From 61fc1fc92bb8362b24a78fff44dea85fbb8fa93f Mon Sep 17 00:00:00 2001
From: Peter Goodhall <peter@magicbug.co.uk>
Date: Tue, 18 Jan 2022 15:29:22 +0000
Subject: [PATCH] [Password Reset] Creates DB columns and password reset views
 and process.

---
 application/config/migration.php              |  2 +-
 application/controllers/User.php              | 72 +++++++++++++++++++
 .../082_add_reset_pass_to_users.php           | 29 ++++++++
 application/models/User_model.php             | 40 +++++++++++
 application/views/email/forgot_password.php   | 12 ++++
 application/views/user/forgot_password.php    | 38 ++++++++++
 6 files changed, 192 insertions(+), 1 deletion(-)
 create mode 100644 application/migrations/082_add_reset_pass_to_users.php
 create mode 100644 application/views/email/forgot_password.php
 create mode 100644 application/views/user/forgot_password.php

diff --git a/application/config/migration.php b/application/config/migration.php
index 869896e7..caf4aa6d 100644
--- a/application/config/migration.php
+++ b/application/config/migration.php
@@ -22,7 +22,7 @@ $config['migration_enabled'] = TRUE;
 |
 */
 
-$config['migration_version'] = 81;
+$config['migration_version'] = 82;
 
 /*
 |--------------------------------------------------------------------------
diff --git a/application/controllers/User.php b/application/controllers/User.php
index 7652f6c1..fa990099 100644
--- a/application/controllers/User.php
+++ b/application/controllers/User.php
@@ -487,4 +487,76 @@ class User extends CI_Controller {
 		$this->session->set_flashdata('notice', 'User '.$user_name.' logged out.');
 		redirect('dashboard');
 	}
+
+	/**
+	 * Function: forgot_password
+	 * 
+	 * Allows users to input an email address and a password will be sent to that address.
+	 * 
+	 */
+	function forgot_password() {
+
+		$this->load->helper(array('form', 'url'));
+
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules('email', 'Email', 'required');
+
+		if ($this->form_validation->run() == FALSE)
+		{
+			$data['page_title'] = "Forgot Password";
+			$this->load->view('interface_assets/mini_header', $data);
+			$this->load->view('user/forgot_password');
+			$this->load->view('interface_assets/footer');
+		}
+		else
+		{
+			// Check email address exists
+			$this->load->model('user_model');
+			
+			$check_email = $this->user_model->check_email_address($this->input->post('email', true));
+
+			print_r($check_email);
+
+			if($check_email == TRUE) {
+				// Generate password reset code 50 characters long
+				$this->load->helper('string');
+				$reset_code = random_string('alnum', 50);
+
+				$this->user_model->set_password_reset_code($this->input->post('email', true), $reset_code);
+				
+				// Send email with reset code
+
+				$config = Array(
+					'protocol' => 'smtp',
+					'smtp_host' => 'smtp.mailtrap.io',
+					'smtp_port' => 2525,
+					'smtp_user' => '2a4ee81ff3810f',
+					'smtp_pass' => 'bd4ec48aa67b14',
+					'crlf' => "\r\n",
+					'newline' => "\r\n"
+				  );
+
+				$this->data['reset_code'] = $reset_code;
+				$this->load->library('email');
+				$this->email->initialize($config);
+				$message = $this->load->view('email/forgot_password', $this->data,  TRUE);
+
+				$this->email->from('noreply@cloudlog.co.uk', 'Cloudlog');
+				$this->email->to($this->input->post('email', true));
+
+				$this->email->subject('Cloudlog Account Password Reset');
+				$this->email->message($message);
+
+				$this->email->send();
+				// Redirect to login page with message
+				$this->session->set_flashdata('notice', 'Password Reset Processed.');
+				redirect('user/login');
+			} else {
+				// No account found just return to login page
+				$this->session->set_flashdata('notice', 'Password Reset Processed.');
+				redirect('user/login');
+			}
+		}
+	}
 }
diff --git a/application/migrations/082_add_reset_pass_to_users.php b/application/migrations/082_add_reset_pass_to_users.php
new file mode 100644
index 00000000..f2b697eb
--- /dev/null
+++ b/application/migrations/082_add_reset_pass_to_users.php
@@ -0,0 +1,29 @@
+<?php
+
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * Class Migration_create_eqsl_images_table
+ *
+ * Creates columnns reset_password_code and reset_password_time in the users table
+ * 
+ */
+
+class Migration_add_reset_pass_to_users extends CI_Migration {
+
+        public function up()
+        {
+                $fields = array(
+                        'reset_password_code varchar(50) DEFAULT NULL',
+                        'reset_password_date TIMESTAMP DEFAULT NULL',
+                );
+
+                $this->dbforge->add_column('users', $fields);
+        }
+
+        public function down()
+        {
+                $this->dbforge->drop_column('users', 'reset_password_code');
+                $this->dbforge->drop_column('users', 'reset_password_date');
+        }
+}
\ No newline at end of file
diff --git a/application/models/User_model.php b/application/models/User_model.php
index 6c1073bf..21272ba0 100644
--- a/application/models/User_model.php
+++ b/application/models/User_model.php
@@ -55,6 +55,27 @@ class User_Model extends CI_Model {
 		return $r;
 	}
 
