Lost password plugin

samnabi · May 24, 2017, 4:14pm

The password reset function in Shopkit has 2 major components:

First, a function that adds a random token field to a user’s account file:

samnabi/shopkit/blob/master/site/plugins/shopkit/shopkit.php#L507


}




/**
* Check sale price conditions on individual variants
* Receives a $variant object
*/


function salePrice($variant) {


 // Set vars from object
 if (gettype($variant) === 'object') {
   $salePrice = $variant->sale_price()->value !== '' ? $variant->sale_price()->value : false;
   $saleStart = $variant->sale_start()->value !== '' ? $variant->sale_start()->value : false;
   $saleEnd = $variant->sale_end()->value !== '' ? $variant->sale_end()->value : false;
   $saleCodes = $variant->sale_codes()->value !== '' ? explode(',', $variant->sale_codes()->value) : false;
 }


 // Set vars from array
 if (gettype($variant) === 'array') {
   $salePrice = isset($variant['sale_price']) ? $variant['sale_price'] : false;

And second, a route that will accept that one-time use token, change the user’s password, log them in, and redirect them to change their password:

github.com

samnabi/shopkit/blob/master/site/plugins/shopkit/registry/routes.php#L112




    // Log in
    if ($user->login($token)) {
      return go('/panel/users/'.$user->username().'/edit');
    } else {
      return go('/');
    } 
  } else {
    return go('/');
  }
}
]);
$kirby->set('route',[
// Masked file download to prevent snooping & circumventing expired downloads
'pattern' => '(:all)/(:any)/download/(:any)/([a-f0-9]{32})',
'action' => function($product_uri, $variant, $order_uid, $hash) {


  // Find the order
  $order = page('shop/orders/'.$order_uid);
  foreach ($order->products()->toStructure() as $product) {

This is probably not easy to include by default into Kirby core for a few reasons:

It requires a new /token route which could conflict with existing sites.
It relies on creating and destroying token fields within the user’s account file, which could conflict with existing sites.
Sending account tokens via email can introduce security risks if your outgoing mails are logged on the server. Kirby has no control over this.

Topic		Replies	Views
Password reset for users without panel access Questions 🤔	5	389	May 18, 2021
Page Lock Plugin Plugins panelfield , field , plugins	1	1090	October 19, 2017
Plugin help needed Plugins	0	391	May 24, 2018
Add a page field value to session from plugin file Solved ✅	3	491	December 16, 2016
Allow users to change their password Solved ✅	2	677	September 5, 2017

Lost password plugin

Related Topics