From patchwork Thu Jan 30 16:29:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lukas Fleischer X-Patchwork-Id: 1479 Return-Path: Delivered-To: patchwork@archlinux.org Received: from apollo.archlinux.org (localhost [127.0.0.1]) by apollo.archlinux.org (Postfix) with ESMTP id 4917116BD2793 for ; Thu, 30 Jan 2020 16:29:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.3 (2019-12-06) on apollo.archlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1, MAILING_LIST_MULTI=-1,RCVD_IN_DNSWL_MED=-2.3,SPF_HELO_NONE=0.001, T_DMARC_POLICY_NONE=0.01 autolearn=ham autolearn_force=no version=3.4.3 X-Spam-BL-Results: [127.0.9.2] Received: from orion.archlinux.org (orion.archlinux.org [88.198.91.70]) by apollo.archlinux.org (Postfix) with ESMTPS for ; Thu, 30 Jan 2020 16:29:44 +0000 (UTC) Received: from orion.archlinux.org (localhost [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id 1C53518851DD9D; Thu, 30 Jan 2020 16:29:43 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [IPv6:2a01:4f8:160:3033::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: luna) by orion.archlinux.org (Postfix) with ESMTPSA id E8EAA18851DD99; Thu, 30 Jan 2020 16:29:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=archlinux.org; s=orion; t=1580401782; bh=/mhLAdBIW5ithW13W4c534Z9RblqAlQsch9jLcgE5cE=; h=From:To:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=IRHtcv2K7hzgu0Yp4Xt9/mwSUdtAGkuwEGHa5zITaV/WHg50aL4w1X2JokEQS1/5t B+Eyr5g7oypdpNN7I+595pf2VkAc+VCz7sy0TjJ6HgRQn2mmuSNbtJiaHPrLnZd0Zz 5iOfgI/B6p1mdZymeGRNJFAZPq8qRL94xoDnS60XoGVzOeQfvzI5BUiSd3eV46yD+u fq8D1c9b/LfMhBMvZ+P0pLHzRgaRtg5XKacYnKFicW5Ndk6gx9Nx1DktTYt8LTTSaR TvRP8WUoCCsvFf+vWsgTYAt6JnO9moRoNscUh0RolXNhP1eLPopacFt8kzmUeRe+Ba RSkgil9LGBBGMaxRXy603ubgsIf22iSIC1U2PTAwVzES6enqb6iY5TLoj2dOWAMoC5 huxFkMlEf5+kXBkdpfzwSq6rfMSeuPDv+iOLSTEnXfVTtUD73+iXLdao3f25LxZMQy /R4Emhnf0ZmnaMauJerqJBq55h/w8DJv8DmQ33OTvpo0Ytg+abZiFfc9sHkc75NLac AU4+kbF6OQokUy36aqDV87pT3RbH0M72GunBr29o055SDQbIZp/JfKIfFKMBMsaF4+ NA0nmN6tMhbpkLeh8Vd1rj9jamKweXtufnAK8IUTbBCvXLQ+45qbFVpAB/muX9CW9C 4xVnwgJtYT2HnOrY6HJZKa30= Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id DB2462069D; Thu, 30 Jan 2020 16:29:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=archlinux.org; s=luna2; t=1580401782; bh=/mhLAdBIW5ithW13W4c534Z9RblqAlQsch9jLcgE5cE=; h=From:To:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=u81tPaCPSN/DDxbwZdoylFbWws4EhVZ/crwf4rFWc5nLn2kcaH8fmTfHexMqCr5Tt woboxeYUPbNUXg2hCyUfAMehBmNnc4FANJwqdrVJEVK7C4XfAUYXDeJTj88oUFeIS7 4QY6qkuTuSz6IR+DcGbXD1tSb2idYV7H9VuMYSAMZZ9+HesuaLPrAe5IC4Vy4T0qBg 0GC/8FSnzbmoPXyO+7M5w3PZEocO5jVP7Q+pEWcLWPSraIk0hViEYhA/xCbHqaiZ/S Tj+eSgq2goipxdfK9zTZ1Ps02yEloGl+f45TyU7AZvRAxfjqMuhQRaLGoWTiId3sz2 MqAcRfhK09Rnml6cQCOebn4l6Ng8mY5X4c3BHZrTZnwSpmahqqb0Phac1Hjgu++1AB YPm0s7eIUyRdDzEsqXRV6VUEN7XZ/66nv/m5ltZkjX3bHf3NsXrMlFF+DWm7eQIC8s BlrL3Gehy9Vrbbz51yTYj150T73m+MF0neDgqC2ZcuIfe8Zu2bFaXq4QZwJWKsDJXz