Merge pull request ci-blox#31 from larsenharvey/master

Added forgot password functionality
jruizd · Jun 19, 2018 · d2963af · d2963af
2 parents 196537a + bfab996
commit d2963af
Show file tree

Hide file tree

Showing 3 changed files with 232 additions and 46 deletions.
diff --git a/igocore/modules/securinator/views/auth/forgot.php b/igocore/modules/securinator/views/auth/forgot.php
@@ -1,44 +1,173 @@
+<!DOCTYPE html>
+<html>
+<style>
+
+    body{
+        background: url("http://ignitiongo.local/assets/img/boxed-bg.jpg");
+    }
+
+    #body-box{
+        border-radius:6px;
+        margin-top:5%;  
+        margin-left:22%;
+        font-size:16px;
+    }
+
+    #forgot-text{
+        font-size:14px;
+    }
+
+    #forgot-label{
+        background:none;
+    }
+
+    #email, #new-pw, #confirm-pw{
+        border-radius:6px;
+        font-size:14px;
+    }
+
+    #invalid-email{
+        font-size:14px;
+        color:#ff3333; 
+        float:left;
+        padding:2% 0% 0% 1.5%;
+    }
+
+    #submit, #submit1 {
+        border-radius:6px;
+        display:inline-block;
+        float:right;
+        font-size:16px;
+    }
+
+    .hidden{
+        display:none;
+    }
+
+    #new-pw, #confirm-pw{
+        margin-top:2%;
+    }
+
+    #show-pw-text{
+        font-size:14px;
+        display:inline-block;
+        float:left;
+        padding:1% 0 0 2%;
+    }
+
+
+
+</style>
+
+<head><script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
+<title>Forgot Password</title></head>
+
+<body>
+<div class="container" id="body-box">
+    <div class="card col-sm-6">
+        <div class="card-header h3" id="forgot-label">Forgot Password?</div>
+        <div class="card-body forgotpw-card-body">
+            <div id="email-div">    
+                <p id="forgot-text">
+                        If you have forgotten your password and/or username, 
+                        enter the email address used for your account.
+                        <?php /* and we will send you an e-mail
+                        with instructions on how to access your account. */
+                        ?> </p>
+                <div class="form-group">
+                    <label for="email">Email:</label>
+                    <input id="email" class="form-control" type="email" placeholder="Your Email">
+                </div>
+                <div id="invalid-email" class="hidden">Invalid Email</div>
+                <br/>
+                <button id="submit1" class="btn btn-primary" onclick='showResetFields();'>Reset Password</button>
+            </div>
+
+            <div id="changepw-div" class="hidden">
+                <h5 id="new-pw-label">Please enter a new password:</h5>
+                <input type="password" id="new-pw" class="form-control" placeholder="New password: ">
+                <input type="password" id="confirm-pw" class="form-control" placeholder="Retype password: ">
+                <div  id="show-pw-text">
+                    <input type="checkbox" id="showPW-check" onclick="showPassword()" > Show Password
+                </div>
+                <br>
+                <button type="submit" id="submit" class="btn btn-primary" onclick='checkPW();'>Reset Password</button>
+            </div>
+
+            <div id="success-msg" class="hidden">
+                <h2>Success!</h2>
+                <h6>Your password has been changed successfully. Please log in again with your new password.</h6>
+            </div>
 
