Skip to content

Commit

Permalink
feature 2027 implemented: the "lost password" feature was rewritten.
Browse files Browse the repository at this point in the history 
The algorithm is highly inspired from WordPress :

1) in a single field, you give a username or an email
2) Piwigo sends an email with the activation key
3) the user clicks on the link in the email (with the activation key) and is able to set a new password

The "lost password" feature is no longer limited to "classic" users:
administrators and webmasters can use it too (no need to tell webmasters
that they can only change their password in the database)


git-svn-id: http://piwigo.org/svn/trunk@11992 68402e56-0260-453c-a942-63ccdbb3a9ee
  • Loading branch information
@plegall
plegall committed Aug 24, 2011
1 parent c1d7fbe commit 2de0f01
Show file tree
Hide file tree
Showing 55 changed files with 520 additions and 332 deletions.
48 changes: 48 additions & 0 deletions include/functions_user.inc.php
View file
Expand Up @@ -798,6 +798,31 @@ function get_userid($username)
}
}

function get_userid_by_email($email)
{
global $conf;

$email = pwg_db_real_escape_string($email);

$query = '
SELECT
'.$conf['user_fields']['id'].'
FROM '.USERS_TABLE.'
WHERE UPPER('.$conf['user_fields']['email'].') = UPPER(\''.$email.'\')
;';
$result = pwg_query($query);

if (pwg_db_num_rows($result) == 0)
{
return false;
}
else
{
list($user_id) = pwg_db_fetch_row($result);
return $user_id;
}
}

/**
* search an available feed_id
*
Expand Down Expand Up @@ -1472,4 +1497,27 @@ function get_sql_condition_FandF(
return $sql;
}

/**
* search an available activation_key
*
* @return string
*/
function get_user_activation_key()
{
while (true)
{
$key = generate_key(20);
$query = '
SELECT COUNT(*)
FROM '.USER_INFOS_TABLE.'
WHERE activation_key = \''.$key.'\'
;';
list($count) = pwg_db_fetch_row(pwg_query($query));
if (0 == $count)
{
return $key;
}
}
}

?>
53 changes: 53 additions & 0 deletions install/db/111-database.php
View file
@@ -0,0 +1,53 @@
<?php
// +-----------------------------------------------------------------------+
// | Piwigo - a PHP based photo gallery |
// +-----------------------------------------------------------------------+
// | Copyright(C) 2008-2011 Piwigo Team http://piwigo.org |
// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net |
// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick |
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation |
// | |
// | This program is distributed in the hope that it will be useful, but |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
// | General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+

if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}

$upgrade_description = 'New colum user_infos.activation_key';

// Add column
$query = 'ALTER TABLE '.USER_INFOS_TABLE.' ADD COLUMN ';

if ('mysql' == $conf['dblayer'])
{
$query.= ' `activation_key` char(20) default NULL';
}

if (in_array($conf['dblayer'], array('pgsql', 'sqlite', 'pdo-sqlite')))
{
$query.= ' "activation_key" CHAR(20) default NULL';
}

$query.= ';';

pwg_query($query);

echo
"\n"
. $upgrade_description
."\n"
;
?>
1 change: 1 addition & 0 deletions install/piwigo_structure-mysql.sql
View file
Expand Up @@ -417,6 +417,7 @@ CREATE TABLE `piwigo_user_infos` (
`registration_date` datetime NOT NULL default '0000-00-00 00:00:00',
`enabled_high` enum('true','false') NOT NULL default 'true',
`level` tinyint unsigned NOT NULL default '0',
`activation_key` char(20) default NULL,
UNIQUE KEY `user_infos_ui1` (`user_id`)
) ENGINE=MyISAM;

