-10-12 16:49:38 +00:00 · f0d1578ac3
commit f0d1578ac3
parent 607834bc0e
4 changed files with 57 additions and 57 deletions
--- a/admin/communication.php
+++ b/admin/communication.php
@ -289,6 +289,7 @@ case 'dialog_edit':
 					<option value="LASTNAME">[LASTNAME]</option>
 					<option value="NAME">[NAME]</option>
 					<option value="SALUTATION">[SALUTATION]</option>
+					<option value="USERNAME">[USERNAME]</option>
 					<option value="PASSWORD">[PASSWORD]</option>
 					<option value="REGNUM">[REGNUM]</option>
 					<option value="URLMAIN">[URLMAIN]</option>
--- a/db/db.code.version.txt
+++ b/db/db.code.version.txt
@ -1 +1 @@
-209
+210
--- a/db/db.update.210.sql
+++ b/db/db.update.210.sql
@ -0,0 +1,16 @@
+INSERT INTO `emails` (
+`id` ,
+`val` ,
+`name` ,
+`description` ,
+`from` ,
+`subject` ,
+`body` ,
+`bodyhtml` ,
+`type` ,
+`fundraising_campaigns_id` ,
+`lastsent`
+)
+VALUES (
+NULL , 'account_recover_password', 'Account - Recover Password', 'Recover the password for an account if they submit a ''forgot password'' request', '', 'Password Recovery for [FAIRNAME]', 'We have received a request for the recovery of your password from this email address. Please find your login information below: User Name: [USERNAME] Password: [PASSWORD] ', '', 'system', NULL , NULL
+);
--- a/user_login.php
+++ b/user_login.php
@ -157,28 +157,13 @@ if(isset($_SESSION['accounts_id'])) {
 	$recover_link = "user_login.php?role=$role&action=recover";

 	?>
-	 <br />
-	 <?=i18n('Password recovery will reset your password to a new random password, and then email you that password.  Enter your name and email address below, then click on the \'Reset\' button.  The name and email must exactly match the ones you used to register.  Sometimes the email takes a few minutes to send so be patient.')?><br />
-	 <br />
+	 <p><?=i18n('This form will have your password sent to the email address on your account.  Please enter your email address below, and click on the \'Recover\' button.  Sometimes the email takes a few minutes to send, so please be patient.')?></p>
 	 <form method="post" action="user_login.php?role=<?=$role?>">
 	 <input type="hidden" name="action" value="recoverconfirm" />
-	 <table>
-	 <tr><td>
-	 <?=i18n("First Name")?>:</td><td><input type="text" size="20" name="fn" />
-	 </td></tr>
-	 <tr><td>
-	 <?=i18n("Last Name")?>:</td><td><input type="text" size="20" name="ln" />
-	 </td></tr>
-	 <tr><td>
 	 <?=i18n("Email")?>:</td><td><input type="text" size="20" name="email" />
-	 </td></tr>
-	 <tr><td colspan="2">
-	 <input type="submit" value="<?=i18n("Reset my password")?>" />
-	 </td></tr></table>
-	 <br />
+	 <input type="submit" value="<?=i18n("Recover")?>" />
 	 </form>
-	 <br />
-	<div style="font-size: 0.75em;">
+	<div style="font-size: 0.75em; margin-top:2em">
 	<?=i18n('If you didn\'t register using an email address and you have lost your password, please contact the committee to have your password reset.')?></div><br />
  	<?	
 	send_footer();
@ -187,46 +172,44 @@ if(isset($_SESSION['accounts_id'])) {
 {
 	/* Process a recover */
 	$email = $_POST['email'];
-	if(user_valid_email($email)) {
-		/* valid email address */
-		$e = mysql_escape_string($email);
-		$q=mysql_query("SELECT * FROM users WHERE (username='$e' OR email='$e') ORDER BY year DESC LIMIT 1");
-		$r=mysql_fetch_object($q);
-		if($r) {
-			$fn = trim($_POST['fn']);
-			$ln = trim($_POST['ln']);

-			/* Check name match */
-			if(strcasecmp($r->firstname, $fn)!=0  ||  strcasecmp($r->lastname, $ln)!=0) {
-				message_push(error(i18n("The name you entered does not match the one in your account")));
-				header("Location: user_login.php?role=$role");
-				exit;
-			}
-
-			/* Reset the password, and force it to expire */
-			$password = user_set_password($r->id, NULL);
-
-			/* volunteer_recover_password, judge_recover_password, student_recover_password,
-				committee_recover_password */
-			email_send("{$role}_recover_password",
-					$email, 
-					array("FAIRNAME"=>i18n($config['fairname'])),
-					array(	"PASSWORD"=>$password,
-						"EMAIL"=>$email)
-				);
-
-			message_push(notice(i18n("Your password has been sent to your email address")));
-			header("Location: user_login.php?role=$role");
-			exit;
-		} else {
-			message_push(error(i18n("Could not find your email address for recovery")));
-			header("Location: user_login.php?role=$role");
-			exit;
-		}
+	if(!isEmailAddress($email)) {
+		// not a valid email address
+		message_push(error(i18n("Email address error")));
+		header("Location: user_login.php");
+		exit;
 	}
-	message_push(error(i18n("Email address error")));
-	header("Location: user_login.php?role=$role");
-	exit;
+
+	$email = mysql_real_escape_string($email);
+	// let's see if we can find this email address on an account
+	$q = mysql_query("SELECT * FROM accounts WHERE email LIKE '$email'");
+	$r = mysql_fetch_object($q);
+
+	if(!$r){
+		// didn't find it that way.  Let's try finding an unconfirmed e-mail
+		$q = mysql_query("SELECT * FROM accounts WHERE pendingemail LIKE '$email'");
+		$r = mysql_fetch_object($q);
+	}
+	
+	if($r) {
+	
+		// found the specified email address
+		/* volunteer_recover_password, judge_recover_password, student_recover_password,
+			committee_recover_password */
+		email_send("account_recover_password",
+				$email, 
+				array("FAIRNAME"=>i18n($config['fairname'])),
+				array(	"PASSWORD"=>$r->password,
+					"USERNAME"=>$r->username)
+			);
+
+		message_push(notice(i18n("Your password has been sent to your email address")));
+		header("Location: user_login.php");
+	}else{
+		message_push(error(i18n("Could not find your email address for recovery")));
+		header("Location: user_login.php");
+	}
+
 }
 else
 {