operator email, password retrieval - part 1

git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@650 c66351dc-e62f-0410-b875-e3a5c0b9693f
2025-01-22 18:10:34 +03:00 · 2009-08-31 22:43:30 +00:00 · 2009-08-31 22:43:30 +00:00 · 03eab80aca
commit 03eab80aca
parent 60a305b45c
10 changed files with 238 additions and 11 deletions
--- a/src/messenger/webim/default.css
+++ b/src/messenger/webim/default.css
@ -368,6 +368,15 @@ div.errinfo {
 	padding-top: 10px;
 }

+.fbutton .links {
+	float: right;
+	margin-top: 5px;
+}
+
+.fbutton .submitbutton {
+	float: left;
+}
+
 .formauth {
 }

--- a/src/messenger/webim/install/dbinfo.php
+++ b/src/messenger/webim/install/dbinfo.php
@ -76,6 +76,8 @@ $dbtables = array(
 		"vcavatar" => "varchar(255)",
 		"vcjabbername" => "varchar(255)",
 		"iperm" => "int DEFAULT 65535",
+		"dtmrestore" => "datetime DEFAULT 0",
+		"vcrestoretoken" => "varchar(64)",
 	),

 	"chatrevision" => array(
@ -115,7 +117,7 @@ $memtables = array();
 $dbtables_can_update = array(
 	"chatthread" => array("agentId", "userTyping", "agentTyping", "messageCount", "nextagent", "shownmessageid", "userid", "userAgent", "groupid"),
 	"chatmessage" => array("agentId"),
-	"chatoperator" => array("vcavatar", "vcjabbername", "iperm", "istatus", "vcemail"),
+	"chatoperator" => array("vcavatar", "vcjabbername", "iperm", "istatus", "vcemail", "dtmrestore", "vcrestoretoken"),
 	"chatban" => array(),
 	"chatgroup" => array("vcemail"),
 	"chatgroupoperator" => array(),
@ -159,7 +161,7 @@ function create_table($id,$link) {
 	mysql_query($query,$link) or show_install_err(' Query failed: '.mysql_error());

 	if( $id == 'chatoperator' ) {
-		create_operator_("admin", "", "Administrator", "Administrator", "", $link);
+		create_operator_("admin", "", "", "Administrator", "Administrator", "", $link);
 	} else if( $id == 'chatrevision' ) {
 		perform_query("INSERT INTO chatrevision VALUES (1)",$link);
 	}
--- a/src/messenger/webim/install/dbperform.php
+++ b/src/messenger/webim/install/dbperform.php
@ -134,6 +134,14 @@ if ($act == "silentcreateall") {
 			runsql("ALTER TABLE chatoperator ADD vcemail varchar(64)", $link);
 		}

+		if( in_array("chatoperator.dtmrestore", $absent) ) {
+			runsql("ALTER TABLE chatoperator ADD dtmrestore datetime DEFAULT 0", $link);
+		}
+
+		if( in_array("chatoperator.vcrestoretoken", $absent) ) {
+			runsql("ALTER TABLE chatoperator ADD vcrestoretoken varchar(64)", $link);
+		}
+		
 		if( in_array("chatthread.groupid", $absent) ) {
 			runsql("ALTER TABLE chatthread ADD groupid int references chatgroup(groupid)", $link);
 		}
--- a/src/messenger/webim/libs/operator.php
+++ b/src/messenger/webim/libs/operator.php
@ -41,6 +41,14 @@ function operator_by_login($login) {
 	return $operator;
 }

+function operator_by_email($mail) {
+	$link = connect();
+	$operator = select_one_row(
+		 "select * from chatoperator where vcemail = '".mysql_real_escape_string($mail)."'", $link );
+	mysql_close($link);
+	return $operator;
+}
+
 function operator_by_id_($id,$link) {
 	return select_one_row(
 		 "select * from chatoperator where operatorid = $id", $link );
@ -53,16 +61,17 @@ function operator_by_id($id) {
 	return $operator;
 }

-function update_operator($operatorid,$login,$password,$localename,$commonname) {
+function update_operator($operatorid,$login,$email,$password,$localename,$commonname) {
 	$link = connect();
 	$query = sprintf(
 		"update chatoperator set vclogin = '%s',%s vclocalename = '%s', vccommonname = '%s'".
-		", vcjabbername= '%s'".
+		", vcemail = '%s', vcjabbername= '%s'".
 		" where operatorid = %s",
 		mysql_real_escape_string($login),
 		($password ? " vcpassword='".md5($password)."'," : ""),
 		mysql_real_escape_string($localename),
 		mysql_real_escape_string($commonname),
+		mysql_real_escape_string($email),
 		'',
 		$operatorid );