Expand Down
1 change: 1 addition & 0 deletions install/piwigo_structure-pdo-sqlite.sql
View file
Expand Up @@ -480,6 +480,7 @@ CREATE TABLE piwigo_user_infos
"registration_date" TIMESTAMP NOT NULL,
"enabled_high" BOOLEAN default true,
"level" INTEGER default 0 NOT NULL,
"activation_key" CHAR(20) default NULL,
PRIMARY KEY ("user_id"),
CONSTRAINT "user_infos_ui1" UNIQUE ("user_id")
);
Expand Down
1 change: 1 addition & 0 deletions install/piwigo_structure-pgsql.sql
View file
Expand Up @@ -581,6 +581,7 @@ CREATE TABLE "piwigo_user_infos"
"registration_date" TIMESTAMP NOT NULL,
"enabled_high" BOOLEAN default true,
"level" INTEGER default 0 NOT NULL,
"activation_key" CHAR(20) default NULL,
PRIMARY KEY ("user_id"),
CONSTRAINT "user_infos_ui1" UNIQUE ("user_id")
);
Expand Down
1 change: 1 addition & 0 deletions install/piwigo_structure-sqlite.sql
View file
Expand Up @@ -480,6 +480,7 @@ CREATE TABLE piwigo_user_infos
"registration_date" TIMESTAMP NOT NULL,
"enabled_high" BOOLEAN default true,
"level" INTEGER default 0 NOT NULL,
"activation_key" CHAR(20) default NULL,
PRIMARY KEY ("user_id"),
CONSTRAINT "user_infos_ui1" UNIQUE ("user_id")
);
Expand Down
5 changes: 0 additions & 5 deletions language/af_ZA/common.lang.php
View file
Expand Up @@ -88,9 +88,6 @@
$lang['N/A'] = "Nvt";
$lang['New on %s'] = "Nuut op %s";
$lang['New password confirmation does not correspond'] = "U wagwoord bevestiging stem nie ooreen nie";
$lang['New password sent by email'] = "Nuwe wagwoord per epos gestuur";
$lang['No email address'] = "Geen epos adres nie";
$lang['No classic user matches this email address'] = "Geen gebruiker met die epos adres nie";
$lang['Notification'] = "Kennisgewing";
$lang['Number of items'] = "Getal items";
$lang['Original dimensions'] = "Oorspronklike afmetings";
Expand All @@ -110,7 +107,6 @@
$lang['Search tags'] = "Soek sleutelwoorde";
$lang['Search'] = "Soek";
$lang['display available tags'] = "Vertoon beskikbare sleutelwoorde";
$lang['Send new password'] = "Stuur nuwe wagwoord";
$lang['Since'] = "Sedert";
$lang['Sort by'] = "Sorteer volgens";
$lang['Sort order'] = "Sorteer orde";
Expand Down Expand Up @@ -304,7 +300,6 @@
$lang['Registration of %s'] = "Registrasie van %s";
$lang['Album: %s'] = "Album: %s";
$lang['Bad status for user "guest", using default status. Please notify the webmaster.'] = "Swak status vir gebruiker \"gas\", verstek status sal gebruik word. Kontak die webwerf adminisrateur.";
$lang['Administrator, webmaster and special user cannot use this method'] = "Administrateur, webwerf administrateur en spesiale gebruikers kan nie die metode gebruik nie";
$lang['this email address is already in use'] = "die epos is reeds in gebruik";
$lang['Album results for'] = "Album resultate vir";
$lang['Tag results for'] = "Sleutelwoord resultate vir";
Expand Down
5 changes: 0 additions & 5 deletions language/ar_SA/common.lang.php
View file
Expand Up @@ -92,9 +92,6 @@
$lang['N/A'] = 'غير معروف';
$lang['New on %s'] = 'جديد لـ %s';
$lang['New password confirmation does not correspond'] = 'كلمة المرور ليست متطابقة';
