Aggiunta reset password

This commit is contained in:
Thomas Zilio 2019-07-16 15:43:15 +02:00
parent 9670976ef3
commit 59977113b3
8 changed files with 197 additions and 10 deletions

View File

@ -128,11 +128,11 @@ if (!$has_user) {
</div>
<div class="col-md-6">
{[ "type": "password", "label": "'.tr('Password').'", "id": "password", "name": "admin_password", "value": "'.$osm_password.'", "placeholder": "'.tr("Digita la password dell'amministratore").'", "required": 1, "icon-after": "<i onclick=\" if ($(this).parent().find(\'i\').hasClass(\'fa-eye\')) { $(\'#password\').attr(\'type\', \'text\'); $(this).parent().find(\'i\').removeClass(\'fa-eye\').addClass(\'fa-eye-slash\'); $(this).parent().find(\'i\').attr(\'title\', \'Nascondi password\'); } else { $(\'#password\').attr(\'type\', \'password\'); $(this).parent().find(\'i\').removeClass(\'fa-eye-slash\').addClass(\'fa-eye\'); $(this).parent().find(\'i\').attr(\'title\', \'Visualizza password\'); } \" title=\"'.tr('Visualizza password').'\" class=\"fa fa-eye clickable\" ></i>" ]}
{[ "type": "password", "label": "'.tr('Password').'", "id": "password", "name": "admin_password", "value": "'.$osm_password.'", "placeholder": "'.tr("Digita la password dell'amministratore").'", "required": 1 ]}
</div>
<div class="col-md-6">
{[ "type": "email", "label": "'.tr('Email').'", "name": "admin_email", "value": "'.$osm_email.'", "placeholder": "'.tr("Digita l'indirizzo email dell'amministratore").'" ]}
{[ "type": "email", "label": "'.tr('Email').'", "name": "admin_email", "value": "'.$osm_email.'", "placeholder": "'.tr("Digita l'indirizzo email dell'amministratore").'", "required": 1 ]}
</div>
</div>
</div>

View File

@ -142,18 +142,25 @@ if (isset($username)) {
}
echo'>
</div>
<div class="form-group input-group">
<span class="input-group-addon before"><i class="fa fa-lock"></i> </span>
<input type="password" name="password" autocomplete="current-password" class="form-control" placeholder="'.tr('Password').'">
{[ "type": "password", "name": "password", "autocomplete": "current-password", "placeholder": "'.tr('Password').'", "icon-before": "<i class=\"fa fa-lock\"></i>" ]}
<div class="text-right">
<a href="'.ROOTDIR.'/reset.php">'.tr('Dimenticata la password?').'</a>
</div>
<div class="form-group">
<hr>
<div class="text-center">
<input type="checkbox" name="keep_alive"';
if (filter('keep_alive') != null) {
echo ' checked';
}
echo '/> '.tr('Mantieni attiva la sessione').'
</div>
</div>
<!-- /.box-body -->
<div class="box-footer">
<button type="submit" id="login" class="btn btn-danger btn-block">'.tr('Accedi').'</button>

View File

@ -64,7 +64,7 @@ include_once __DIR__.'/../../core.php';
</div>
<div class="col-md-6">
{[ "type": "password", "label": "<?php echo tr('Password SMTP'); ?>", "class": "", "name": "password", "value": "$password$", "icon-after": "<i title=\"<?php echo tr('Visualizza password'); ?>\" class=\"fa fa-eye clickable\" ></i>" ]}
{[ "type": "password", "label": "<?php echo tr('Password SMTP'); ?>", "class": "", "name": "password", "value": "$password$" ]}
</div>
</div>

View File

@ -0,0 +1,11 @@
<?php
$record = \Models\User::find($id_record);
$reset_token = $record->reset_token;
return [
'username' => $record->username,
'reset_token' => $reset_token,
'reset_link' => ROOTDIR.'/reset.php?reset_token='.$reset_token,
];