@ -80,14 +89,15 @@ function update_operator_avatar($operatorid,$avatar) {
 	mysql_close($link);
 }

-function create_operator_($login,$password,$localename,$commonname,$avatar,$link) {
+function create_operator_($login,$email,$password,$localename,$commonname,$avatar,$link) {
 	$query = sprintf(
-		"insert into chatoperator (vclogin,vcpassword,vclocalename,vccommonname,vcavatar,vcjabbername) values ('%s','%s','%s','%s','%s','%s')",
+		"insert into chatoperator (vclogin,vcpassword,vclocalename,vccommonname,vcavatar,vcemail,vcjabbername) values ('%s','%s','%s','%s','%s','%s','%s')",
 			mysql_real_escape_string($login),
 			md5($password),
 			mysql_real_escape_string($localename),
 			mysql_real_escape_string($commonname),
-			mysql_real_escape_string($avatar), '');
+			mysql_real_escape_string($avatar),
+			mysql_real_escape_string($email), '');

 	perform_query($query,$link);
 	$id = mysql_insert_id($link);
@ -95,9 +105,9 @@ function create_operator_($login,$password,$localename,$commonname,$avatar,$link
 	return select_one_row("select * from chatoperator where operatorid = $id", $link );
 }

-function create_operator($login,$password,$localename,$commonname,$avatar) {
+function create_operator($login,$email,$password,$localename,$commonname,$avatar) {
 	$link = connect();
-	$newop = create_operator_($login,$password,$localename,$commonname,$avatar,$link);
+	$newop = create_operator_($login,$email,$password,$localename,$commonname,$avatar,$link);
 	mysql_close($link);
 	return $newop;
 }
--- a/src/messenger/webim/locales/en/properties
+++ b/src/messenger/webim/locales/en/properties
@ -143,6 +143,8 @@ form.field.groupname=Name
 form.field.login.description=Login can consist of small Latin letters and underscore.
 form.field.login=Login
 form.field.message=Message
+form.field.mail.description=For notifications and password retrieval.
+form.field.mail=E-mail
 form.field.name=Your name
 form.field.password.description=Enter new password or leave the field empty to keep previous one.
 form.field.password=Password
@ -371,6 +373,16 @@ report.byoperator.4=Average message length (in chars)
 report.byoperator.title=Threads by operator
 report.no_items=Not enough data
 report.total=Total:
+restore.pwd.message=Forgot your password?
+restore.title=Trouble Accessing Your Account?
+restore.intro=You can't retrieve your password, but you can set a new one by following a link sent to you by email.
+restore.emailorlogin=Login or E-mail:
+restore.back_to_login=Back to login
+restore.submit=Reset password
+restore.sent.title=Password retrieval
+restore.sent=We've sent the instructions to your email. Please, check it!
+restore.mailsubj=Reset your Mibew password
+restore.mailtext=Hi, {0}\n\nPlease click on the link below or copy and paste the URL into your browser:\n{1}\n\nThis will let you choose another password.\n\nMibew Messenger.
 right.administration=Administration
 right.main=Main
 right.other=Other
--- a/src/messenger/webim/operator/operator.php
+++ b/src/messenger/webim/operator/operator.php
@ -32,6 +32,7 @@ $opId = '';
 if( isset($_POST['login']) && isset($_POST['password']) ) {
 	$opId = verifyparam( "opid", "/^(\d{1,9})?$/", "");
 	$login = getparam('login');
+	$email = getparam('email');
 	$password = getparam('password');
 	$passwordConfirm = getparam('passwordConfirm');
 	$localname = getparam('name');
@ -49,6 +50,9 @@ if( isset($_POST['login']) && isset($_POST['password']) ) {
 		$errors[] = getlocal("page_agent.error.wrong_login");
 	}

+	if($email != '' && !is_valid_email($email))
+		$errors[] = wrong_field("form.field.mail");
+
 	if( !$opId && !$password )
 		$errors[] = no_field("form.field.password");

