diff --git a/app/Helpers/UserHelper.php b/app/Helpers/UserHelper.php index bd8034e..28fadfd 100644 --- a/app/Helpers/UserHelper.php +++ b/app/Helpers/UserHelper.php @@ -62,6 +62,22 @@ class UserHelper { $user->recovery_key = $recovery_key; $user->save(); + return $recovery_key; + } + + public static function userResetKeyCorrect($username, $recovery_key, $inactive=false) { + // Given a username and a recovery key, return true if they match. + + $user = self::getUserByUsername($username, $inactive); + + if ($user) { + if ($recovery_key != $user->recovery_key) { + return false; + } + } + else { + return false; + } return true; } diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 150b78b..771965c 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -1,6 +1,7 @@ with('error', 'Password recovery is disabled.'); + } + + $email = $request->input('email'); + $ip = $request->ip(); + $user = UserHelper::getUserByEmail($email); + + if (!$user) { + return redirect(route('lost_password'))->with('error', 'Email is not associated with a user.'); + } + + $recovery_key = UserHelper::resetRecoveryKey($user->username); + + Mail::send('emails.lost_password', [ + 'username' => $user->username, 'recovery_key' => $recovery_key, 'ip' => $ip + ], function ($m) use ($user) { + $m->from(env('MAIL_FROM_ADDRESS'), env('MAIL_FROM_NAME')); + + $m->to($user->email, $user->username)->subject(env('APP_NAME') . ' Password Reset'); + }); + + return redirect(route('index'))->with('success', 'Password reset email sent. Check your inbox for details.'); + } + public function performActivation(Request $request, $username, $recovery_key) { - $user = UserHelper::getUserByUsername($username, $inactive=true); + $user = UserHelper::getUserByUsername($username, true); - if ($user) { - $user_recovery_key = $user->recovery_key; + if (UserHelper::userResetKeyCorrect($username, $recovery_key, true)) { + // Key is correct + // Activate account and reset recovery key + $user->active = 1; + $user->save(); - if ($recovery_key == $user_recovery_key) { - // Key is correct - // Activate account and reset recovery key - $user->active = 1; - $user->save(); - - UserHelper::resetRecoveryKey($username); - return redirect(route('login'))->with('success', 'Account activated. You may now login.'); - } - else { - return $user->recovery_key; - // return redirect(route('index'))->with('error', 'Username or activation key incorrect.'); - } + UserHelper::resetRecoveryKey($username); + return redirect(route('login'))->with('success', 'Account activated. You may now login.'); } else { return redirect(route('index'))->with('error', 'Username or activation key incorrect.'); } } - public function performSendPasswordResetCode(Request $request) { - if (!env('SETTING_PASSWORD_RECOV')) { - return redirect(route('index'))->with('error', 'Password recovery is disabled.'); - } - - UserHelper::resetRecoveryKey($username); - - $email = $request->input('email'); - $ip = $request->ip(); - $user = UserHelper::getUserByEmail($email); - - - Mail::send('emails.lost_password', [ - 'username' => $user->username, 'recovery_key' => $user->recovery_key, 'ip' => $ip - ], function ($m) use ($user) { - $m->from(env('MAIL_FROM_ADDRESS'), env('MAIL_FROM_NAME')); - - $m->to($user->email, $user->username)->subject(env('APP_NAME') . ' password reset'); - }); - - return redirect(route('index'))->with('success', 'Password reset email sent. Check your inbox for details.'); - } - public function performPasswordReset(Request $request, $username, $recovery_key) { - if (!$request->input('new_password')) { - return view('reset_password'); - } - + $new_password = $request->input('new_password'); $user = UserHelper::getUserByUsername($username); - if ($user) { - $user_recovery_key = $user->recovery_key; - - if ($recovery_key == $user_recovery_key) { - // Key is correct - // Reset password - $user->password = $new_password; - $user->save(); - - UserHelper::resetRecoveryKey($username); - return redirect(route('login'))->with('success', 'Password reset. You may now login.'); - } - else { - return redirect(route('index'))->with('error', 'Username or activation key incorrect.'); + if (UserHelper::userResetKeyCorrect($username, $recovery_key)) { + if (!$new_password) { + return view('reset_password'); } + + // Key is correct + // Reset password + $user->password = Hash::make($new_password); + $user->save(); + + UserHelper::resetRecoveryKey($username); + return redirect(route('login'))->with('success', 'Password reset. You may now login.'); } else { return redirect(route('index'))->with('error', 'Username or reset key incorrect.'); diff --git a/app/Http/routes.php b/app/Http/routes.php index f3b65a4..4528b15 100644 --- a/app/Http/routes.php +++ b/app/Http/routes.php @@ -4,11 +4,6 @@ |-------------------------------------------------------------------------- | Application Routes |-------------------------------------------------------------------------- -| -| Here is where you can register all of the routes for an application. -| It is a breeze. Simply tell Lumen the URIs it should respond to -| and give it the Closure to call when that URI is requested. -| */ diff --git a/public/css/login.css b/public/css/login.css index d52bc41..36f2947 100644 --- a/public/css/login.css +++ b/public/css/login.css @@ -6,6 +6,10 @@ margin-bottom: 20px; } -.signup-prompt { +.login-prompts { padding-top: 15px; } + +.login-prompts small { + display: block; +} diff --git a/public/css/reset_password.css b/public/css/reset_password.css index 8fc1a58..ee7f1de 100644 --- a/public/css/reset_password.css +++ b/public/css/reset_password.css @@ -3,6 +3,7 @@ margin-bottom: 1em; } -.email-input-pd { +#passwordConfirm { + margin-top: 0.5em; margin-bottom: 2em; } diff --git a/public/js/reset_password.js b/public/js/reset_password.js new file mode 100644 index 0000000..400b914 --- /dev/null +++ b/public/js/reset_password.js @@ -0,0 +1,10 @@ +$('#passwordConfirm').on('keyup', function() { + var password = $('#passwordFirst').val(); + var confirm_password = $('#passwordConfirm').val(); + + if (password != confirm_password) { + this.setCustomValidity("Passwords do not match."); + } else { + this.setCustomValidity(''); + } +}); diff --git a/resources/views/emails/lost_password.blade.php b/resources/views/emails/lost_password.blade.php index 54d66a6..dc8aaf7 100644 --- a/resources/views/emails/lost_password.blade.php +++ b/resources/views/emails/lost_password.blade.php @@ -5,8 +5,6 @@ account at {{env('APP_NAME')}}.

