[tmp page_title]Password Reset[/tmp]
[tmpn display_class]noleft[/tmpn]
[if session spider]
[tag op=header]Status: 403 Forbidden to Spiders[/tag]
[goto]
[/if]
@_TOP_@
Password Reset
[if cgi u]
[and cgi x]
[and cgi k]
[userdb function=logout clear-cookie="MV_PASSWORD,MV_USERNAME" hide=1]
[perl table=userdb]
delete $Scratch->{key_matches};
my $uid = $CGI->{u};
my $expires = $CGI->{x};
my $time = $Tag->time({ body => '%y%m%d%H' });
return if ($expires < $time);
# validated expires, so keep going
my $db = $Db{userdb};
my $key = $Variable->{PASSWORD_RESET_CHECK_KEY};
my ($email, $mod_time, $expiry) = $db->get_slice($uid, [qw/email mod_time expiration/]);
# using mod_time+expiry in hmac prevents clicking link again after pw_reset page loads
my $hmac = $Tag->filter({ op => "hmac_sha1_hex.$key", body => $mod_time . $expiry . $expires . $email });
#Debug("k: " . $CGI->{k} . ", hmac: " . substr($hmac, 0, 20) );
if($CGI->{k} eq substr($hmac, 0, 20)) {
$Scratch->{key_matches} = 1;
# reset password and set expiration, just in case they don't change pwd now; invalidates key
my $new_pw;
for(1 .. 4) { $new_pw .= int(rand(10)); }
my $expire_pass = $Tag->time({ body => '%Y%m%d%H%M%S', adjust => '1 days', });
$db->set_slice($uid, [qw/password expiration/], [$new_pw, $expire_pass]);
$Scratch->{pwd} = $new_pw;
$Scratch->{email} = $email;
}
return;
[/perl]
[if scratch key_matches][seti login_result][userdb function=login username="[scratch email]" password="[scratch pwd]"][/seti][/if]
[/if]
[if scratch key_matches]
[and scratch login_result]
[set change_pass]
[if type=explicit compare=|
[userdb
function=change_pass
password="[cgi password]"
verify="[cgi password_verify]"
oldpass="[scratch pwd]"
]
|]
[perl table=userdb]
$Db{userdb}->set_field($Session->{username}, 'expiration', '');
delete $Scratch->{key_matches};
delete $Scratch->{login_result};
delete $Scratch->{pwd};
return;
[/perl]
mv_nextpage=[cgi mv_successpage]
[warnings message="Password change successful. Please make a note of your new password."]
[else]
mv_nextpage=@@MV_PAGE@@
[/else]
[/if]
[/set]
[set check_pass]
password=length 4 Password length less than minimum length of 4 characters.
password_verify=match password The specified passwords do not match.
[/set]
[if session failure]
[calc] delete $Session->{failure}[/calc]
[/if]
[edisplay show_var=0]
[else]
That key did not match. It might have expired, or you might need to copy and paste the link from your email, rather than clicking it.
You can also reset your password again.
[/else]
[/if]
@_BOTTOM_@