@ -68,17 +72,18 @@ if( isset($_POST['login']) && isset($_POST['password']) ) {
 	
 	if( count($errors) == 0 ) {
 		if (!$opId) {
-			$newop = create_operator($login,$password,$localname,$commonname,"");
+			$newop = create_operator($login,$email,$password,$localname,$commonname,"");
 			header("Location: $webimroot/operator/avatar.php?op=".$newop['operatorid']);
 			exit;
 		} else {
-			update_operator($opId,$login,$password,$localname,$commonname);
+			update_operator($opId,$login,$email,$password,$localname,$commonname);
 			header("Location: $webimroot/operator/operator.php?op=$opId&stored");
 			exit;
 		}
 	} else {
 		$page['formlogin'] = topage($login);
 		$page['formname'] = topage($localname);
+		$page['formemail'] = topage($email);
 		$page['formcommonname'] = topage($commonname);
 		$page['opid'] = topage($opId);
 	}
@ -93,6 +98,7 @@ if( isset($_POST['login']) && isset($_POST['password']) ) {
 	} else {
 		$page['formlogin'] = topage($op['vclogin']);
 		$page['formname'] = topage($op['vclocalename']);
+		$page['formemail'] = topage($op['vcemail']);
 		$page['formcommonname'] = topage($op['vccommonname']);
 		$page['opid'] = topage($op['operatorid']);
 	}
--- a/src/messenger/webim/operator/restore.php
+++ b/src/messenger/webim/operator/restore.php
@ -0,0 +1,67 @@
+<?php
+/*
+ * This file is part of Mibew Messenger project.
+ * 
+ * Copyright (c) 2005-2009 Mibew Messenger Community
+ * All rights reserved. The contents of this file are subject to the terms of
+ * the Eclipse Public License v1.0 which accompanies this distribution, and
+ * is available at http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License Version 2 or later (the "GPL"), in which case
+ * the provisions of the GPL are applicable instead of those above. If you wish
+ * to allow use of your version of this file only under the terms of the GPL, and
+ * not to allow others to use your version of this file under the terms of the
+ * EPL, indicate your decision by deleting the provisions above and replace them
+ * with the notice and other provisions required by the GPL.
+ * 
+ * Contributors:
+ *    Evgeny Gryaznov - initial API and implementation
+ */
+
+require_once('../libs/common.php');
+require_once('../libs/operator.php');
+require_once('../libs/settings.php');
+
+$errors = array();
+$page = array('version' => $version);
+$loginoremail = "";
+
+if (isset($_POST['loginoremail'])) {
+	$loginoremail = getparam("loginoremail");
+	
+	$torestore = is_valid_email($loginoremail) ? operator_by_email($loginoremail) : operator_by_login($loginoremail);
+	if(!$torestore) {
+		$errors[] = getlocal("no_such_operator");
+	}
+	
+	$email = $torestore['vcemail'];
+	if(count($errors) == 0 && !is_valid_email($email)) {
+		$errors[] = "Operator hasn't set his e-mail";
+	}
+	
+	if (count($errors) == 0) {
+		$token = md5((time() + microtime()).rand(0,99999999));
+		
+		$link = connect();
+		$query = "update chatoperator set dtmrestore = CURRENT_TIMESTAMP, vcrestoretoken = '$token' where operatorid = ".$torestore['operatorid'];
+		perform_query($query, $link);
+		mysql_close($link);
+		
+		$link = get_app_location(true,false)."/operator/resetpwd.php?id=".$torestore['operatorid']."&token=$token";
+		
+		webim_mail($email, $email, getstring("restore.mailsubj"), getstring2("restore.mailtext",array(get_operator_name($torestore), $link)));
+
+		$page['isdone'] = true;
+		require('../view/restore.php');
+		exit;
+    }
+}
+
+$page['formloginoremail'] = topage($loginoremail);
+
+$page['localeLinks'] = get_locale_links("$webimroot/operator/restore.php");
+$page['isdone'] = false;
+start_html_output();
+require('../view/restore.php');
+?>
--- a/src/messenger/webim/view/agent.php
+++ b/src/messenger/webim/view/agent.php
@ -66,6 +66,15 @@ require_once('inc_errors.php');
 			<br clear="all"/>
 		</div>