-
- {{env('APP_PROTOCOL')}}{{env('APP_ADDRESS')}}/reset_password/{{$username}}/{{$recovery_key}} diff --git a/resources/views/login.blade.php b/resources/views/login.blade.php index e469b4e..511aaac 100644 --- a/resources/views/login.blade.php +++ b/resources/views/login.blade.php @@ -15,11 +15,15 @@ +

@if (env('POLR_ALLOW_ACCT_CREATION') == true) -

- Don't have an account? Register -

- @endif + Don't have an account? Register + @endif + + @if (env('SETTING_PASSWORD_RECOV') == true) + Forgot your password? Reset + @endif +

diff --git a/resources/views/lost_password.blade.php b/resources/views/lost_password.blade.php index 28e082c..2e13c0a 100644 --- a/resources/views/lost_password.blade.php +++ b/resources/views/lost_password.blade.php @@ -9,7 +9,7 @@
- +
diff --git a/resources/views/reset_password.blade.php b/resources/views/reset_password.blade.php new file mode 100644 index 0000000..009af87 --- /dev/null +++ b/resources/views/reset_password.blade.php @@ -0,0 +1,23 @@ +@extends('layouts.base') + +@section('css') + +@endsection + +@section('content') +

Reset Password

+ +
+
+ + + + + +
+
+@endsection + +@section('js') + +@endsection diff --git a/resources/views/reset_password.php b/resources/views/reset_password.php deleted file mode 100644 index 965f844..0000000 --- a/resources/views/reset_password.php +++ /dev/null @@ -1,17 +0,0 @@ -@extends('layouts.base') - -@section('css') - -@endsection - -@section('content') -

Reset Password

- -
-
- - - -
-
-@endsection