summaryrefslogtreecommitdiff
path: root/src/application
diff options
context:
space:
mode:
authorJonas Kohl2024-09-19 11:28:12 +0200
committerJonas Kohl2024-09-19 11:28:12 +0200
commit35db6e71fc7196af1757be17d2a3919246476683 (patch)
tree07e7c6ddd3260cdbe7e662f434f1407a37c832d1 /src/application
parent01454544896827113e49db0d2848b5aab6ce14ae (diff)
Add password reset
Diffstat (limited to 'src/application')
-rw-r--r--src/application/messages/de.msg40
-rw-r--r--src/application/mystic/forum/orm/User.php2
-rw-r--r--src/application/views/form_login.php3
-rw-r--r--src/application/views/form_new_password.php38
-rw-r--r--src/application/views/form_password_reset.php41
5 files changed, 124 insertions, 0 deletions
diff --git a/src/application/messages/de.msg b/src/application/messages/de.msg
index 3a334a9..cac30e7 100644
--- a/src/application/messages/de.msg
+++ b/src/application/messages/de.msg
@@ -353,3 +353,43 @@ metadata({
: "Retype password:"
= "Passwort wiederholen:"
+
+: "The password reset link is either invalid or it expired"
+= "Der Link zum Password Zurücksetzen ist entweder ungültig oder abgelaufen"
+
+: "Password reset successfully!"
+= "Passwort erfolgreich zurückgesetzt!"
+
+: "Forgot your password? No problem!"
+= "Passwort vergessen? Kein Problem!"
+
+: "If an account exists with the given email address, we will have sent a password reset link to that email address."
+= "Falls ein Nutzerkonto mit der angegebenen E-Mail-Adresse existiert haben wir dieser einen Link zum Password Zurücksetzen zugesandt."
+
+: "Hello, %user_display_name%!\n"
+ "\n"
+ "a password reset has been requested successfully! Please click the link below to set a new password:\n"
+ "%reset_link%\n"
+ "\n"
+ "If this wasn't you, you can safely ignore this email. The link will only be valid for one hour.\n"
+ "\n"
+ "Kind regards,\n"
+ "%forum_copyright%"
+= "Hallo, %user_display_name%!\n"
+ "\n"
+ "das Zurücksetzen Ihres Passwortes wurde erfolgreich angefragt. Bitte klicken Sie auf den untenstehenden Link, um Ihr Passwort zurückzusetzen:\n"
+ "%reset_link%\n"
+ "\n"
+ "Falls Sie dies nicht waren, können Sie diese E-Mail ignorieren. Der Link ist nur für eine Stunde gültig.\n"
+ "\n"
+ "Mit freundlichen Grüßen,\n"
+ "%forum_copyright%"
+
+: "Reset password"
+= "Passwort zurücksetzen"
+
+: "I forgot my password"
+= "Ich habe mein Passwort vergessen"
+
+: "I know my password and I want to %link%log in%/link%!"
+= "Ich kenne mein Passwort und möchte mich %link%anmelden%/link%!"
