From c41b4f49dcae5ce715bb6f0f423d1cfc0b001f40 Mon Sep 17 00:00:00 2001
From: Henry Addo <eyedol@addhen.(none)>
Date: Sun, 5 Apr 2009 20:25:41 +0000
Subject: [PATCH] Added reset password view file

---
 .ftpssh_settings                              |   9 -
 .gitignore                                    |   7 -
 .htaccess                                     |  15 --
 application/controllers/login.php             | 161 +++++++++++++++++-
 application/views/admin/reset_password.php    |  41 +++++
 application/views/admin/reset_password_js.php |  20 +++
 6 files changed, 220 insertions(+), 33 deletions(-)
 delete mode 100644 .ftpssh_settings
 delete mode 100644 .gitignore
 delete mode 100644 .htaccess
 create mode 100644 application/views/admin/reset_password.php
 create mode 100644 application/views/admin/reset_password_js.php

diff --git a/.ftpssh_settings b/.ftpssh_settings
deleted file mode 100644
index 844e7183ca..0000000000
--- a/.ftpssh_settings
+++ /dev/null
@@ -1,9 +0,0 @@
-; Preferences for the FTP/SSH Bundle for TextMate
-; See http://internalaffairs.fuerstnet.de/ftp-ssh-bundle-textmate
-; (c) 2007 Bernhard Fürst <bernhard@fuersten.info>
-; Warning: Content of this file will be overwritten when using the
-; "Remote Connection Settings..." command of FTP/SSH Bundle
-host="ftp.falconcrestghana.com"
-password="shai"
-protocol="ftp"
-user="falcon_falconcrestghana.com"
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 0cf7afc959..0000000000
--- a/.gitignore
+++ /dev/null
@@ -1,7 +0,0 @@
-.*swp
-*~
-application/logs/*
-application/cache/*
-media/uploads/*
-application/config/config.php
-application/config/database.php
\ No newline at end of file
diff --git a/.htaccess b/.htaccess
deleted file mode 100644
index 6e28f19151..0000000000
--- a/.htaccess
+++ /dev/null
@@ -1,15 +0,0 @@
-# Turn on URL rewriting
-RewriteEngine On
-
-# Installation directory
-RewriteBase /ushahidi
-
-# Protect application and system files from being viewed
-# RewriteRule ^(application|modules|system) - [F,L]
-
-# Allow any files or directories that exist to be displayed directly
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteCond %{REQUEST_FILENAME} !-d
-
-# Rewrite all other URLs to index.php/URL
-RewriteRule .* index.php/$0 [PT,L]
diff --git a/application/controllers/login.php b/application/controllers/login.php
index b889ba1971..4efd469cba 100644
--- a/application/controllers/login.php
+++ b/application/controllers/login.php
@@ -106,5 +106,162 @@ public function index()
         $this->template->errors = $errors;
         $this->template->form = $form;
         $this->template->form_error = $form_error;
-    }	
-}
+    }
+    
+    /**
+     * Reset password upon user request.
+     */
+    public function resetpassword()
+    {
+    	$this->template = new View('admin/reset_password');
+		
+		$this->template->title = 'Password Reset';
+		$form = array
+	    (
+	        //'user_id'   => '',
+			'email' 	=> '',
+	    );
+		
+		//  copy the form as errors, so the errors will be stored with keys corresponding to the form field names
+	    $errors = $form;
+		$form_error = FALSE;
+		$form_saved = FALSE;
+		$form_action = "";
+
+		// check, has the form been submitted, if so, setup validation
+	    if ($_POST)
+	    {
+	        $post = Validation::factory($_POST);
+
+	         //  Add some filters
+	        $post->pre_filter('trim', TRUE);
+
+	        // Add some rules, the input field, followed by a list of checks, carried out in order
+			///$post->add_rules('username','required','length[3,16]', 'alpha');
+			$post->add_rules('email','required','email','length[4,64]');
+			
+			$post->add_callbacks('email', array($this,'email_exists_chk'));
+
+			if ($post->validate())
+	    	{
+				$user = ORM::factory('user',$post->email);
+				
+				// Existing User??
+				if ($user->loaded==true)
+				{
+					//$user->username = $post->username;
+					$new_password = $this->_generate_password();
+					$details_sent = $this->_email_details($post->email,$user->username,$new_password );
+					if( $details_sent ) {
+						$user->email = $post->email;
+					
+						$user->password = $new_password;
+					
+						$user->save();
+					}
+					$form_saved = TRUE;
+					$form_action = "EDITED";
+				}
+					
+			}
+            else
+            {
+				// repopulate the form fields
+	            $form = arr::overwrite($form, $post->as_array());
+
+	            // populate the error fields, if any
+	            $errors = arr::overwrite($errors, $post->errors('auth'));
+				$form_error = TRUE;
+			}
+	    }
+
+        $this->template->form = $form;
+	    $this->template->errors = $errors;
+		$this->template->form_error = $form_error;
+		$this->template->form_saved = $form_saved;
+		$this->template->form_action = $form_action;
+
+		// Javascript Header
+		//TODO create reset_password js file.