132
reset.php Normal file
View File

@ -0,0 +1,132 @@
<?php
$skip_permissions = true;
include_once __DIR__.'/core.php';
use Models\User;
$token = get('reset_token');
switch (post('op')) {
case 'reset':
$username = post('username');
$email = post('email');
$database->insert('zz_logs', [
'username' => $username,
'ip' => get_client_ip(),
'stato' => Auth::getStatus()['failed']['code'],
]);
$utente = User::where('username', $username)->where('email', $email)->first();
if (!empty($utente)) {
$utente->reset_token = secure_random_string();
$utente->save();
$n = new Notifications\EmailNotification();
$n->setTemplate('Reset password', $utente->id);
$n->setReceivers($utente->email);
$n->send();
}
//$message_email = substr($email, 0, 2).str_repeat('*', strlen($email)-8).substr($email, -6);
flash()->info(tr("Se le informazioni inserite corrispondono ai dati di un utente, riceverai a breve un'email all'indirizzo collegato").'.');
redirect(ROOTDIR.'/index.php');
break;
case 'update':
$password = post('password');
$utente = User::where('reset_token', $token)->first();
if (!empty($utente)) {
$utente->password = $password;
$utente->reset_token = null;
$utente->save();
}
flash()->info(tr('Password cambiata!'));
redirect(ROOTDIR.'/index.php');
break;
}
$pageTitle = tr('Reimpostazione password');
include_once App::filepath('include|custom|', 'top.php');
// Controllo se è una beta e in caso mostro un warning
if (Auth::isBrute()) {
echo '
<div class="box box-danger box-center" id="brute">
<div class="box-header with-border text-center">
<h3 class="box-title">'.tr('Attenzione').'</h3>
</div>
<div class="box-body text-center">
<p>'.tr('Sono stati effettuati troppi tentativi di accesso consecutivi!').'</p>
<p>'.tr('Tempo rimanente (in secondi)').': <span id="brute-timeout">'.(Auth::getBruteTimeout() + 1).'</span></p>
</div>
</div>
<script>
$(document).ready(function(){
$("#reset").fadeOut();
brute();
});
function brute() {
var value = parseFloat($("#brute-timeout").html()) - 1;
$("#brute-timeout").html(value);
if(value > 0){
setTimeout("brute()", 1000);
} else{
$("#brute").fadeOut();
$("#reset").fadeIn();
}
}
</script>';
}
echo '
<form action="" method="post" class="box box-center-large box-warning" id="reset">
<div class="box-header with-border text-center">
<h3 class="box-title">'.$pageTitle.'</h3>
</div>
<div class="box-body">';
if (empty($token)) {
echo '
<input type="hidden" name="op" value="reset">
<p>'.tr("Per richiedere la reimpostazione della password, inserisci l'username e l'indirizzo email con cui hai accesso al gestionale").'.</p>
<p>'.tr("Una volta inviata e validata la richiesta, riceverai un'email dove sarà indicato un link a cui potrai reimpostare la password di accesso ad OpenSTAManager").'.</p>
{[ "type": "text", "label": "'.tr('Username').'", "placeholder": "'.tr('Username').'", "name": "username", "icon-before": "<i class=\"fa fa-user\"></i>", "required": 1 ]}
{[ "type": "email", "label": "'.tr('Email').'", "placeholder": "'.tr('Email').'", "name": "email", "icon-before": "<i class=\"fa fa-envelope\"></i>", "required": 1 ]}';
} else {
echo '
<input type="hidden" name="op" value="update">
<p>'.tr('Inserisci la nuova password per il tuo account').':</p>
{[ "type": "password", "label": "'.tr('Password').'", "name": "password", "icon-before": "<i class=\"fa fa-lock\"></i>" ]}';
}
echo '
</div>
<div class="box-footer">
<button type="submit" id="login" class="btn btn-success btn-block">
<i class="fa fa-arrow-right"></i> '.tr('Procedi').'
</button>
</div>
</form>';
include_once App::filepath('include|custom|', 'bottom.php');

View File

@ -82,8 +82,34 @@ class DefaultHandler implements HandlerInterface
*/
protected function password(&$values, &$extras)
{
$values['icon-after'] = '<i onclick="togglePassword_'.$values['id'].'()" class="fa clickable" id="'.$values['id'].'_toggle"></i>';
$result = '
<script>
function togglePassword_'.$values['id'].'() {
var button = $("#'.$values['id'].'_toggle");
if (button.hasClass("fa-eye")) {
$("#'.$values['id'].'").attr("type", "text");
button.removeClass("fa-eye").addClass("fa-eye-slash");
button.attr("title", "'.tr('Nascondi password').'");
}
else {
$("#'.$values['id'].'").attr("type", "password");
button.removeClass("fa-eye-slash").addClass("fa-eye");
button.attr("title", "'.tr('Visualizza password').'");
}
}
$(document).ready(function(){
togglePassword_'.$values['id'].'();
});
</script>';
// Delega al metodo "text", per la generazione del codice HTML
return $this->text($values, $extras);
$result .= $this->text($values, $extras);
return $result;
}
/**

View File

@ -52,6 +52,11 @@ class User extends Model
return $this->gruppo;
}
public function setPasswordAttribute($value)
{
$this->attributes['password'] = \Auth::hashPassword($value);
}
/* Relazioni Eloquent */
public function group()

View File

@ -13,3 +13,9 @@ ALTER TABLE `co_documenti` ADD `dati_aggiuntivi_fe` TEXT;
INSERT INTO `zz_prints` (`id_module`, `name`, `title`, `filename`, `directory`, `options`, `icon`, `enabled`, `default`) VALUES
((SELECT `id` FROM `zz_modules` WHERE `name` = 'Contratti'), 'Consuntivo contratto interno', 'Consuntivo contratto interno', 'Consuntivo interno contratto num. {numero} del {data}', 'contratti_cons', '{"dir":"uscita"}', 'fa fa-print', 1, 1),
((SELECT `id` FROM `zz_modules` WHERE `name` = 'Preventivi'), 'Consuntivo preventivo interno', 'Consuntivo preventivo interno', 'Consuntivo interno preventivo num. {numero} del {data}', 'preventivi_cons', '{"dir":"uscita"}', 'fa fa-print', 1, 1);
-- Reset password per gli utenti
ALTER TABLE `zz_users` ADD `reset_token` VARCHAR(255);
INSERT INTO `zz_emails` (`id`, `id_module`, `id_smtp`, `name`, `icon`, `subject`, `reply_to`, `cc`, `bcc`, `body`, `read_notify`) VALUES
(NULL, (SELECT `id` FROM `zz_modules` WHERE `name` = 'Utenti e permessi'), 1, 'Reset password', 'fa fa-envelope', 'Richiesta di reset password', '', '', '', '<p>Gentile {username},</p>\r\n<p>a seguito della richiesta di reimpostazione della password del Suo account è pregato di inserire la nuova password che desidera utilizzare al seguente link:</p>\r\n<p class="text-center"><a href="{reset_link}">{reset_link}</a></p>\r\n<p>&nbsp;</p><p>Se non sei il responsabile della richiesta in questione, contatta l''amministratore il prima possibile per richiedere un cambio di username.</p>\r\n<p>&nbsp;</p>\r\n<p>Distinti saluti</p>\r\n', '0');