liquid_feedback_frontend: app/main/index/_action/reset

liquid_feedback_frontend

annotate app/main/index/_action/reset_password.lua @ 990:77873f08d94f

Completed support for check delegations, removed debug code

author	bsw
date	Sat Apr 20 19:26:58 2013 +0200 (2013-04-20)
parents	75ce92899049
children	e7fc3fed1593

rev	line source
bsw@224	1 trace.disable()
bsw@224	2
bsw/jbe@6	3 local secret = param.get("secret")
bsw/jbe@6	4
bsw/jbe@6	5 if not secret then
bsw/jbe@6	6
bsw/jbe@6	7 local member = Member:new_selector()
bsw/jbe@6	8 :add_where{ "login = ?", param.get("login") }
bsw/jbe@6	9 :add_where("password_reset_secret ISNULL OR password_reset_secret_expiry < now()")
bsw/jbe@6	10 :optional_object_mode()
bsw/jbe@6	11 :exec()
bsw/jbe@6	12
bsw/jbe@6	13 if member then
bsw/jbe@6	14 if not member.notify_email then
bsw/jbe@6	15 slot.put_into("error", _"Sorry, but there is not confirmed email address for your account. Please contact the administrator or support.")
bsw/jbe@6	16 return false
bsw/jbe@6	17 end
bsw/jbe@6	18 member.password_reset_secret = multirand.string( 24, "23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz" )
bsw/jbe@6	19 local expiry = db:query("SELECT now() + '1 days'::interval as expiry", "object").expiry
bsw/jbe@6	20 member.password_reset_secret_expiry = expiry
bsw/jbe@6	21 member:save()
bsw/jbe@6	22 local content = slot.use_temporary(function()
bsw/jbe@6	23 slot.put(_"Hello " .. member.name .. ",\n\n")
bsw/jbe@6	24 slot.put(_"to reset your password please click on the following link:\n\n")
jbe@326	25 slot.put(request.get_absolute_baseurl() .. "index/reset_password.html?secret=" .. member.password_reset_secret .. "\n\n")
bsw/jbe@6	26 slot.put(_"If this link is not working, please open following url in your web browser:\n\n")
jbe@326	27 slot.put(request.get_absolute_baseurl() .. "index/reset_password.html\n\n")
bsw/jbe@6	28 slot.put(_"On that page please enter the reset code:\n\n")
bsw/jbe@6	29 slot.put(member.password_reset_secret .. "\n\n")
bsw/jbe@6	30 end)
bsw/jbe@6	31 local success = net.send_mail{
bsw/jbe@6	32 envelope_from = config.mail_envelope_from,
bsw/jbe@6	33 from = config.mail_from,
bsw/jbe@6	34 reply_to = config.mail_reply_to,
bsw/jbe@6	35 to = member.notify_email,
bsw/jbe@6	36 subject = config.mail_subject_prefix .. _"Password reset request",
bsw/jbe@6	37 content_type = "text/plain; charset=UTF-8",
bsw/jbe@6	38 content = content
bsw/jbe@6	39 }
bsw/jbe@6	40 end
bsw/jbe@6	41
bsw@990	42 slot.put_into("notice", _"Your request has been processed.")
bsw/jbe@6	43
bsw/jbe@6	44 else
bsw/jbe@6	45 local member = Member:new_selector()
bsw/jbe@6	46 :add_where{ "password_reset_secret = ?", secret }
bsw/jbe@6	47 :add_where{ "password_reset_secret_expiry > now()" }
bsw/jbe@6	48 :optional_object_mode()
bsw/jbe@6	49 :exec()
bsw/jbe@6	50
bsw/jbe@6	51 if not member then
bsw/jbe@6	52 slot.put_into("error", _"Reset code is invalid!")
bsw/jbe@6	53 return false
bsw/jbe@6	54 end
bsw/jbe@6	55
bsw/jbe@6	56 local password1 = param.get("password1")
bsw/jbe@6	57 local password2 = param.get("password2")
bsw/jbe@6	58
bsw/jbe@6	59 if password1 ~= password2 then
bsw/jbe@6	60 slot.put_into("error", _"Passwords don't match!")
bsw/jbe@6	61 return false
bsw/jbe@6	62 end
bsw/jbe@6	63
bsw/jbe@6	64 if #password1 < 8 then
bsw/jbe@6	65 slot.put_into("error", _"Passwords must consist of at least 8 characters!")
bsw/jbe@6	66 return false
bsw/jbe@6	67 end
bsw/jbe@6	68
bsw/jbe@6	69 member:set_password(password1)
bsw/jbe@6	70 member.password_reset_secret = nil
bsw/jbe@6	71 member.password_reset_secret_expiry = nil
bsw/jbe@6	72 member:save()
bsw/jbe@6	73
bsw/jbe@6	74 slot.put_into("notice", _"Password has been reset successfully")
bsw/jbe@6	75
jbe@326	76 end