A preview of the password reset functionality. What's working... you

can start to logon, request the password to be reset, and an email is
sent to the users email address.  If you click on the link you get an
unformatted form.  But its a start :-)

4 files changed, 166 insertions, 4 deletions

diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
index c9a32546..bf45746d 100644
--- a/modules/user/controllers/login.php
+++ b/modules/user/controllers/login.php
@@ -27,7 +27,7 @@ class Login_Controller extends Controller {
   }
 
   private function _try_login() {
-    $form = $this->_login_form();
+    $form = $this->_login_form()->form;
 
     $valid = $form->validate();
     if ($valid) {
@@ -53,12 +53,15 @@ class Login_Controller extends Controller {
   }
 
   private function _login_form() {
-    $form = new Forge(url::current(true), "", "post", array("id" => "gLoginForm"));
-    $group = $form->group("login")->label(t("Login"));
+    $view = new View("login_prompt.html");
+
+    $view->form = new Forge(url::current(true), "", "post", array("id" => "gLoginForm"));
+    $group = $view->form->group("login")->label(t("Login"));
     $group->input("name")->label(t("Name"))->id("gName")->class(null);
     $group->password("password")->label(t("Password"))->id("gPassword")->class(null);
     $group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password"));
     $group->submit("")->value(t("Login"));
-    return $form;
+
+    return $view;
   }
 }
\ No newline at end of file
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
new file mode 100644
index 00000000..590b3640
--- /dev/null
+++ b/modules/user/controllers/password.php
@@ -0,0 +1,101 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2008 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Password_Controller extends Controller {
+  public function reset() {
+    if (request::method() == "post") {
+      $this->_send_reset();
+    } else {
+      // @todo validate the query key parmeter
+      print $this->_reset_form();
+    }
+  }
+
+  public function do_reset() {
+    if (request::method() == "post") {
+      $this->_change_password();
+    } else {
+      print $this->_new_password_form();
+    }
+  }
+
+  private function _send_reset() {
+    $form = $this->_reset_form();
+    
+
+    $valid = $form->validate();
+    if ($valid) {
+      $user = ORM::factory("user")->where("name", $form->reset->inputs["name"]->value)->find();
+      if (!$user->loaded || empty($user->email)) {
+        $form->reset->inputs["name"]->add_error("no_email", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      try {
+      $md5 = md5("$user->name; $user->full_name; $user->login_count; $user->last_login");
+      $message = new View("reset_password.html");
+      $message->url = url::abs_site("password/do_reset?key=$md5");
+      $message->name = $user->full_name;
+      $message->title = t("Password Reset Request");
+      
+      Sendmail::factory()
+        ->to($user->email)
+        ->subject(t("Password Reset Request"))
+        ->header("Mime-Version", "1.0")
+        ->header("Content-type", "text/html; charset=iso-8859-1")
+        ->message($message->render())
+        ->send();
+      } catch (Exception $e) {
+        Kohana::log("error", $e->getMessage() . "\n" . $e->getTraceAsString());
+      }
+
+      message::success(t("Password reset email sent"), null);
+      print json_encode(
+        array("result" => "success"));
+    } else {
+      print json_encode(
+        array("result" => "error",
+              "form" => $form->__toString()));
+    }
+  }
+
+  private function _reset_form() {
+    $form = new Forge(url::current(true), "", "post", array("id" => "gResetForm"));
+    $group = $form->group("reset")->label(t("Reset Password"));
+    $group->input("name")->label(t("Name"))->id("gName")->class(null)->rules("required");
+    $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
+    $group->submit("")->value(t("Reset"));
+
+    return $form;
+  }
+
+  private function _new_password_form() {
+    $form = new Forge("password/do_reset", "", "post", array("id" => "gChangePasswordForm"));
+    $group = $form->group("reset")->label(t("Change Password"));
+    $group->password("password")->label(t("Password"))->id("gPassword");
+    $group->password("password2")->label(t("Confirm Password"))->id("gPassword2");
+    $group->inputs["password2"]->error_messages(
+      "mistyped", t("The password and the confirm password must match"));
+    $group->submit("")->value(t("Update"));
+
+    return $form;
+  }
+}
\ No newline at end of file
diff --git a/modules/user/views/login_prompt.html.php b/modules/user/views/login_prompt.html.php
new file mode 100644
index 00000000..2b9516ba
--- /dev/null
+++ b/modules/user/views/login_prompt.html.php
@@ -0,0 +1,44 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<script type="text/javascript">
+  $("#gLoginForm").ready(function() {
+    $("#gForgotPasswordLink").click(function() {
+      $.ajax({
+        url: "<?= url::site("password/reset") ?>",
+        success: function(data) {
+          $("div#gLoginView").html(data);
+          $("#ui-dialog-title-gDialog").text("<?= t("Reset Password") ?>");
+          ajaxify_login_reset_form();
+        }
+      });
+    });
+  });
+
+  function ajaxify_login_reset_form() {
+    $("#gLoginView form").ajaxForm({
+      dataType: "json",
+      success: function(data) {
+        if (data.form) {
+          $("#gLoginView form").replaceWith(data.form);
+          ajaxify_login_reset_form();
+        }
+        if (data.result == "success") {
+          $("#gDialog").dialog("close");
+          window.location.reload();
+        }
+
+      }
+    });
+  };
+</script>
+<div id="gLoginView">
+  <ul>
+    <li>
+      <div id="gLoginViewForm">
+        <?= $form ?>
+      </div>
+    </li>
+    <li>
+  <a href="#" id="gForgotPasswordLink"><?= t("Forgot your Password?") ?></a>
+    </li>
+  </ul>
+</div>
diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php
new file mode 100644
index 00000000..39845d61
--- /dev/null
+++ b/modules/user/views/reset_password.html.php
@@ -0,0 +1,14 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<html>
+<head>
+  <title><?= $title ?> </title>
+</head>
+<body>
+  <h2><?= t("Password Reset Request") ?> </h2>
+  <p>
+    <?= sprintf(t("A request to reset your password (user: %s) at %s."), $name, url::base(false, "http")) ?>
+    <?= sprintf(t("To confirm this request please click on the link below")) ?><br />
+    <a href="<?= $url ?>"><?= t("Reset Password") ?></a>
+  </p>
+</body>
+</html>