diff options
Diffstat (limited to 'scripts/lostpw.php')
-rw-r--r-- | scripts/lostpw.php | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/scripts/lostpw.php b/scripts/lostpw.php new file mode 100644 index 0000000..ce2a78d --- /dev/null +++ b/scripts/lostpw.php @@ -0,0 +1,32 @@ +<?php + + /*********************************************************\ + | Deal with lost passwords | + | ~~~~~~~~~~~~~~~~~~~~~~~~ | + \*********************************************************/ + +if (!defined('IN_FS')) { + die('Do not access this file directly.'); +} + +$page->setTitle($fs->prefs['page_title'] . L('lostpw')); + +if (!Req::has('magic_url') && $user->isAnon()) { + // Step One: user requests magic url + $page->pushTpl('lostpw.step1.tpl'); +} +elseif (Req::has('magic_url') && $user->isAnon()) { + # Step Two: user enters new password + # First as link from email (GET), form could be repeated as POST + # when user misrepeats the new password. so GET and POST possible here! + $check_magic = $db->query('SELECT * FROM {users} WHERE magic_url = ?', + array(Req::val('magic_url'))); + + if (!$db->countRows($check_magic)) { + Flyspray::show_error(12); + } + $page->pushTpl('lostpw.step2.tpl'); +} else { + Flyspray::redirect($baseurl); +} +?> |