hYIMmIfpUkRmxyD4GoClZwzaIpNdegVV9ThU+dcK/VPhJILCqdLoQEN4YYcJ7PD/0d 1bqLPPirY/DWbWCAd3pWBYFjMdynLE942xUM/njNVk1kZG/gq4JdSJP2EEf/W5CveU +VtaBEFvkxbM8aJXW8Za6k+4= Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 3B27C2BE53 for ; Thu, 30 Jan 2020 16:29:38 +0000 (UTC) Received: from orion.archlinux.org (orion.archlinux.org [IPv6:2a01:4f8:160:6087::1]) by luna.archlinux.org (Postfix) with ESMTPS for ; Thu, 30 Jan 2020 16:29:38 +0000 (UTC) Received: from orion.archlinux.org (localhost [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id C601A18851DD94 for ; Thu, 30 Jan 2020 16:29:36 +0000 (UTC) Received: from localhost (unknown [IPv6:2a02:8070:24e4:b800:b66b:fcff:fe3e:6273]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: lfleischer) by orion.archlinux.org (Postfix) with ESMTPSA id 62AB818851DD93 for ; Thu, 30 Jan 2020 16:29:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=archlinux.org; s=orion; t=1580401776; bh=/mhLAdBIW5ithW13W4c534Z9RblqAlQsch9jLcgE5cE=; h=From:To:Subject:Date; b=cVKi9C2yFYb2TrAnNXhD/xw8O+iBM2wfvRtLnSyMGFvgSiHqwXPYZABn2pL7azv9/ lxNLWdxU3psr2B2x8I2D8TLXcRk7m+WWeweW/yOOCiEcA88AjWdJm+UPlGsbmNsZzo eFRYx2YBV+XMGKDWdZRZndUDyl/0kfxFwBsPWDk8nAw6q57jh3EVePWzLVDcpEInT2 q+cGvhHswmbEaBUFLcH5gtXuFrq4nLqG9dmcfYadjOqzKX80zm8ovnjGUkcoxrPjpB gm1ogTkZJlkhg6PbgmPbaRrhPd2lr0C29y3brOp5ydUKPWHtQOcxIXiP/NsiESWKQj +IpWe37jXeij0e+Z7powMaYyFI9+o8UjAP5GpExpAOAnIlQNzMhyosKoujEyEAfo5G gkTs+5iD5ZsA5NgWdrrrA8uBfLdp9/oy6EZJzAn4mfTdM5nrj5CzBBpI1STdhhyL2k 2f9w8qp3ALJp3NyBHqdrRTuEOMYiUcy+ooar3JlfUuMPmJBmTrNBi745bOXBKFP+Aa KdnkN7irHbO14P4JheTvJRIGuZTRfi9S9NJWNNB6hGYN/p+i4Mo/xDoh5k+t+WVykw pyhLx2+H0KSk2bHL6Yx3cFrYIHVFfmCfL5fTdUT2qR2AOApRWRlK+nrjx6Lit0ICdn KjfQcmwY6Y6bFmdLVBQLdhfQ= From: Lukas Fleischer To: aur-dev@archlinux.org Subject: [PATCH] Add option to send reset key for a given user name Date: Thu, 30 Jan 2020 17:29:44 +0100 Message-Id: <20200130162944.51132-1-lfleischer@archlinux.org> X-Mailer: git-send-email 2.25.0 MIME-Version: 1.0 X-BeenThere: aur-dev@archlinux.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Arch User Repository \(AUR\) Development" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: aur-dev-bounces@archlinux.org Sender: "aur-dev" In addition to supporting email addresses in the reset key form, also support user names. The reset key is then sent to the email address in the user's profile. Signed-off-by: Lukas Fleischer --- web/html/passreset.php | 25 ++++++++++++------------- web/lib/acctfuncs.inc.php | 13 +++++++------ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/web/html/passreset.php b/web/html/passreset.php index 9e7cee8..b3c8bd2 100644 --- a/web/html/passreset.php +++ b/web/html/passreset.php @@ -11,14 +11,14 @@ if (isset($_COOKIE["AURSID"])) { $error = ''; -if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confirm'])) { +if (isset($_GET['resetkey'], $_POST['user'], $_POST['password'], $_POST['confirm'])) { $resetkey = $_GET['resetkey']; - $email = $_POST['email']; + $user = $_POST['user']; $password = $_POST['password']; $confirm = $_POST['confirm']; - $uid = uid_from_email($email); + $uid = uid_from_loginname($user); - if (empty($email) || empty($password)) { + if (empty($user) || empty($password)) { $error = __('Missing a required field.'); } elseif ($password != $confirm) { $error = __('Password fields do not match.'); @@ -31,16 +31,15 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir } if (empty($error)) { - $error = password_reset($password, $resetkey, $email); + $error = password_reset($password, $resetkey, $user); } -} elseif (isset($_POST['email'])) { - $email = $_POST['email']; - $username = username_from_id(uid_from_email($email)); +} elseif (isset($_POST['user'])) { + $user = $_POST['user']; - if (empty($email)) { + if (empty($user)) { $error = __('Missing a required field.'); } else { - send_resetkey($email); + send_resetkey($user); header('Location: ' . get_uri('/passreset/') . '?step=confirm'); exit(); } @@ -67,7 +66,7 @@ html_header(__("Password Reset")); - + @@ -89,8 +88,8 @@ html_header(__("Password Reset"));
-

-

+

+

diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 345d27a..f6cda69 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -755,13 +755,13 @@ function create_resetkey($resetkey, $uid) { /** * Send a reset key to a specific e-mail address * - * @param string $email E-mail address of the user resetting their password + * @param string $user User name or email address of the user * @param bool $welcome Whether to use the welcome message * * @return void */ -function send_resetkey($email, $welcome=false) { - $uid = uid_from_email($email); +function send_resetkey($user, $welcome=false) { + $uid = uid_from_loginname($user); if ($uid == null) { return; } @@ -779,11 +779,11 @@ function send_resetkey($email, $welcome=false) { * * @param string $password The new password * @param string $resetkey Code e-mailed to a user to reset a password - * @param string $email E-mail address of the user resetting their password + * @param string $user User name or email address of the user * * @return string|void Redirect page if successful, otherwise return error message */ -function password_reset($password, $resetkey, $email) { +function password_reset($password, $resetkey, $user) { $hash = password_hash($password, PASSWORD_DEFAULT); $dbh = DB::connect(); @@ -792,7 +792,8 @@ function password_reset($password, $resetkey, $email) { $q.= "ResetKey = '' "; $q.= "WHERE ResetKey != '' "; $q.= "AND ResetKey = " . $dbh->quote($resetkey) . " "; - $q.= "AND Email = " . $dbh->quote($email); + $q.= "AND (Email = " . $dbh->quote($user) . " OR "; + $q.= "UserName = " . $dbh->quote($user) . ")"; $result = $dbh->exec($q); if (!$result) {