diff --git a/checkin_notes b/checkin_notes index 21a87bdfc4..88e4ed0c00 100644 --- a/checkin_notes +++ b/checkin_notes @@ -11361,3 +11361,24 @@ David 19 Nov 2007 html/user/ forum_user_posts.php + +David 19 Nov 2007 + - user web: clean up logic for dealing with forgotten password: + - login form now has ONLY email/passwd + ("login with account key" is gone) + - "forgot password?" takes you to a page with two options: + 1) type in email address, get an email with login link + 2) instructions for recovering account key from BOINC account file + - email is stripped-down, has login link and not much else + + fixes #190 + + html/ + inc/ + email.inc + util.inc + user/ + get_passwd.php + login_action.php + mail_passwd.php + white.css diff --git a/html/inc/email.inc b/html/inc/email.inc index a9eb0e5166..2b6f403413 100644 --- a/html/inc/email.inc +++ b/html/inc/email.inc @@ -65,56 +65,32 @@ function send_auth_email($user, $is_new) { $body = ""; if ($is_new) { - $subject = PROJECT." account confirmation for $user->name"; + $subject = PROJECT." account confirmation"; $body = "Welcome to ".PROJECT.". This email confirms your account with ".PROJECT.": Project URL: $master_url User name: $user->name E-mail: $user->email_addr - Account Key: $user->authenticator - (use this to log in if you forget your password) "; } else { - $subject = PROJECT." information for $user->name"; - $body = "Your ".PROJECT." account information is: + $subject = PROJECT." account information"; + $body = "This email was sent in reponse to a request on the ".PROJECT." web site. - Project URL: $master_url - User name: $user->name - E-mail: $user->email_addr - Account Key: $user->authenticator - (use this to log in if you forget your password) +To log in to your ".PROJECT." account, visit: +".$master_url."login_action.php?key=$user->authenticator + +After logging in, you can change your account's password or email address. "; } $body .= " - -For further information and assistance with ".PROJECT." go to +For further information and assistance with ".PROJECT.", visit $master_url "; return send_email($user, $subject, $body); } -// Function simply outputs some text letting the user know -// their authenticator was emailed to them. -// -function email_sent_message($email_addr) { - if (defined('EMAIL_FROM')) { - $email_from = EMAIL_FROM; - } else { - $email_from = URL_BASE; - } - - echo " - Your Account Key has been emailed to $email_addr. -

- If the email doesn't arrive in a few minutes, - your ISP may be blocking it as spam. - In this case please contact your ISP and - ask them to not block email from $email_from. - "; -} - // a valid email address is of the form A@B.C // where A, B, C are nonempty, // A and B don't contain @ or ., diff --git a/html/inc/util.inc b/html/inc/util.inc index 6b30dc27e7..85849eca89 100644 --- a/html/inc/util.inc +++ b/html/inc/util.inc @@ -368,25 +368,14 @@ function print_login_form_aux($next_url, $user) { "; start_table(); - row1("Log in with email/password"); row2("Email address:", ''); - row2("Password:
Forgot password?", + row2("Password:
Forgot password?", '' ); - row2("", ''); - row1("Log in with account key"); - row2("Your account key: -
- If you don't know your account key, - click here. - ", - "" - ); - row2("", ""); - row1("Stay logged in"); row2("Stay logged in on this computer", "" ); + row2("", ''); if ($user) { row1("Log out"); row2("You are logged in as $user->name", diff --git a/html/user/get_passwd.php b/html/user/get_passwd.php index d71a93fdc7..7d466ea561 100644 --- a/html/user/get_passwd.php +++ b/html/user/get_passwd.php @@ -4,16 +4,63 @@ require_once("../inc/db.inc"); require_once("../inc/util.inc"); require_once("../inc/user.inc"); -page_head("Get account key"); +page_head("Forgot your password?"); + +echo " +

Get email instructions for setting your password

+"; -echo "
\n"; start_table(); +echo "\n"; row2("Email address",""); row2("", ""); -echo "
- Your account key will be emailed to you. - You should receive it in a few minutes.

+echo ""; +end_table(); + +echo " +

+

If your account's email address is no longer valid

+ +If you have run BOINC under the account, +you can access the account +even if you don't know the password and the email +address is no longer valid. Here's how: + + "; +start_table(); + +echo "
\n"; +row2("Log in with authenticator", ""); +row2("", ""); +echo "
"; + +end_table(); + page_tail(); diff --git a/html/user/login_action.php b/html/user/login_action.php index 546fbe0306..fb3dcc36d3 100644 --- a/html/user/login_action.php +++ b/html/user/login_action.php @@ -6,13 +6,12 @@ require_once("../inc/user.inc"); init_session(); -$mode = post_str("mode", true); - // First check for email/password case // $email_addr = strtolower(process_user_text(post_str("email_addr", true))); $passwd = stripslashes(post_str("passwd", true)); -if ($mode == "Log in with email/password") { + +if ($email_addr && $passwd) { $user = lookup_user_email_addr($email_addr); if (!$user) { error_page("No account found with email address $email_addr"); diff --git a/html/user/mail_passwd.php b/html/user/mail_passwd.php index 9c6c7b24f6..73b319902f 100644 --- a/html/user/mail_passwd.php +++ b/html/user/mail_passwd.php @@ -1,10 +1,27 @@ + If the email doesn't arrive in a few minutes, + your ISP may be blocking it as spam. + In this case please contact your ISP and + ask them to not block email from $email_from. + "; +} $email_addr = process_user_text(strtolower($_POST["email_addr"])); if (!strlen($email_addr)) { @@ -23,11 +40,11 @@ if (!$user) { echo "This account has been administratively disabled."; } else { $user->email_addr = $email_addr; - page_head("Mailed account key"); $retval = send_auth_email($user, false); if ($retval) { email_sent_message($email_addr); } else { + page_head("Email failed"); echo "Can't send email to $user->email_addr: $retval"; } } diff --git a/html/user/white.css b/html/user/white.css index ce8d33b6e5..89795243e1 100644 --- a/html/user/white.css +++ b/html/user/white.css @@ -131,7 +131,6 @@ h1, h2 { h3, h4 { color: black; - font-size: small; font-weight: bold; }