mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-03-28 17:42:57 +01:00
fixes #2449 enhance password reset flow with verification and lockout
Added email notification for successful password reset, improved verification code handling, and implemented account lockout after too many failed attempts. Introduced new language strings for user feedback and security messages. Refactored password reset logic to better handle guest/generic users and API key recommendations.
This commit is contained in:
Linty
@@ -1104,6 +1104,46 @@ function pwg_generate_code_verification_mail($code)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate content mail for reset password success
|
||||
*
|
||||
* Return the content mail to send
|
||||
* @since 16
|
||||
* @param string $code
|
||||
* @return array mail content
|
||||
*/
|
||||
function pwg_generate_success_reset_password_mail($username, $nb_of_apikeys)
|
||||
{
|
||||
global $conf;
|
||||
set_make_full_url();
|
||||
$profile_url = get_root_url().'profile.php';
|
||||
|
||||
$message = '<p style="margin-top: 20px;">'.l10n('Hello %s,', $username).'</p>';
|
||||
$message .= '<p style="margin-bottom: 20px;">'.l10n('Your password was successfully reset').'.</p>';
|
||||
$message .= '<p>';
|
||||
$message .= l10n('If this wasn\'t you, please change your password immediately or contact your webmaster.');
|
||||
$message .= '</p>';
|
||||
|
||||
if ($nb_of_apikeys > 0)
|
||||
{
|
||||
$message .= '<p style="margin: 20px 0;">';
|
||||
$message .= l10n(
|
||||
'If you changed your password because you think it was stolen, we recommend revoking your %d API keys <a href="%s">in your profile</a>.',
|
||||
$nb_of_apikeys,
|
||||
$profile_url
|
||||
);
|
||||
$message .= '</p>';
|
||||
}
|
||||
unset_make_full_url();
|
||||
|
||||
$subject = '['.$conf['gallery_title'].'] '.l10n('Your password has been reset');
|
||||
return array(
|
||||
'subject' => $subject,
|
||||
'content' => $message,
|
||||
'content_format' => 'text/html',
|
||||
);
|
||||
}
|
||||
|
||||
trigger_notify('functions_mail_included');
|
||||
|
||||
?>
|
||||
|
||||
@@ -2759,6 +2759,31 @@ SELECT
|
||||
return $api_keys;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get all available api_key
|
||||
*
|
||||
* @since 16
|
||||
* @param string $user_id
|
||||
* @return array|false
|
||||
*/
|
||||
function get_available_api_key($user_id)
|
||||
{
|
||||
$api_keys = get_api_key($user_id);
|
||||
|
||||
if (!$api_keys) return false;
|
||||
|
||||
$available = array();
|
||||
foreach($api_keys as $api_key)
|
||||
{
|
||||
if (!$api_key['is_expired'] && empty($api_key['revoked_on']))
|
||||
{
|
||||
$available[] = $api_key;
|
||||
}
|
||||
}
|
||||
|
||||
return count($available) > 0 ? $available : false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Is connected with pwg_ui (identification.php)
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user