Changeset 11992 for trunk/include/functions_user.inc.php

Timestamp:

Aug 24, 2011, 10:03:53 PM (13 years ago)

Author:

plg

Message:

feature 2027 implemented: the "lost password" feature was rewritten.

The algorithm is highly inspired from WordPress :

1) in a single field, you give a username or an email
2) Piwigo sends an email with the activation key
3) the user clicks on the link in the email (with the activation key) and is able to set a new password

The "lost password" feature is no longer limited to "classic" users:
administrators and webmasters can use it too (no need to tell webmasters
that they can only change their password in the database)

File:

• trunk/include/functions_user.inc.php (modified) (2 diffs)

trunk/include/functions_user.inc.php

@@ -785 +785 @@
   FROM '.USERS_TABLE.'
   WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
+;';
+  $result = pwg_query($query);
+
+  if (pwg_db_num_rows($result) == 0)
+  {
+    return false;
+  }
+  else
+  {
+    list($user_id) = pwg_db_fetch_row($result);
+    return $user_id;
+  }
+}
+
+function get_userid_by_email($email)
+{
+  global $conf;
+
+  $email = pwg_db_real_escape_string($email);
+  
+  $query = '
+SELECT
+    '.$conf['user_fields']['id'].'
+  FROM '.USERS_TABLE.'
+  WHERE UPPER('.$conf['user_fields']['email'].') = UPPER(\''.$email.'\')
 ;';
   $result = pwg_query($query);
@@ -1473 +1498 @@
 }
 
+/**
+ * search an available activation_key
+ *
+ * @return string
+ */
+function get_user_activation_key()
+{
+  while (true)
+  {
+    $key = generate_key(20);
+    $query = '
+SELECT COUNT(*)
+  FROM '.USER_INFOS_TABLE.'
+  WHERE activation_key = \''.$key.'\'
+;';
+    list($count) = pwg_db_fetch_row(pwg_query($query));
+    if (0 == $count)
+    {
+      return $key;
+    }
+  }
+}
+
 ?>