$lang['New password sent by email'] = 'كلمة المرور ارسلت لبريدك الالكتورني';
$lang['No email address'] = 'لا بريد الكتروني';
$lang['No classic user matches this email address'] = 'لا يوجد مستخدم مطابق لهذا البريد الالكتروني';
$lang['Notification'] = 'تحديثات جديدة';
$lang['Number of items'] = 'عدد البنود';
$lang['Original dimensions'] = 'الابعاد الاصلية';
Expand All @@ -115,7 +112,6 @@
$lang['Search tags'] = 'كلمات البحث';
$lang['Search'] = 'بحث';
$lang['display available tags'] = 'أنظر في الكلمات الدلائلية';
$lang['Send new password'] = 'ارسال كلمة مرور جديدة';
$lang['Since'] = 'منذ';
$lang['Sort by'] = 'ترتيب حسب ..';
$lang['Sort order'] = 'طريقة العرض';
Expand Down Expand Up @@ -315,7 +311,6 @@
$lang['Registration of %s'] = 'تسجيل %s';
$lang['Album: %s'] = 'الألبوم: %s';
$lang['Bad status for user "guest", using default status. Please notify the webmaster.'] = 'وضغ سيئ للضيف "ضيف", استخدم الحالة الافرتاضية. يرجى ابلاغ المسؤول عن الموقع.';
$lang['Administrator, webmaster and special user cannot use this method'] = 'خاصية للادارة فقط لايمكنك استخدامها';
$lang['this email address is already in use'] = 'هذا البريد مسجل لدينامن قبل';
$lang['Album results for'] = 'نتيجة البحث في الالبومات عن:';
$lang['Tag results for'] = 'نتائج الكلمات الدلائلية';
Expand Down
5 changes: 0 additions & 5 deletions language/bg_BG/common.lang.php
View file
Expand Up @@ -132,7 +132,6 @@
$lang['Registration of %s'] = 'Регистрация на %s';
$lang['Album: %s'] = 'Албум: %s';
$lang['Bad status for user "guest", using default status. Please notify the webmaster.'] = 'Грешен статус за потребител "guest", ще бъде използвана настройка по подразбиране. Моля уведомете уебмастерът.';
$lang['Administrator, webmaster and special user cannot use this method'] = 'Администратор, уебмастър и специални потребители не могат да използват този метод';
$lang['this email address is already in use'] = 'този емайл адрес вече се използва.';
$lang['Album results for'] = 'Албумни резултати за';
$lang['Tag results for'] = 'Таг резултати за';
Expand Down Expand Up @@ -171,9 +170,6 @@
$lang['N/A'] = 'N/A';
$lang['New on %s'] = 'Нови на %s';
$lang['New password confirmation does not correspond'] = 'Потвърждението за нова парола не съвпада';
$lang['New password sent by email'] = 'Нова парола бе изпратена на мейла';
$lang['No email address'] = 'Няма мейл адрес';
$lang['No classic user matches this email address'] = 'Няма потребител със следният мейл адрес.';
$lang['Notification'] = 'RSS';
$lang['Number of items'] = 'Брой обекти';
$lang['Original dimensions'] = 'Оригинален размер';
Expand All @@ -194,7 +190,6 @@
$lang['Search tags'] = 'Търси тагове';
$lang['Search'] = 'Търси';
$lang['display available tags'] = 'покажи налични тагове';
$lang['Send new password'] = 'Изпрати нова парола';
$lang['Since'] = 'От';
$lang['Sort by'] = 'Сортирано по';
$lang['Sort order'] = 'Сортирай по';
Expand Down
5 changes: 0 additions & 5 deletions language/ca_ES/common.lang.php
View file
Expand Up @@ -90,9 +90,6 @@
$lang['N/A'] = 'N/A';
$lang['New on %s'] = 'Nou a %s';