+		$this->template->js = new View('admin/reset_password_js');
+	}
+
+	/**
+	 * Checks if username already exists.
+     * @param Validation $post $_POST variable with validation rules
+	 */
+	public function username_exists_chk(Validation $post)
+	{
+		$users = ORM::factory('user');
+		// If add->rules validation found any errors, get me out of here!
+		if (array_key_exists('username', $post->errors()))
+			return;
+
+		if( $users->username_exists($post->username) )
+			$post->add_error( 'username', 'exists');
+	}
+
+	/**
+	 * Checks if email address is associated with an account.
+	 * @param Validation $post $_POST variable with validation rules
+	 */
+	public function email_exists_chk( Validation $post )
+	{
+		$users = ORM::factory('user');
+		if( array_key_exists('email',$post->errors()))
+			return;
+
+		if( !$users->email_exists( $post->email ) )
+			$post->add_error('email','invalid');
+	}
+	
+	/**
+	 * Generate random password for the user.
+	 * 
+	 * @return the new password
+	 */
+	public function _generate_password()
+	{
+		$password_chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+		$chars_length = strlen( $password_chars ) - 1;
+		$password = NULL;
+		
+		for( $i = 0; $i < 8; $i++ )
+		{
+			$position = mt_rand(0,$chars_length);	
+			$password .= $password_chars[$position];
+		}
+		
+		return $password;	
+	}
+	
+	/**
+	 * Email details to the user.
+	 * 
+	 * @param the email address of the user requesting a password reset.
+	 * @param the username of the user requesting a password reset.
+	 * @param the new generated password.
+	 * 
+	 * @return void.
+	 */
+	public function _email_details( $email, $username,$password )
+	{
+		$to = $email;
+		$from = 'henry@ushahidi.com';
+		$subject = 'Ushahidi password reset.';
+		$message = 'Please per your request. See below for your new password.\n\r';
+		$message .= "Username: $username\n\r";
+		$message .= "Password: $password\n\r";
+		
+		//email details
+		if( email::send( $to, $from, $subject, $message, TRUE ) == 1 )
+		{
+			return TRUE;
+		}
+		else 
+		{
+			return FALSE;
+		}
+	
+	}	
+}
\ No newline at end of file
diff --git a/application/views/admin/reset_password.php b/application/views/admin/reset_password.php
new file mode 100644
index 0000000000..a3c76c91f9
--- /dev/null
+++ b/application/views/admin/reset_password.php
@@ -0,0 +1,41 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+<title>Reset Password</title>
+<link href="<?php echo url::base() ?>media/css/admin/login.css" rel="stylesheet" type="text/css" />
+</head>
+
+<body>
+<div id="ushahidi_login_container">
+    <div id="ushahidi_login_logo"><img src="<?php echo url::base() ?>media/img/admin/logo_login.gif" width="400" height="80" /></div>
+    <div id="ushahidi_login">
+      <table width="100%" border="0" cellspacing="3" cellpadding="4" background="" id="ushahidi_loginbox">
+        <form method="POST" name="frm_reset" style="line-height: 100%; margin-top: 0; margin-bottom: 0">     
+			<?php
+			 if ($form_error) { ?>
+            <tr>
+              	<td align="left" class="login_error">
+				<?php
+				foreach ($errors as $error_item => $error_description)
+				{
+					// print "<li>" . $error_description . "</li>";
+					print (!$error_description) ? '' : "&#8226;&nbsp;" . $error_description . "<br />";
+				}
+				?>
+				</td>
+            </tr>
+			<?php } ?>
+            <tr>
+              <td><strong>Enter email address used for registration:</strong><br />
+              <input type="text" name="email" id="email" class="login_text" /></td>
+            </tr>
+            <tr>
+              <td><input type="submit" id="submit" name="submit" value="Reset password" class="login_btn" /></td>
+            </tr>
+        </form>
+      </table>
+  </div>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/application/views/admin/reset_password_js.php b/application/views/admin/reset_password_js.php
new file mode 100644
index 0000000000..be19eda078
--- /dev/null
+++ b/application/views/admin/reset_password_js.php
@@ -0,0 +1,20 @@
+/**
+ * JS to validates email field when a user is resting his/her password.
+ *
+ * PHP version 5
+ * LICENSE: This source file is subject to LGPL license 
+ * that is available through the world-wide-web at the following URI:
+ * http://www.gnu.org/copyleft/lesser.html
+ * @author     Ushahidi Team <team@ushahidi.com> 
+ * @package    Ushahidi - http://source.ushahididev.com
+ * @module     Alerts Controller  
+ * @copyright  Ushahidi - http://www.ushahidi.com
+ * @license    http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License (LGPL) 
+ */
+
+	function fillFields(email)
+	{
+		$('#email').attr("value",unescape( email ) );
+			
+	}
+