Reintegrating automated password reset, fixes issue 155, fixes issue 65

Configuration.php.tmpl

@@ -30,6 +30,15 @@ define('USER_GUEST_NAME', 'guest');
 define('GEO_GMAPS_API', '');
 define('GEO_DATABASE', __ROOT__ . '/geo/geo.dat');
 
+define('MAILER_ADDRESS', "noreply@grinnellplans.com");
+define('USE_NATIVE_MAIL', true);	//~(use SMTP?)
+define('SMTP_SERVER_URI', "");
+define('SMTP_SERVER_PORT', 0);
+define('SMTP_USE_AUTH', true);
+define('SMTP_USERNAME', "");
+define('SMTP_PASSWORD', "");
+
+
 // Use this if you wish to override the auto-detected environment type.
 // Options are 'development', 'production', or 'testing'
 // $GLOBALS['ENVIRONMENT'] = 'testing';

bootstrap.php

@@ -1,7 +1,7 @@
 <?php
 define('__ROOT__', dirname(__FILE__));
 require_once ('Configuration.php');
-ini_set('include_path', '.:' . __ROOT__ . ':' . __ROOT__ . '/inc');
+set_include_path(get_include_path() . ':' . __ROOT__ . ':' . __ROOT__ . '/inc');
 putenv('TZ=' . TZ);
 // Doctrine setup
 require_once ('lib/doctrine/Doctrine.php');

changepassword.php

@@ -11,6 +11,7 @@
     $thispage->append($denied);
 } else {
     populate_page($thispage, $dbh, $idcookie);
+
     $real_pass = get_item($dbh, "guest_password", "accounts", "userid", $idcookie);
     $username = get_item($dbh, "username", "accounts", "userid", $idcookie);
     if ($changed && ($checknumb != $idcookie)) {
@@ -34,6 +35,7 @@ interface_disp_page($thispage);
                 set_item($dbh, "accounts", "password", $crpassword, "userid", $idcookie); //set the password
                 $success = new InfoText("Your password has been changed!", 'Success');
                 $thispage->append($success);
+
             } else {
                 $denied = new AlertText('Could not change password. Your password must be 4 or more characters.', 'Bad Password', true);
                 $thispage->append($denied);
@@ -48,8 +50,10 @@ interface_disp_page($thispage);
         set_item($dbh, "accounts", "guest_password", $guest_password, "userid", $idcookie);
         $real_pass = $guest_password;
     }
+
     $heading = new HeadingText('Change Login Password', 2);
     $thispage->append($heading);
+
     $passwordform = new Form('passwordform', true);
     $thispage->append($passwordform);
     $pw1 = new PasswordInput('mypassword');
@@ -64,12 +68,14 @@ interface_disp_page($thispage);
     $passwordform->append($checknumb);
     $sub = new SubmitInput('Change Password');
     $passwordform->append($sub);
+
     $heading = new HeadingText('Set Guest Password', 2);
     $thispage->append($heading);
     $about = new InfoText('This is a password you can use to allow non-Plans users to read your plan.  They will not be able to edit your plan or use any other plans features. <br />
 This feature is intended to allow people to share their Plans with a small number of personal friends. 
 At any time, you may change this password to prevent people from accessing your plan using the old guest password.');
     $thispage->append($about);
+
     if ($real_pass) {
         $about = new InfoText('You may give this link out to anyone who you would like to be able to read you plan and ask them to bookmark it:');
         $thispage->append($about);
@@ -79,6 +85,7 @@ interface_disp_page($thispage);
         $about = new InfoText('Currently, your plan is completely private since you do not have a guest password set up.');
         $thispage->append($about);
     }
+
     $passwordform = new Form('guestpasswordform', true);
     $thispage->append($passwordform);
     $pw1 = new TextInput('guest_password', $real_pass);
@@ -89,6 +96,7 @@ interface_disp_page($thispage);
     $passwordform->append($checknumb);
     $sub = new SubmitInput('Set Guest Password');
     $passwordform->append($sub);
+
 }
 interface_disp_page($thispage);
 db_disconnect($dbh);

db/migrations/4_email_length.php

@@ -0,0 +1,13 @@
+<?php
+
+class EmailLength extends Doctrine_Migration_Base
+{
+	public function up()
+	{
+		$this->changeColumn('accounts', 'email', '255', 'string');
+	}
+
+	public function down() {
+		$this->changeColumn('accounts', 'email', '64', 'string');
+	}
+}

functions-core.php

@@ -8,4 +8,8 @@ function isvaliduser($dbh, $username) {
         return 1;
     }
 }
-?>
+
+function isValidEmail($email) {
+	return filter_var($email, FILTER_VALIDATE_EMAIL);  
+}  
+?>

