3 * Request recovery of the lost password
5 * This page sends confirmation email with link to reset password
8 * Portions Copyright 1999-2001 (c) VA Linux Systems
9 * Copyright 2002-2004 (c) GForge Team
10 * Copyright 2010 (c) Franck Villaume
11 * Copyright (C) 2012 Alain Peyrat - Alcatel-Lucent
12 * http://fusionforge.org/
14 * This file is part of FusionForge. FusionForge is free software;
15 * you can redistribute it and/or modify it under the terms of the
16 * GNU General Public License as published by the Free Software
17 * Foundation; either version 2 of the Licence, or (at your option)
20 * FusionForge is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License along
26 * with FusionForge; if not, write to the Free Software Foundation, Inc.,
27 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
31 require_once '../env.inc.php';
32 require_once $gfcommon.'include/pre.php';
34 if (getStringFromRequest('submit')) {
35 if (!form_key_is_valid(getStringFromRequest('form_key'))) {
36 exit_form_double_submit('my');
39 $loginname = getStringFromRequest('loginname');
41 $u = user_get_object_by_name($loginname);
43 if (!$u || !is_object($u)){
44 form_release_key(getStringFromRequest('form_key'));
45 exit_error(_('That user does not exist.'),'my');
48 // First, we need to create new confirm hash
50 $confirm_hash = md5(forge_get_config('session_key') . strval(time()) . strval(util_randbytes()));
52 $u->setNewEmailAndHash($u->getEmail(), $confirm_hash);
54 form_release_key(getStringFromRequest('form_key'));
55 exit_error($u->getErrorMessage(),'my');
58 $message = sprintf(_('Someone (presumably you) on the %s site requested a password change through email verification.'),
59 forge_get_config ('forge_name'));
60 $message .= _('If this was not you, ignore this message and nothing will happen.');
63 $message .= _('If you requested this verification, visit the following URL to change your password:');
66 $message .= util_make_url("/account/lostlogin.php?ch=_".$confirm_hash);
68 $message .= sprintf(_('-- the %s staff'), forge_get_config ('forge_name'));
71 util_send_message($u->getEmail(),sprintf(_('%1$s Verification'), forge_get_config ('forge_name')),$message);
73 $HTML->header(array('title'=>_('Lost Password Confirmation')));
75 echo '<p>'.printf(_('An email has been sent to the address you have on file. Follow the instructions in the email to change your account password.').'</p><p><a href="%1$s">'._("Home").'</a>', util_make_url ('/')).'</p>';
77 $HTML->footer(array());
82 $HTML->header(array('title'=>"Lost Account Password"));
84 echo '<p>' . _('Hey... losing your password is serious business. It compromises the security of your account, your projects, and this site.') . '</p>';
85 echo '<p>' . _('Clicking “Send Lost PW Hash” below will email a URL to the email address we have on file for you. In this URL is a 128-bit confirmation hash for your account. Visiting the URL will allow you to change your password online and login.') . '</p>';
88 <form action="<?php echo util_make_url('/account/lostpw.php'); ?>" method="post">
89 <input type="hidden" name="form_key" value="<?php echo form_generate_key(); ?>"/> <p>
90 <?php echo _('Login Name')._(':'); ?>
92 <label for="loginname">
93 <input id="loginname" type="text" name="loginname"/>
96 <input type="submit" name="submit" value="<?php echo _('Send Lost PW Hash'); ?>" />
100 <p><?php echo util_make_link ("/", _('Return')); ?></p>
104 $HTML->footer(array());
108 // c-file-style: "bsd"