feature 2027 implemented: the "lost password" feature was rewritten.

The algorithm is highly inspired from WordPress :

1) in a single field, you give a username or an email
2) Piwigo sends an email with the activation key
3) the user clicks on the link in the email (with the activation key) and is able to set a new password

The "lost password" feature is no longer limited to "classic" users:
administrators and webmasters can use it too (no need to tell webmasters
that they can only change their password in the database)


git-svn-id: http://piwigo.org/svn/trunk@11992 68402e56-0260-453c-a942-63ccdbb3a9ee

1 files changed, 48 insertions, 0 deletions

diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 4c4f37994..6a7c590ab 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -798,6 +798,31 @@ SELECT '.$conf['user_fields']['id'].'
   }
 }
 
+function get_userid_by_email($email)
+{
+  global $conf;
+
+  $email = pwg_db_real_escape_string($email);
+  
+  $query = '
+SELECT
+    '.$conf['user_fields']['id'].'
+  FROM '.USERS_TABLE.'
+  WHERE UPPER('.$conf['user_fields']['email'].') = UPPER(\''.$email.'\')
+;';
+  $result = pwg_query($query);
+
+  if (pwg_db_num_rows($result) == 0)
+  {
+    return false;
+  }
+  else
+  {
+    list($user_id) = pwg_db_fetch_row($result);
+    return $user_id;
+  }
+}
+
 /**
  * search an available feed_id
  *
@@ -1472,4 +1497,27 @@ function get_sql_condition_FandF(
   return $sql;
 }
 
+/**
+ * search an available activation_key
+ *
+ * @return string
+ */
+function get_user_activation_key()
+{
+  while (true)
+  {
+    $key = generate_key(20);
+    $query = '
+SELECT COUNT(*)
+  FROM '.USER_INFOS_TABLE.'
+  WHERE activation_key = \''.$key.'\'
+;';
+    list($count) = pwg_db_fetch_row(pwg_query($query));
+    if (0 == $count)
+    {
+      return $key;
+    }
+  }
+}
+
 ?>
\ No newline at end of file