diff --git a/components/accountrecovery.php b/components/accountrecovery.php new file mode 100755 index 0000000000000000000000000000000000000000..1454a80a8d2b3916943607db287cf23d63cd7a8a --- /dev/null +++ b/components/accountrecovery.php @@ -0,0 +1,62 @@ +assign("title", "Account Recovery"); + //Have they already started resetting? + if(isset($session->data['recoveryuser']) && isset($_POST['newpass'])) { + $ldifpath = '/tmp/passreset_' . $session->data['recoveryuser'] . '.ldif'; + if ($_POST['newpass'] !== $_POST['newpass2']){ + trigger_error("The passwords must match.", E_USER_WARNING); + } + elseif (weakPassword($_POST['newpass'])){ + trigger_error("Your password is too weak!", E_USER_WARNING); + unset($newpass); + } + else{ + //Reset their password + $hashpass = base64_encode(sha1($_POST['newpass'], true)); + $ldif = "dn: uid=" . $session->data['recoveryuser']. ",ou=People,dc=sucs,dc=org +changetype: modify +replace: userPassword +userPassword: {SHA}$hashpass"; + + file_put_contents($ldifpath, $ldif); + //for now specify the full command, would be nicer to have a shell script for this instead. + system("ldapmodify -x -H ldap://silver -D'cn=Manager,dc=sucs,dc=org' -y /etc/ldap.secret -f " . $ldifpath); + unlink($ldifpath); + unset($session->data['recoveryuser']); + message_flash("Your password has been successfully changed."); + } + } + else{ + $mode = 'auth'; + //if they have tried to log in, try and auth them + if (isset($_POST['username'])) $authd = ldapAuth($_POST['username'], $_POST['password']); + //auth failed, tell them they got something wrong + if ($authd == "nope") { + trigger_error("Bad username or password", E_USER_WARNING); + } + elseif ($authd == "uni"){ + //if they are authd, try and get their username + $usrname = $sucsDB->GetOne('SELECT username FROM members WHERE sid=?', $_POST['username']); + //check if they are a member of sucs + if($usrname !== ""){ + $session->data["recoveryuser"] = $usrname; + $mode = 'resetpass'; + } + else{ + header('Location: http://www.swansea-union.co.uk/mysociety/sucs/'); + } + } + } + //Things to make smarty work + $smarty->assign("mode", $mode); + $smarty->assign("usrname", $usrname); + $output=$smarty->fetch("accountrecovery.tpl"); + $smarty->assign("body", $output); + +?> diff --git a/htdocs/index.php b/htdocs/index.php index 32ecc1e6ac92a2d106218113d4dfbe39cba30d3f..ee1c2f72600ec05fad275795baaa1ae4a13e8d4e 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -1,5 +1,5 @@ This form allows you to recover your SUCS username and password, in case you forgot them, using your university login details.

diff --git a/templates/accountrecovery.tpl b/templates/accountrecovery.tpl new file mode 100644 index 0000000000000000000000000000000000000000..55b366c25d58d685ac8b50292ce0357ab53131d8 --- /dev/null +++ b/templates/accountrecovery.tpl @@ -0,0 +1,29 @@ +{include file="../static/fragments/Recovery.txt"} + +
+
+

Account Recovery

+
+
+ {if $mode == 'auth'} +

Please enter your university username and password

+
+ +
+ +
+ +
+ {elseif $mode == 'resetpass'} +
+

Your SUCS username is {$usrname}

+

Please enter the new password for your account:

+ +

Enter the password again:

+ + +
+ {/if} +
+
+
\ No newline at end of file diff --git a/templates/login.tpl b/templates/login.tpl index 10e8f1cb9e60144ca576592e29ada1a988f82fe7..e3d8ce0825813288e4c364f8a3104ccfc6d05da4 100644 --- a/templates/login.tpl +++ b/templates/login.tpl @@ -22,6 +22,8 @@
+ Forgotten your username or password? Click here. +
No Account? Don't worry, sign up today! {/if}