+	/*
+	 * Function: check_email_address
+	 * 
+	 * Checks if an email address is already in use
+	 * 
+	 * @param string $email
+	 */
+	function check_email_address($email) {
+
+		$clean_email = $this->security->xss_clean($email);
+
+		$this->db->where('user_email', $clean_email);
+		$query = $this->db->get($this->config->item('auth_table'));
+		
+		if ($query->num_rows() > 0) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+
 	// FUNCTION: bool exists($username)
 	// Check if a user exists (by username)
 	function exists($username) {
@@ -373,6 +394,25 @@ class User_Model extends CI_Model {
 		return $result->result();
 	}
 
+	/*
+	 * FUNCTION: set_password_reset_code
+	 *
+	 * Stores generated password reset code in the database and sets the date to exactly
+	 * when the sql query runs.
+	 * 
+	 * @param string $user_email
+	 * @return string $reset_code
+	 */
+	function set_password_reset_code($user_email, $reset_code) {
+		$data = array(
+			'reset_password_code' => $reset_code,
+			'reset_password_date' => date('Y-m-d H:i:s')
+		);
+				
+		$this->db->where('user_email', $user_email);
+		$this->db->update('users', $data);
+	}
+
 	// FUNCTION: bool _auth($password, $hash)
 	// Checks a password against the stored hash
 	private function _auth($password, $hash) {
diff --git a/application/views/email/forgot_password.php b/application/views/email/forgot_password.php
new file mode 100644
index 00000000..f7361aa9
--- /dev/null
+++ b/application/views/email/forgot_password.php
@@ -0,0 +1,12 @@
+Hi,
+
+You or someone else has requested a password reset on your Cloudlog account.
+
+Your password reset code is: <?php echo $reset_code; ?>
+
+
+If you didn't request this just ignore.
+
+Regards,
+
+Cloudlog.
\ No newline at end of file
diff --git a/application/views/user/forgot_password.php b/application/views/user/forgot_password.php
new file mode 100644
index 00000000..a258df03
--- /dev/null
+++ b/application/views/user/forgot_password.php
@@ -0,0 +1,38 @@
+<div id="container" class="container mx-auto pt-5">
+	<div class="row">
+		<div class="col-12">
+            <div class="panel panel-default">
+              <div class="panel-body">
+                <div class="text-center">
+                  <h3><i class="fa fa-lock fa-4x"></i></h3>
+                  <h2 class="text-center">Forgot Password?</h2>
+                  <p>You can reset your password here.</p>
+                  <div class="panel-body">
+                    
+                    <?php if(validation_errors() != ''): ?>
+                    <div class="alert alert-danger" role="alert">
+                        <?php echo validation_errors(); ?>
+                    </div>
+                    <?php endif; ?>
+
+                    <form id="register-form" role="form" autocomplete="off" class="form" method="post" action="<?php echo site_url('user/forgot_password'); ?>">
+                      <div class="form-group">
+                        <div class="input-group">
+                          <span class="input-group-addon"><i class="glyphicon glyphicon-envelope color-blue"></i></span>
+                          <input id="email" name="email" placeholder="email address" class="form-control"  type="email">
+                        </div>
+                      </div>
+                      <div class="form-group">
+                        <input name="recover-submit" class="btn btn-lg btn-primary btn-block" value="Reset Password" type="submit">
+                      </div>
+                      
+                      <input type="hidden" class="hide" name="token" id="token" value=""> 
+                    </form>
+    
+                  </div>
+                </div>
+              </div>
+            </div>
+          </div>
+	</div>
+</div>
\ No newline at end of file