diff --git a/src/application/mystic/forum/orm/User.php b/src/application/mystic/forum/orm/User.php
index 97acbaf..1bf02f1 100644
--- a/src/application/mystic/forum/orm/User.php
+++ b/src/application/mystic/forum/orm/User.php
@@ -23,6 +23,8 @@ class User extends Entity {
public bool $passwordResetRequired;
public string $activationToken;
public bool $activated;
+ #[Unique] public ?string $passwordResetToken;
+ public ?\DateTimeImmutable $passwordResetTokenCreated;
#[Column(columnType: "bytea")] public ?string $profilePicture;
public ?\DateTimeImmutable $nameLastChanged;
diff --git a/src/application/views/form_login.php b/src/application/views/form_login.php
index 1c4a9ea..acef1ff 100644
--- a/src/application/views/form_login.php
+++ b/src/application/views/form_login.php
@@ -21,6 +21,8 @@ if (($_formError = RequestUtils::getAndClearFormError("login")) !== null) {
?>
<form action="<?= htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post">
<input type="hidden" name="form_id" value="login">
+<input type="hidden" name="token" value="<?= htmlentities($token) ?>">
+<input type="hidden" name="sig" value="<?= htmlentities($signature) ?>">
<div class="form-group">
<label for="i_username"><?= __("Username:") ?></label>
<input class="form-control" type="text" id="i_username" name="username" value="<?= htmlentities($lastForm["username"] ?? "") ?>" required autofocus>
@@ -33,6 +35,7 @@ if (($_formError = RequestUtils::getAndClearFormError("login")) !== null) {
<div class="form-group">
<button class="btn btn-primary" type="submit"><?= __("Log in") ?></button>
+ <a href="?_action=pwreset"><?= __("I forgot my password") ?></a>
</div>
<div class="form-group">
diff --git a/src/application/views/form_new_password.php b/src/application/views/form_new_password.php
new file mode 100644
index 0000000..7431bd5
--- /dev/null
+++ b/src/application/views/form_new_password.php
@@ -0,0 +1,38 @@
+<?php
+
+use mystic\forum\utils\RequestUtils;
+
+$lastFormUri = "";
+$lastForm = RequestUtils::getLastForm($lastFormUri) ?? [];
+if ($lastFormUri !== $_SERVER["REQUEST_URI"]) $lastForm = [];
+RequestUtils::clearLastForm();
+
+?>
+<div class="page-header margin-top-0">
+ <h1><?= __("Reset password") ?></h1>
+</div>
+<div class="col-md-4"></div>
+<div class="well col-md-4">
+<?php
+if (($_formError = RequestUtils::getAndClearFormError("pwnew")) !== null) {
+ _view("alert_error", ["message" => $_formError]);
+}
+?>
+<form action="<?= htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post">
+<input type="hidden" name="form_id" value="pwnew">
+<div class="form-group">
+ <label for="i_new_password"><?= __("New password:") ?></label>
+ <input class="form-control" type="password" id="i_new_password" name="new_password" required autofocus>
+</div>
+
+<div class="form-group">
+ <label for="i_retype_password"><?= __("Retype password:") ?></label>
+ <input class="form-control" type="password" id="i_retype_password" name="retype_password" required>
+</div>
+
+<div class="form-group">
+ <button class="btn btn-primary" type="submit"><?= __("Set new password") ?></button>
+</div>
+</form>
+</div>
+<div class="col-md-4"></div>
diff --git a/src/application/views/form_password_reset.php b/src/application/views/form_password_reset.php
new file mode 100644
index 0000000..57d8ed2
--- /dev/null
+++ b/src/application/views/form_password_reset.php
@@ -0,0 +1,41 @@
+<?php
+
+use mystic\forum\Messaging;
+use mystic\forum\utils\RequestUtils;
+
+$lastFormUri = "";
+$lastForm = RequestUtils::getLastForm($lastFormUri) ?? [];
+if ($lastFormUri !== $_SERVER["REQUEST_URI"]) $lastForm = [];
+RequestUtils::clearLastForm();
+
+?>
+<div class="page-header margin-top-0">
+ <h1><?= __("Reset password") ?></h1>
+</div>
+<div class="col-md-4"></div>
+<div class="well col-md-4">
+<?php
+if (($_formError = RequestUtils::getAndClearFormError("pwreset")) !== null) {
+ _view("alert_error", ["message" => $_formError]);
+}
+?>
+<form action="<?= htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post">
+<input type="hidden" name="form_id" value="pwreset">
+<div class="form-group">
+ <label for="i_username"><?= __("Email address:") ?></label>
+ <input class="form-control" type="email" id="i_email" name="email" value="<?= htmlentities($lastForm["email"] ?? "") ?>" required autofocus>
+</div>
+
+<div class="form-group">
+ <button class="btn btn-primary" type="submit"><?= __("Reset password") ?></button>
+</div>
+
+<div class="form-group">
+ <?= __("I know my password and I want to %link%log in%/link%!", [
+ "link" => '<a href="?_action=auth">',
+ "/link" => '</a>',
+ ]) ?>
+</div>
+</form>
+</div>
+<div class="col-md-4"></div>