bsw@224: trace.disable() bsw@224: bsw/jbe@6: local secret = param.get("secret") bsw/jbe@6: bsw/jbe@6: if not secret then bsw/jbe@6: bsw/jbe@6: local member = Member:new_selector() bsw/jbe@6: :add_where{ "login = ?", param.get("login") } bsw/jbe@6: :add_where("password_reset_secret ISNULL OR password_reset_secret_expiry < now()") bsw/jbe@6: :optional_object_mode() bsw/jbe@6: :exec() bsw/jbe@6: bsw/jbe@6: if member then bsw/jbe@6: if not member.notify_email then bsw/jbe@6: slot.put_into("error", _"Sorry, but there is not confirmed email address for your account. Please contact the administrator or support.") bsw/jbe@6: return false bsw/jbe@6: end bsw/jbe@6: member.password_reset_secret = multirand.string( 24, "23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz" ) bsw/jbe@6: local expiry = db:query("SELECT now() + '1 days'::interval as expiry", "object").expiry bsw/jbe@6: member.password_reset_secret_expiry = expiry bsw/jbe@6: member:save() bsw/jbe@6: local content = slot.use_temporary(function() bsw/jbe@6: slot.put(_"Hello " .. member.name .. ",\n\n") bsw/jbe@6: slot.put(_"to reset your password please click on the following link:\n\n") jbe@326: slot.put(request.get_absolute_baseurl() .. "index/reset_password.html?secret=" .. member.password_reset_secret .. "\n\n") bsw/jbe@6: slot.put(_"If this link is not working, please open following url in your web browser:\n\n") jbe@326: slot.put(request.get_absolute_baseurl() .. "index/reset_password.html\n\n") bsw/jbe@6: slot.put(_"On that page please enter the reset code:\n\n") bsw/jbe@6: slot.put(member.password_reset_secret .. "\n\n") bsw/jbe@6: end) bsw/jbe@6: local success = net.send_mail{ bsw/jbe@6: envelope_from = config.mail_envelope_from, bsw/jbe@6: from = config.mail_from, bsw/jbe@6: reply_to = config.mail_reply_to, bsw/jbe@6: to = member.notify_email, bsw/jbe@6: subject = config.mail_subject_prefix .. _"Password reset request", bsw/jbe@6: content_type = "text/plain; charset=UTF-8", bsw/jbe@6: content = content bsw/jbe@6: } bsw/jbe@6: end bsw/jbe@6: bsw/jbe@6: slot.put_into("notice", _"Reset link has been send for this member") bsw/jbe@6: bsw/jbe@6: else bsw/jbe@6: local member = Member:new_selector() bsw/jbe@6: :add_where{ "password_reset_secret = ?", secret } bsw/jbe@6: :add_where{ "password_reset_secret_expiry > now()" } bsw/jbe@6: :optional_object_mode() bsw/jbe@6: :exec() bsw/jbe@6: bsw/jbe@6: if not member then bsw/jbe@6: slot.put_into("error", _"Reset code is invalid!") bsw/jbe@6: return false bsw/jbe@6: end bsw/jbe@6: bsw/jbe@6: local password1 = param.get("password1") bsw/jbe@6: local password2 = param.get("password2") bsw/jbe@6: bsw/jbe@6: if password1 ~= password2 then bsw/jbe@6: slot.put_into("error", _"Passwords don't match!") bsw/jbe@6: return false bsw/jbe@6: end bsw/jbe@6: bsw/jbe@6: if #password1 < 8 then bsw/jbe@6: slot.put_into("error", _"Passwords must consist of at least 8 characters!") bsw/jbe@6: return false bsw/jbe@6: end bsw/jbe@6: bsw/jbe@6: member:set_password(password1) bsw/jbe@6: member.password_reset_secret = nil bsw/jbe@6: member.password_reset_secret_expiry = nil bsw/jbe@6: member:save() bsw/jbe@6: bsw/jbe@6: slot.put_into("notice", _"Password has been reset successfully") bsw/jbe@6: jbe@326: end