Use email address for reset password form

Author: carlbennett

src/controllers/User/ResetPassword.php

@@ -40,11 +40,11 @@ public function &run( Router &$router, View &$view, array &$args ) {
     $model->error = null;
     $model->csrf_id = mt_rand();
     $model->csrf_token = CSRF::generate( $model->csrf_id );
+    $model->email = isset( $data[ 'email' ]) ? $data[ 'email' ] : null;
     $model->pw1 = isset( $data[ 'pw1' ]) ? $data[ 'pw1' ] : null;
     $model->pw2 = isset( $data[ 'pw2' ]) ? $data[ 'pw2' ] : null;
     $model->token = isset( $data[ 't' ]) ? $data[ 't' ] : null;
     $model->user = null;
-    $model->username = isset( $data[ 'username' ]) ? $data[ 'username' ] : null;
 
     if ( $router->getRequestMethod() == 'POST' ) {
       $ret = $this->doPasswordReset( $model, $data );
@@ -55,8 +55,8 @@ public function &run( Router &$router, View &$view, array &$args ) {
           getenv( 'REMOTE_ADDR' ),
           json_encode([
             'error' => $model->error,
+            'email' => $model->email,
             'user' => ( $model->user ? true : false ),
-            'username' => $model->username,
           ])
         );
       }
@@ -87,13 +87,13 @@ protected function doPasswordReset( UserResetPasswordModel &$model, &$data ) {
     }
     CSRF::invalidate( $csrf_id );
 
-    if ( empty( $model->username )) {
-      $model->error = 'EMPTY_USERNAME';
+    if ( empty( $model->email )) {
+      $model->error = 'EMPTY_EMAIL';
       return self::RET_FAILURE;
     }
 
     try {
-      $model->user = new User( User::findIdByUsername( $model->username ));
+      $model->user = new User( User::findIdByEmail( $model->email ));
     } catch ( UserNotFoundException $e ) {
       $model->user = null;
     } catch ( InvalidArgumentException $e ) {

src/models/User/ResetPassword.php

@@ -8,9 +8,9 @@ class ResetPassword extends Model {
 
   public $csrf_id;
   public $csrf_token;
+  public $email;
   public $error;
   public $token;
   public $user;
-  public $username;
 
 }

src/templates/Email/User/ResetPassword.plain.phtml

@@ -8,7 +8,7 @@ Hello <?=$this->getContext()->user->getName()?>,
 Someone requested your password to be reset on BNETDocs. If this was you, click
 or copy and paste the link below into your web browser to reset your password.
 
-<?=Common::relativeUrlToAbsolute('/user/resetpassword?username=' . rawurlencode($this->getContext()->user->getUsername()) . '&t=' . rawurlencode($this->getContext()->token))?>
+<?=Common::relativeUrlToAbsolute('/user/resetpassword?email=' . rawurlencode($this->getContext()->user->getEmail()) . '&t=' . rawurlencode($this->getContext()->token))?>
 
 
 **Note:** This link will only be available for 24 hours.

src/templates/Email/User/ResetPassword.rich.phtml

@@ -4,7 +4,7 @@ namespace BNETDocs\Templates\Email\User;
 use \CarlBennett\MVC\Libraries\Common;
 
 $name = filter_var($this->getContext()->user->getName(), FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-$url = Common::relativeUrlToAbsolute('/user/resetpassword?username=' . rawurlencode($this->getContext()->user->getUsername()) . '&t=' . rawurlencode($this->getContext()->token));
+$url = Common::relativeUrlToAbsolute('/user/resetpassword?email=' . rawurlencode($this->getContext()->user->getEmail()) . '&t=' . rawurlencode($this->getContext()->token));
 
 ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional //EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 

src/templates/User/ResetPassword.phtml

@@ -15,11 +15,11 @@ switch ($this->getContext()->error) {
       . 'reset password form expired, or this may have been a malicious'
       . 'attempt to reset your password.';
     break;
-  case 'EMPTY_USERNAME':
-    $message = 'The username was left blank.';
+  case 'EMPTY_EMAIL':
+    $message = 'The email address was left blank.';
     break;
   case 'USER_NOT_FOUND':
-    $message = 'The username was not found in our system.';
+    $message = 'The email address was not found in our system.';
     break;
   case 'EMAIL_FAILURE':
     $message = 'The server failed to queue the password reset email.';
@@ -66,15 +66,15 @@ require('./header.inc.phtml');
           <input type="hidden" name="csrf_token" value="<?=filter_var($this->getContext()->csrf_token, FILTER_SANITIZE_FULL_SPECIAL_CHARS)?>"/>
 <?php if (empty($this->getContext()->token)) { ?>
           <section>
-            <label for="username">Username:</label><br/>
+            <label for="email">Email address:</label><br/>
             <input
-              type="text"
-              name="username"
-              id="username"
-              value="<?=filter_var($this->getContext()->username, FILTER_SANITIZE_FULL_SPECIAL_CHARS)?>"
+              type="email"
+              name="email"
+              id="email"
+              value="<?=filter_var($this->getContext()->email, FILTER_SANITIZE_FULL_SPECIAL_CHARS)?>"
               tabindex="1"
               required
-              autocomplete="username"
+              autocomplete="email"
               autofocus="autofocus"
             />
           </section>
@@ -86,11 +86,11 @@ require('./header.inc.phtml');
             />
           </section>
 <?php } else { ?>
-          <input type="hidden" name="username" value="<?=filter_var($this->getContext()->username, FILTER_SANITIZE_FULL_SPECIAL_CHARS)?>"/>
+          <input type="hidden" name="email" value="<?=filter_var($this->getContext()->email, FILTER_SANITIZE_FULL_SPECIAL_CHARS)?>"/>
           <input type="hidden" name="t" value="<?=filter_var($this->getContext()->token, FILTER_SANITIZE_FULL_SPECIAL_CHARS)?>"/>
           <section>
-            <label for="username">Username:</label><br/>
-            <input type="text" id="username" readonly disabled tabindex="1" value="<?=filter_var($this->getContext()->username, FILTER_SANITIZE_FULL_SPECIAL_CHARS)?>"/>
+            <label for="email">Email address:</label><br/>
+            <input type="email" id="email" readonly disabled tabindex="1" value="<?=filter_var($this->getContext()->email, FILTER_SANITIZE_FULL_SPECIAL_CHARS)?>"/>
           </section>
           <section>
             <label for="pw1">New Password:</label><br/>