Switch 'Handler_Public->forgotpass' to ORM

2025-12-15 19:55:56 +00:00 · 2021-03-17 16:18:06 +00:00
parent f057c124d1
commit 541a07250c
1 changed files with 34 additions and 54 deletions
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -447,24 +447,21 @@ class Handler_Public extends Handler {
 			$login = clean($_REQUEST["login"]);
 			if ($login) {
-				$sth = $this->pdo->prepare("SELECT id, resetpass_token FROM ttrss_users
+				$user = ORM::for_table('ttrss_users')
-					WHERE LOWER(login) = LOWER(?)");
+					->select('id', 'resetpass_token')
-				$sth->execute([$login]);
+					->where_raw('LOWER(login) = LOWER(?)', [$login])
 					->find_one();
-				if ($row = $sth->fetch()) {
+				if ($user) {
-					$id = $row["id"];
+					list($timestamp, $resetpass_token) = explode(":", $user->resetpass_token);
 					$resetpass_token_full = $row["resetpass_token"];
 					list($timestamp, $resetpass_token) = explode(":", $resetpass_token_full);
 					if ($timestamp && $resetpass_token &&
 						$timestamp >= time() - 15*60*60 &&
 						$resetpass_token === $hash) {
 							$user->resetpass_token = null;
 							$user->save();
-							$sth = $this->pdo->prepare("UPDATE ttrss_users SET resetpass_token = NULL
+							UserHelper::reset_password($user->id, true);
 								WHERE id = ?");
 							$sth->execute([$id]);
 							UserHelper::reset_password($id, true);
 							print "<p>"."Completed."."</p>";
@@ -513,7 +510,6 @@ class Handler_Public extends Handler {
 				</form>";
 		} else if ($method == 'do') {
 			$login = clean($_POST["login"]);
 			$email = clean($_POST["email"]);
 			$test = clean($_POST["test"]);
@@ -525,23 +521,20 @@ class Handler_Public extends Handler {
 					<input type='hidden' name='op' value='forgotpass'>
 					<button dojoType='dijit.form.Button' type='submit' class='alt-primary'>".__("Go back")."</button>
 					</form>";
 			} else {
 				// prevent submitting this form multiple times
 				$_SESSION["pwdreset:testvalue1"] = rand(1, 1000);
 				$_SESSION["pwdreset:testvalue2"] = rand(1, 1000);
-				$sth = $this->pdo->prepare("SELECT id FROM ttrss_users
+				$user = ORM::for_table('ttrss_users')
-					WHERE LOWER(login) = LOWER(?) AND email = ?");
+					->select('id')
-				$sth->execute([$login, $email]);
+					->where_raw('LOWER(login) = LOWER(?)', [$login])
 					->where('email', $email)
 					->find_one();
-				if ($row = $sth->fetch()) {
+				if ($user) {
 					print_notice("Password reset instructions are being sent to your email address.");
 					$id = $row["id"];
 					if ($id) {
 					$resetpass_token = sha1(get_random_bytes(128));
 					$resetpass_link = get_self_url_prefix() . "/public.php?op=forgotpass&hash=" . $resetpass_token .
 						"&login=" . urlencode($login);
@@ -569,20 +562,10 @@ class Handler_Public extends Handler {
 					if (!$rc) print_error($mailer->error());
-						$resetpass_token_full = time() . ":" . $resetpass_token;
+					$user->resetpass_token = time() . ":" . $resetpass_token;
-
+					$user->save();
 						$sth = $this->pdo->prepare("UPDATE ttrss_users
 							SET resetpass_token = ?
 							WHERE LOWER(login) = LOWER(?) AND email = ?");
 						$sth->execute([$resetpass_token_full, $login, $email]);
 					} else {
 						print_error("User ID not found.");
 					}
 					print "<a href='index.php'>".__("Return to Tiny Tiny RSS")."</a>";
 				} else {
 					print_error(__("Sorry, login and email combination not found."));
@@ -590,17 +573,14 @@ class Handler_Public extends Handler {
 						<input type='hidden' name='op' value='forgotpass'>
 						<button dojoType='dijit.form.Button' type='submit'>".__("Go back")."</button>
 						</form>";
 				}
 			}
 		}
 		print "</div>";
 		print "</div>";
 		print "</body>";
 		print "</html>";
 	}
 	function dbupdate() {