inc/User.php

@@ -3,7 +3,10 @@
 class User {
     public static function login($username, $password) {
         if (User::checkPassword($username, $password)) {
-            $user = Doctrine_Query::create()->from('Accounts a')->where('username = ?', $username)->fetchOne();
+            $user = Doctrine_Query::create()
+                            ->from('Accounts a')
+                            ->where('username = ?', $username)
+                            ->fetchOne();
             $user->login = mysql_timestamp();
             $user->save();
             $_SESSION['glbs_u'] = $user->username;
@@ -13,44 +16,54 @@ public static function login($username, $password) {
             return false;
         }
     }
+
     /**
      * @return boolean true if the given password matched the stored password
      */
     public static function checkPassword($username, $password) {
-        $user = Doctrine_Query::create()->from('Accounts a')->where('username = ?', $username)->fetchOne();
+        $user = Doctrine_Query::create()
+                        ->from('Accounts a')
+                        ->where('username = ?', $username)
+                        ->fetchOne();
         $newpass = crypt($password, $user->password);
         return ($newpass != '' && $newpass == $user->password);
     }
+
     /**
      * @return string a one-way hash of the password, suitable for storage
      */
     public static function hashPassword($password) {
         return crypt($password);
     }
+
     public static function get() {
         if (logged_in()) {
-            return Doctrine::getTable('Accounts')->find($_SESSION['glbs_i']);
+            return Doctrine::getTable('Accounts')->find($_SESSION['glbs_i']);            
         } else {
             throw new Exception('dunno');
         }
     }
+
     public static function logged_in() {
         return (isset($_SESSION['glbs_u']) && isset($_SESSION['glbs_i']) && ($_SESSION['glbs_i'] != 0));
     }
+
     public static function id() {
         if (isset($_SESSION['glbs_i'])) {
             return (int)$_SESSION['glbs_i'];
         } else {
             return false;
         }
     }
+
     public static function name() {
         if (isset($_SESSION['glbs_u'])) {
             return $_SESSION['glbs_u'];
         } else {
             return USER_GUEST_NAME;
         }
     }
+
     public static function is_admin() {
         $db = new Database();
         $privileges = $db->value_from_query("SELECT is_admin FROM accounts WHERE username = '" . User::name() . "'");
@@ -60,9 +73,11 @@ public static function is_admin() {
             return false;
         }
     }
+
     public static function is_guest() {
         return !User::logged_in();
     }
+
     public static function logout() {
         session_destroy();
     }

passwordreset.php

@@ -0,0 +1,104 @@
+<?php
+require_once('Plans.php');
+require('functions-main.php');
+require('syntax-classes.php');
+$dbh = db_connect();
+
+
+if (isset($_POST['submit'])) {
+	if(User::resetPassword($_POST['username'], $_POST['email'])) {
+		$msg = "New password sent! Check your email, then <a href=\"index.php\">log in again</a>.";
+	} else {
+		$msg = "Unable to verify password reset e-mail address. Please contact <a href=\"mailto:grinnellplans@gmail.com\">grinnellplans@gmail.com</a> for assistance.";
+	}
+}
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">   
+<html dir="ltr">
+<head>
+	<title>GrinnellPlans</title>
+	<STYLE TYPE="text/css">
+	<!--
+	BODY { 
+			font-family: verdana;
+			}
+	TD { 
+			align: center;
+			}
+	.boxes { 
+			font-family: courier; 
+			}
+	.buttons {
+			}
+	.graphic{
+			position: relative;
+			top: 50px;
+			}
+	.legalese {
+			position: static; 
+			text-align: justify;
+			cellpadding: 3;
+			font-size: 8pt;
+			font-family: verdana;
+			}
+	-->
+	</STYLE>
+<script type="text/javascript" charset="utf-8">
+$(document).ready(function() {
+	$("#username").focus();
+});
+</script>
+</head>
+<body bgcolor="#ffffff">       
+	<div class="left"><br><br>
+	  <table cellpadding=0 width="100%">
+	  <tr>
+		<td colspan=2 align=center>
+		<a href="index.php"><img src="images/logo.png" style="border-style: none"></a>
+		</td>
+	  </tr>
+	  <form name="post" action="<?=$_SERVER['PHP_SELF']?>" method="POST">
+	  <tr class="boxes" align="center">
+		<td colspan=2 class="boxes">		
+			&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Username: <!-- gag! --> 
+			<input type="text" id="username" name="username" />
+		</td>
+	   </tr>
+	   <tr class="boxes" align="center">
+		<td colspan=2 class="boxes">
+			E-mail Address:
+			<input type="text" id="email" name="email" />
+		</td>
+	  </tr>
+	  <tr valign=top>
+		<td align=center colspan=2>
+			<input type="submit" name="submit" value="Reset">
+		</td>
+	  </tr>
+	  </form>
+	  <tr>
+		<td align=center colspan=2>
+<?php
+	if (isset($msg)) {
+?>
+		<font face=verdana>
+		<p><?=$msg?>
+		</p>
+		<?php
+	}
+		?>
+		<br>
+</span>
+		</font>
+		<br><br><br><br><font size="-1" face="verdana"><i>This site is not owned by, operated by, or officially  affiliated with Grinnell College, Grinnell, IA.</i>
+		</td>
+	  </tr>
+	  </table>
+	</div>
+		<hr>
+	<center>
+	<p class="legalese">
+Use of the GrinnellPlans service means you have accepted the <a href="http://www.grinnellplans.com/tos/">GrinnellPlans Terms of Service</a> agreement. If you do not accept and abide by this agreement, you may not use GrinnellPlans. This agreement is subject to change without notice, so you should periodically review the most up-to-date version.	
+</p>
+</body>
+</html>