+		<div class="field">
+			<div class="flabel"><?php echo getlocal('form.field.mail') ?></div>
+			<div class="fvalue">
+				<input type="text" name="email" size="40" value="<?php echo form_value('email') ?>" class="formauth"<?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
+			</div>
+			<div class="fdescr"> &mdash; <?php echo getlocal('form.field.mail.description') ?></div>
+			<br clear="all"/>
+		</div>
+
 		<div class="field">
 			<div class="flabel"><?php echo getlocal('form.field.password') ?><?php if( !$page['opid'] ) { ?><span class="required">*</span><?php } ?></div>
 			<div class="fvalue">
--- a/src/messenger/webim/view/login.php
+++ b/src/messenger/webim/view/login.php
@ -77,6 +77,10 @@ require_once('inc_errors.php');

 		<div class="fbutton">
 			<input type="image" name="login" src='<?php echo $webimroot.getlocal("image.button.login") ?>' alt='<?php echo getlocal("button.enter") ?>'/>
+
+			<div class="links">
+				<a href="restore.php"><?php echo getlocal("restore.pwd.message") ?></a><br/>
+			</div>
 		</div>

 	</div>
--- a/src/messenger/webim/view/restore.php
+++ b/src/messenger/webim/view/restore.php
@ -0,0 +1,100 @@
+<?php
+/*
+ * This file is part of Mibew Messenger project.
+ * 
+ * Copyright (c) 2005-2009 Mibew Messenger Community
+ * All rights reserved. The contents of this file are subject to the terms of
+ * the Eclipse Public License v1.0 which accompanies this distribution, and
+ * is available at http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License Version 2 or later (the "GPL"), in which case
+ * the provisions of the GPL are applicable instead of those above. If you wish
+ * to allow use of your version of this file only under the terms of the GPL, and
+ * not to allow others to use your version of this file under the terms of the
+ * EPL, indicate your decision by deleting the provisions above and replace them
+ * with the notice and other provisions required by the GPL.
+ * 
+ * Contributors:
+ *    Evgeny Gryaznov - initial API and implementation
+ */
+
+if(isset($page) && isset($page['localeLinks'])) {
+	require_once('inc_locales.php');
+}
+$page['title'] = getlocal("restore.title");
+$page['headertitle'] = getlocal("app.title");
+$page['show_small_login'] = true;
+$page['fixedwrap'] = true;
+
+function tpl_content() { 
+	global $page, $webimroot, $errors;
+	
+	if($page['isdone']) {
+?>
+<div id="loginpane">
+	<div class="header">	
+		<h2><?php echo getlocal("restore.sent.title") ?></h2>
+	</div>
+
+	<div class="fieldForm">
+		<?php echo getlocal("restore.sent") ?>
+		<br/>
+		<br/>
+		<a href="login.php"><?php echo getlocal("restore.back_to_login") ?></a>
+	</div>
+</div>	
+	
+<?php 		
+	} else {
+?>
+
+<form name="restoreForm" method="post" action="<?php echo $webimroot ?>/operator/restore.php">
+	<div id="loginpane">
+
+	<div class="header">	
+		<h2><?php echo getlocal("restore.title") ?></h2>
+	</div>
+
+	<div class="fieldForm">
+	
+		<?php echo getlocal("restore.intro") ?><br/><br/>
+
+<?php 
+require_once('inc_errors.php');
+?>
+	
+		<div class="field">
+			<div class="fleftlabel"><?php echo getlocal("restore.emailorlogin") ?></div>
+			<div class="fvalue">
+				<input type="text" name="loginoremail" size="25" value="<?php echo form_value('loginoremail') ?>" class="formauth"/>
+			</div>
+			<br clear="all"/>
+		</div>
+
+		<div class="fbutton">
+			<table class="submitbutton"><tr>
+				<td><a href="javascript:restoreForm.submit();">
+					<img src='<?php echo $webimroot ?>/images/submit.gif' width="40" height="35" border="0" alt="" /></a></td>
+				<td class="submit"><a href="javascript:restoreForm.submit();">
+					<?php echo getlocal("restore.submit") ?></a></td>
+				<td><a href="javascript:restoreForm.submit();">
+					<img src='<?php echo $webimroot ?>/images/submitrest.gif' width="10" height="35" border="0" alt="" /></a></td>
+			</tr></table>
+
+			<div class="links">
+				<a href="login.php"><?php echo getlocal("restore.back_to_login") ?></a>
+			</div>
+		</div>
+
+	</div>
+
+	</div>		
+</form>
+
+<?php 
+	}
+} /* content */
+
+require_once('inc_main.php');
+?>