From 6854cb3f4d8219cf1829e32122eb2502a916eae9 Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Sat, 1 Feb 2020 09:05:48 +0100
Subject: initial checkin

---
 scripts/lostpw.php | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 scripts/lostpw.php

(limited to 'scripts/lostpw.php')

diff --git a/scripts/lostpw.php b/scripts/lostpw.php
new file mode 100644
index 0000000..ce2a78d
--- /dev/null
+++ b/scripts/lostpw.php
@@ -0,0 +1,32 @@
+<?php
+
+  /*********************************************************\
+  | Deal with lost passwords                                |
+  | ~~~~~~~~~~~~~~~~~~~~~~~~                                |
+  \*********************************************************/
+
+if (!defined('IN_FS')) {
+    die('Do not access this file directly.');
+}
+
+$page->setTitle($fs->prefs['page_title'] . L('lostpw'));
+
+if (!Req::has('magic_url') && $user->isAnon()) {
+    // Step One: user requests magic url
+    $page->pushTpl('lostpw.step1.tpl');
+}
+elseif (Req::has('magic_url') && $user->isAnon()) {
+    # Step Two: user enters new password
+    # First as link from email (GET), form could be repeated as POST
+    # when user misrepeats the new password. so GET and POST possible here!
+    $check_magic = $db->query('SELECT * FROM {users} WHERE magic_url = ?',
+            array(Req::val('magic_url')));
+
+    if (!$db->countRows($check_magic)) {
+        Flyspray::show_error(12);
+    }
+    $page->pushTpl('lostpw.step2.tpl');
+} else {
+    Flyspray::redirect($baseurl);
+}
+?>
-- 
cgit v1.2.3-70-g09d2