summaryrefslogtreecommitdiff
path: root/scripts/lostpw.php
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/lostpw.php')
-rw-r--r--scripts/lostpw.php32
1 files changed, 32 insertions, 0 deletions
diff --git a/scripts/lostpw.php b/scripts/lostpw.php
new file mode 100644
index 0000000..ce2a78d
--- /dev/null
+++ b/scripts/lostpw.php
@@ -0,0 +1,32 @@
+<?php
+
+ /*********************************************************\
+ | Deal with lost passwords |
+ | ~~~~~~~~~~~~~~~~~~~~~~~~ |
+ \*********************************************************/
+
+if (!defined('IN_FS')) {
+ die('Do not access this file directly.');
+}
+
+$page->setTitle($fs->prefs['page_title'] . L('lostpw'));
+
+if (!Req::has('magic_url') && $user->isAnon()) {
+ // Step One: user requests magic url
+ $page->pushTpl('lostpw.step1.tpl');
+}
+elseif (Req::has('magic_url') && $user->isAnon()) {
+ # Step Two: user enters new password
+ # First as link from email (GET), form could be repeated as POST
+ # when user misrepeats the new password. so GET and POST possible here!
+ $check_magic = $db->query('SELECT * FROM {users} WHERE magic_url = ?',
+ array(Req::val('magic_url')));
+
+ if (!$db->countRows($check_magic)) {
+ Flyspray::show_error(12);
+ }
+ $page->pushTpl('lostpw.step2.tpl');
+} else {
+ Flyspray::redirect($baseurl);
+}
+?>