-<div class="container">
-
-<div class="card col-sm-6">
-    <div class="card-header h3">Forgot Password?</div>
-    <div class="card-body forgotpw-card-body">
-    <p>
-			If you have forgotten your password and/or username, 
-			enter the email address used for your account.
-<?php            /* and we will send you an e-mail
-            with instructions on how to access your account. */
-         ?> </p>
-
-        <div class="form-group">
-        <label for="email">Email:</label>
-        <input id="email" class="form-control" type="email" placeholder="Your Email">
         </div>
-        <br/>
-        <button type="submit" id="submit" class="btn btn-primary" onclick='return resetpw();' >Reset Password</button>
-<div id="display"></div>
+    </div>
+</div>
+
+
 <script>
-function resetpw(){
-var em = $("#email").val().trim();
-if(em.length < 5) {
-    $("#display").html('Email is required.');
-    return true;
-}
-var dataString = 'em1='+ em;
-$.ajax({
-type: "POST",
-url: "<?php echo base_url(); ?>users/recover",
-data: dataString,
-cache: false,
-success: function(result){
-$("#display").html(result.msg);
-}
-});
-return false;
-}
+    function showResetFields(){
+        var em = $("#email").val().trim();
+        if(em.length < 5) {
+            $('#invalid-email').removeClass('hidden');
+            return true;
+        }
+        var dataString = 'em1='+ em;
+        $.ajax({
+            type: "POST",
+            url: "<?php echo base_url(); ?>users/recover",
+            data: dataString,
+            cache: false,
+            success: function(result){
+            $("#display").html(result.msg);
+            $('#changepw-div').removeClass('hidden');
+            $('#email-div').addClass('hidden');
+        }
+        });
+    }
+
+
+    function checkPW() {
+        var newPW = document.getElementById("new-pw").value;
+        var confirmPW = document.getElementById("confirm-pw").value;
+        if (newPW != confirmPW) {
+            alert("The passwords entered do not match.");
+            return false;
+        } else if (newPW.length < <?php echo $pw_min_length?>) {
+            alert("Your password must be at least <?php echo $pw_min_length?> characters.");
+        <?php if($pw_force_numbers == 0) { ?> 
+        } else if (newPW.search(/\d/) == -1) {
+            alert("Your password must contain at least one number.");
+        <?php } ?> 
+        } else { 
+            var dataString = 'newpw='+ newPW+'&email='+$('#email').val().trim();
+            $.ajax({
+                type: "POST",
+                url: "<?php echo base_url()?>users/reset_password",
+                data: dataString,
+                success: function(result) {
+                    $('#changepw-div').addClass('hidden');
+                    $('#success-msg').removeClass('hidden'); 
+                    $('#forgot-label').addClass('hidden'); 
+                    return true;
+                },
+                error: function(msg) {
+                }
+            });
+        }
+    }
+
+    function showPassword(){
+        var pw1 = document.getElementById("new-pw");
+        var pw2 = document.getElementById("confirm-pw");
+        if (pw1.type === "password") {
+            pw1.type = "text";
+            pw2.type = "text";
+        } else {
+            pw1.type = "password";
+            pw2.type = "password";
+        }
+    }
+
 </script>
-</div>
-</div>
-</div>
-</div>
+</body>
+</html>
diff --git a/igocore/modules/securinator/views/auth/login.php b/igocore/modules/securinator/views/auth/login.php
@@ -1,4 +1,8 @@
 <style>
+    #login-box-body{
+        border-radius:6px;
+    }
+
     body.layout-boxed>.wrapper {
         background-color: transparent;
         box-shadow: none;
@@ -7,16 +11,53 @@
     .login-box-body {
         box-shadow: 0 20px 32px rgba(0, 0, 0, 0.25);
     }
+
+    #username, #password{
+        border-radius:6px;
+    }
+
+    #rememberme-div{
+        display:inline-block;
+        float:left;
+        padding-left:2%;
+        font-size:13px;
+    }
+
+    #forgot-div{
+        display:inline-block;
+        float:right;
+        padding-right:2.5%;
+    }
+
+    #forgot-password{
+        font-style:italic;
+        font-size:12px;
+    }
+
+    #submit-div{
+        text-align:center;
+    }
+
+    #submit-button{
+        width:98%;
+        border-radius:6px;
+    }
+
 </style>
+
+<head>
+<title>Login</title>
+</head>
+
 <div class="login-box">
     <div class="login-logo">
         <strong>
             <?php echo $secareatitleorlogo; ?>
         </strong>
     </div>
 
-    <div class="login-box-body">
-        <p class="login-box-msg">Please Sign In</p>
+    <div class="login-box-body" id="login-box-body">
+
         <form action="<?php echo base_url($secarea); ?>/check/login" method="post" accept-charset="utf-8">
             <div class="form-group">
                 <label for="username">Username</label>
@@ -28,14 +69,17 @@
                 <span class="fa fa-lock form-control-feedback" style="position: relative; left: 220px; top: 40px;"></span>
                 <input type="password" name="password" value="" id="password" class="form-control" />
             </div>
-            <div class="form-group icheck">
+            <div class="form-group icheck" id="rememberme-div">
                 <input type="checkbox" class="form-check-input" id="rememberme">
                 <label class="form-check-label" for="rememberme">Remember me</label>
             </div>
+            <div class="form-group" id="forgot-div">
+                <a href="/users/forgot" id="forgot-password">Forgot password?</a>
+            </div>
             <div class="clear"></div>
-            <div class="form-group">
-                <button type="submit" class="btn btn-primary">Sign In</button>
+            <div class="form-group" id="submit-div">
+                <button type="submit" class="btn btn-primary" id="submit-button">Sign In</button>
             </div>
         </form>
     </div>
-</div>
+</div>
diff --git a/igocore/modules/users/controllers/Users.php b/igocore/modules/users/controllers/Users.php
@@ -134,6 +134,11 @@ public function register()
      */
     public function forgot()
     {
+        $this->load->library('settings');
+        $min_length = $this->settings->item('auth.password_min_length');
+        $force_numbers = $this->settings->item('auth.password_force_numbers');
+        Template::set('pw_min_length', $min_length);
+        Template::set('pw_force_numbers', $force_numbers);
         Template::set('secarea', '');
         Template::set('secareatitleorlogo', 'Ignition Go');
         Template::set_view('securinator/auth/forgot');
@@ -190,4 +195,12 @@ public function recover()
         echo('{'.$ret.'}');
             exit;
     }
+
+    public function reset_password(){
+        $newpw=$_POST['newpw'];
+        $pw_hash=$this->auth->hash_password($newpw)['hash'];
+        $this->db->where('email',$_POST['email']);
+        $this->db->set('password_hash',$pw_hash);
+        return $this->db->update('users');
+    }
 }