diff --git a/src/js/account/passwordReset.js b/src/js/account/passwordReset.js new file mode 100644 index 0000000..3b5b730 --- /dev/null +++ b/src/js/account/passwordReset.js @@ -0,0 +1,59 @@ +import { setupInfoModal } from "../setupListeners"; +import { request } from "./helpers"; + +export function renderForgotPasswordForm() { + const modal = document.createElement('section'); + modal.classList.add('modal'); + modal.innerHTML = `
+ `; + + document.body.appendChild(modal); + + setupStartResetForm(); + setupInfoModal(modal); +} + +function setupStartResetForm() { + document.getElementById('forgotPasswordSubmit').addEventListener('click', sendPasswordReset); +} + +function sendPasswordReset() { + const email = document.getElementById('forgotPasswordEmailField').value.trim(); + const errorMessageElement = document.getElementById('forgotPasswordErrorMessages'); + let errorMessage = ''; + + if (email === '') { + errorMessage += 'Please enter an email address.
'; + } + + errorMessageElement.innerHTML = errorMessage; + + if (errorMessage === '') { + request({ + action: 'initiate-password-reset', + email, + }, success => { + console.log(success); + }, error => { + errorMessage += '' + error + '
'; + }).then(() => { + errorMessageElement.innerHTML = errorMessage; + if (errorMessage === '') { + document.getElementById('forgotPasswordForm').innerHTML = `Go check your email for the password reset link.
+Note that it may be sent to your spam/junk folder by mistake.
`; + } + }); + } +} \ No newline at end of file diff --git a/src/js/account/setupListeners.js b/src/js/account/setupListeners.js index b3bf316..d8fec90 100644 --- a/src/js/account/setupListeners.js +++ b/src/js/account/setupListeners.js @@ -2,6 +2,7 @@ import { logIn, createAccount } from "./login"; import { setCookie } from "../StackOverflow/cookie"; import { changeDictionary, createNewDictionary } from "./dictionaryManagement"; import { addMessage } from "../utilities"; +import { renderForgotPasswordForm } from "./passwordReset"; export function setupLoginModal(modal) { const closeElements = modal.querySelectorAll('.modal-background, .close-button'); @@ -36,6 +37,7 @@ export function setupLoginModal(modal) { }); document.getElementById('loginSubmit').addEventListener('click', logIn); + document.getElementById('forgotPasswordButton').addEventListener('click', renderForgotPasswordForm); document.getElementById('createAccountSubmit').addEventListener('click', createAccount); } diff --git a/src/php/api/User.php b/src/php/api/User.php index b52beda..613b6e6 100644 --- a/src/php/api/User.php +++ b/src/php/api/User.php @@ -267,6 +267,74 @@ VALUES (?, ?, ?, ?, ?)'; return false; } + public function setPasswordReset($email) { + $date = date("Y-m-d H:i:s"); + $reset_code = random_int(0, 999999999); + $reset_code_hash = $this->token->hash($reset_code); + $query = "UPDATE `users` SET `password_reset_code`=?, `password_reset_date`=? WHERE `email`=?;"; + $reset = $this->db->execute($query, array( + $reset_code, + $date, + $email, + )); + + if ($reset) { + $user_data = $this->getUserDataByEmailForPasswordReset($email); + if ($user_data) { + $to = $email; + $subject = "Here's your Lexiconga password reset link"; + $message = "Hello " . $user_data['public_name'] . "\r\n\r\nSomeone has requested a password reset link for your Lexiconga account. If it was you, you can reset your password by going to the link below and entering a new password for yourself:\r\n"; + $message .= "http://lexicon.ga/passwordreset?account=" . $user_data['id'] . "&code=" . $reset_code_hash . "\r\n\r\n"; + $message .= "If it wasn't you who requested the link, you can ignore this email since it was only sent to you, but you might want to consider changing your password when you have a chance.\r\n\r\n"; + $message .= "The password link will only be valid for today until you use it.\r\n\r\n"; + $message .= "Thanks!\r\nThe Lexiconga Admins"; + $header = "From: Lexiconga Password Reset