$lang['New password confirmation does not correspond'] = 'La confirmació de la nova contrasenya no correspon';
$lang['New password sent by email'] = 'La nova contrasenya s\'ha enviat per correu electrònic';
$lang['No email address'] = 'No hi ha l\'adreça de correu electrònic';
$lang['No classic user matches this email address'] = 'No concorda cap usuari clàssic amb aquesta adreça de correu';
$lang['Notification'] = 'Notificació';
$lang['Number of items'] = 'Nombre d\'elements';
$lang['Original dimensions'] = 'Dimensions originals';
Expand All @@ -113,7 +110,6 @@
$lang['Search tags'] = 'Cerca etiquetes';
$lang['Search'] = 'Cerca';
$lang['display available tags'] = 'Veure etiquetes disponibles';
$lang['Send new password'] = 'Envia nova contrasenya';
$lang['Since'] = 'Des de';
$lang['Sort by'] = 'Ordena per';
$lang['Sort order'] = 'Ordenar'; //??
Expand Down Expand Up @@ -311,7 +307,6 @@
$lang['Registration of %s'] = 'Registrat de %s';
$lang['Album: %s'] = 'Categoria: %s';
$lang['Bad status for user "guest", using default status. Please notify the webmaster.'] = 'Estat erroni de l\'usuari "invitat", s\'està utilitzant l\'estat predeterminat. Si us plau informeu-ho a l\'administrador de la web.';
$lang['Administrator, webmaster and special user cannot use this method'] = 'L\'administrador, l\'administrador de la web i els usuaris especials no poden utilitzar aquest mètode';
$lang['this email address is already in use'] = 'un usuari ja utilitza aquesta adreça de correu';
$lang['Album results for'] = 'Resultats de la categoria per';
$lang['Tag results for'] = 'Resultats de l\'etiqueta per';
Expand Down
5 changes: 0 additions & 5 deletions language/cs_CZ/common.lang.php
View file
Expand Up @@ -94,9 +94,6 @@
$lang['N/A'] = 'nezadáno';
$lang['New on %s'] = 'Nový na %s';
$lang['New password confirmation does not correspond'] = 'Zadaná hesla se neshodují.';
$lang['New password sent by email'] = 'Nové heslo bylo zasláno e-mailem';
$lang['No email address'] = 'Bez e-mailové adresy';
$lang['No classic user matches this email address'] = 'Nebyl nalezen žádný uživatel se zadanou e-mailovou adresou';
$lang['Notification'] = 'RSS vlákno';
$lang['Number of items'] = 'Počet položek';
$lang['Original dimensions'] = 'Původní rozměry';
Expand All @@ -116,7 +113,6 @@
$lang['Search tags'] = 'Hledat podle klíčových slov';
$lang['Search'] = 'Vyhledat';
$lang['display available tags'] = 'Ukázat dostupná klíčová slova';
$lang['Send new password'] = 'Poslat nové heslo';
$lang['Since'] = 'Od';
$lang['Sort by'] = 'Řadit podle';
$lang['Sort order'] = 'Směr řazení';
Expand Down Expand Up @@ -313,7 +309,6 @@
$lang['Registration of %s'] = 'Registrace %s';
$lang['Album: %s'] = 'Album: %s';
$lang['Bad status for user "guest", using default status. Please notify the webmaster.'] = 'Špatný stav pro uživatele "host", bude použit výchozí stav. Prosím informujte administrátora.';
$lang['Administrator, webmaster and special user cannot use this method'] = 'Administrátor nemůže použít tuto metodu.';
$lang['this email address is already in use'] = 'Tato e-mailová adresa je již používána';
$lang['Album results for'] = 'Alba výsledky pro';
$lang['Tag results for'] = 'Výsledky pro klíčová slova';
Expand Down
5 changes: 0 additions & 5 deletions language/da_DK/common.lang.php
View file
Expand Up @@ -92,9 +92,6 @@
$lang['N/A'] = 'N/A';
$lang['New on %s'] = 'Ny på %s';
$lang['New password confirmation does not correspond'] = 'Nyt password stemmer ikke';
$lang['New password sent by email'] = 'Nyt password er sendt via email';
$lang['No email address'] = 'Ingen email addresse';
$lang['No classic user matches this email address'] = 'Ingen bruger matcher denne email addresse';
$lang['Notification'] = 'RSS feed';
$lang['Number of items'] = 'Antal af fotos';
$lang['Original dimensions'] = 'Originale dimensionser';
Expand All @@ -115,7 +112,6 @@
$lang['Search tags'] = 'søg tags';
$lang['Search'] = 'Søg';
$lang['display available tags'] = 'Se tilgængelige tags';
$lang['Send new password'] = 'Send nyt password';
$lang['Since'] = 'Siden';
$lang['Sort by'] = 'Sorter ';
$lang['Sort order'] = 'Sorterings orden';
Expand Down Expand Up @@ -312,7 +308,6 @@
$lang['Registration of %s'] = 'Registrering af %s';
$lang['Album: %s'] = 'kategori: %s';
$lang['Bad status for user "guest", using default status. Please notify the webmaster.'] = 'Forket status for gæste bruger. Kontakt webmaster.';
$lang['Administrator, webmaster and special user cannot use this method'] = 'Administrator, webmaster and specielle brugere akn ikke bruge denne metode';
$lang['this email address is already in use'] = 'en bruger bruger allerede denne mail addresse';
$lang['Album results for'] = 'kategori resulter for';
$lang['Tag results for'] = 'Tag resulter for';
Expand Down
5 changes: 0 additions & 5 deletions language/de_DE/common.lang.php
View file
Expand Up @@ -90,9 +90,6 @@
$lang['N/A'] = 'nicht vorhanden';
$lang['New on %s'] = 'Neu am %s';
$lang['New password confirmation does not correspond'] = 'Fehler bei der Bestätigung des Passwortes';
$lang['New password sent by email'] = 'Neues Passwort per E-Mail zugesendet';
$lang['No email address'] = 'Keine E-Mail-Adresse';
$lang['No classic user matches this email address'] = 'Diese E-Mail-Adresse ist nicht bekannt';
$lang['Notification'] = 'RSS-Feed';
$lang['Number of items'] = 'Anzahl der Elemente';
$lang['Original dimensions'] = 'Ursprüngliche Abmessungen';
Expand All @@ -112,7 +109,6 @@
$lang['Search tags'] = 'Stichworte suchen';
$lang['Search'] = 'Suchen';
$lang['display available tags'] = 'alle verfügbaren Stichworte';
$lang['Send new password'] = 'Sende mir ein neues Passwort';
$lang['Since'] = 'Seit';
$lang['Sort by'] = 'Sortieren nach';
$lang['Sort order'] = 'Sortierreihenfolge';
Expand Down Expand Up @@ -307,7 +303,6 @@
$lang['Registration of %s'] = 'Registrierung von %s';
$lang['Album: %s'] = 'Album: %s';
$lang['Bad status for user "guest", using default status. Please notify the webmaster.'] = 'Status, der Benutzer "guest" nicht entspricht, Verwendung des Standardstatus. Bitte kontaktieren Sie den Webmaster.';
$lang['Administrator, webmaster and special user cannot use this method'] = 'Administrator, Webmaster und spezielle Benutzer können diese Methode nicht verwenden';
$lang['this email address is already in use'] = 'diese E-Mail-Adresse wird bereits verwendet';
$lang['Album results for'] = 'Albumresultate für';
$lang['Tag results for'] = 'Stichwort-Ergebnisse für';
Expand Down
4 changes: 0 additions & 4 deletions language/dv_MV/common.lang.php
View file
Expand Up @@ -104,9 +104,6 @@
$lang['month'][8] = "އޮގަސްޓް";
$lang['month'][9] = "ސެޕްޓެމްބަރ";
$lang['New password confirmation does not correspond'] = 'އާ ސިއްރުބަސް ދިމައެއްނުވޭ';
$lang['New password sent by email'] = 'އީމެއިލް މެދުވެރިކޮށް އާ ސިއްރުބަސް ފޮނުވިއްޖެ';
$lang['No email address'] = 'އީމެއިލް އެޑްރެސްއެއް ނެތް';
$lang['No classic user matches this email address'] = 'އެއްވެސް ކްލާސިކް ޔޫސާ އަކާ މި އީމެއިލް އެޑްރެސް އަކާ ދިމައެއްނުވޭ';
$lang['Notification'] = 'އެންގުންތައް';
$lang['Number of items'] = 'ތަކެތީގެ އަދަދު';
$lang['Original dimensions'] = 'އޮރިޖިނަލް ޑައިމެންޝަންސް';
Expand All @@ -127,7 +124,6 @@
$lang['Search tags'] = 'ހޯދުމުގެ ޓެގްތައް';
$lang['Search'] = 'ހޯދާ';
$lang['display available tags'] = 'ހުރި ޓެގުތައް ދައްކަވާ';
$lang['Send new password'] = 'އާ ސިއްރުބަސް ލިބިވަޑައިގަންނަވާ';
$lang['Since'] = 'އިން ފެށިގެން';
$lang['Sort by'] = 'ގޮތަކަށް އަތުރާ';
$lang['Sort order'] = 'އެތުރުމުގެ އޯޑަރު';
Expand Down
5 changes: 0 additions & 5 deletions language/el_GR/common.lang.php
View file
Expand Up @@ -50,7 +50,6 @@
$lang['Album: %s'] = "Λεύκωμα: %s";
$lang['Creation date'] = "Ημερομηνία λήψης";
$lang['Bad status for user "guest", using default status. Please notify the webmaster.'] = "Σφάλμα για το χρήστη \"επισκέπτης\", θα χρησιμοποιηθεί η προεπιλεγμένη ρύθμιση. Παρακαλώ ενημερώστε τον διαχειριστή.";
$lang['Administrator, webmaster and special user cannot use this method'] = "Διαχειριστές, υπεύθυνοι και ειδικοί χρήστες δεν μπορούν να χρησιμοποιήσουν αυτή τη μέθοδο";
$lang['Album results for'] = "Αποτελέσματα λευκωμάτων για ";
$lang['Tag results for'] = "Αποτελέσματα ετικετών για";
$lang['from %s to %s'] = "από %s σε %s";
Expand Down Expand Up @@ -283,9 +282,6 @@
$lang['N/A'] = 'Δ/Υ';
$lang['New on %s'] = 'Καινούργιο στις %s';
$lang['New password confirmation does not correspond'] = 'Οι νέοι κωδικοί διαφέρουν μεταξύ τους';
$lang['New password sent by email'] = 'Ο νέος κωδικός έχει σταλεί με μήνυμα ηλεκτρονικού ταχυδρομείου';
$lang['No email address'] = 'Δεν υπάρχει διεύθυνση ηλεκτρονικού ταχυδρομείου';
$lang['No classic user matches this email address'] = 'Δεν υπάρχει χρήστης με αυτή τη διεύθυνση ηλεκτρονικού ταχυδρομείου';
$lang['Notification'] = 'Ενημερώσεις';
$lang['Number of items'] = 'Αριθμός αντικειμένων';
$lang['Original dimensions'] = 'Αρχικές διαστάσεις';
Expand All @@ -304,7 +300,6 @@
$lang['Search tags'] = 'Αναζήτηση στις ετικέτες';
$lang['Search'] = 'Αναζήτηση';
$lang['display available tags'] = 'εμφάνιση διαθέσιμων ετικετών';
$lang['Send new password'] = 'Αποστολή νέου κωδικού';
$lang['Since'] = 'Από';
$lang['Sort by'] = 'Ταξινόμηση βάση';
$lang['Sort order'] = 'Ταξινόμηση';
Expand Down

0 comments on commit 2de0f01

Please sign in to comment.