From 2fa0af6846b9b3fdc3b48e5998c5c0fd778b0e72 Mon Sep 17 00:00:00 2001
From: Steve Sutton <steve@gaslightmedia.com>
Date: Tue, 11 Dec 2018 13:41:22 -0500
Subject: [PATCH] Finish password reset

Also get count returned for list.
---
 js/front.js                                   |  31 ++---
 models/admin/ajax/itineraryList.php           |   1 +
 models/front/itinerary/list.php               | 121 +++++++++++++++++-
 views/front/itinerary/forgot.html             |  27 ++--
 views/front/itinerary/list.html               |  25 ++++
 views/front/itinerary/passwordReset.html      |  10 ++
 views/front/itinerary/passwordResetEmail.html |  13 ++
 views/front/itinerary/passwordResetForm.html  |  18 +++
 8 files changed, 211 insertions(+), 35 deletions(-)
 create mode 100644 views/front/itinerary/passwordReset.html
 create mode 100644 views/front/itinerary/passwordResetEmail.html
 create mode 100644 views/front/itinerary/passwordResetForm.html

diff --git a/js/front.js b/js/front.js
index 6c2e403..cfba112 100644
--- a/js/front.js
+++ b/js/front.js
@@ -21,7 +21,8 @@ jQuery('.glm-planner-button').on('click', function(e){
                 ref_page: ref_page
             },
             dataType: 'html',
-            success: function(){
+            success: function(count){
+                updateList(count);
                 button.data('view', '1');
                 button.find('.trip-alt-text').removeClass('add_trip1');
                 button.find('.trip-alt-text').addClass('view_trip1');
@@ -34,29 +35,13 @@ jQuery('.glm-planner-button').on('click', function(e){
         window.location.href = load_page;
     }
 });
-
-jQuery('.glm-itinerary-delete').on('click', function(e){
-    e.preventDefault();
-    var member_id = jQuery(this).data('id');
-    var base_url  = jQuery(this).data('baseurl');
-    var button    = jQuery(this);
-    if ( member_id ) {
-        jQuery.ajax({
-            url: base_url + '/wp-admin/admin-ajax.php',
-            cache: false,
-            data: {
-                action: 'glm_members_admin_ajax',
-                glm_action: 'itineraryList',
-                member_id: member_id,
-                del: true
-            },
-            success: function(){
-                button.parent('.glm-itinerary-list-item').remove();
-            }
-        });
+function updateList(listCount){
+    if(listCount > 0) {
+        $(".trip-list-count").html(listCount + " item(s) in your trip planner");
+    } else {
+        $(".trip-list-count").html("Make the most of your getaway!");
     }
-    return false;
-});
+}
 jQuery('.glm-itinerary-request-delete').on('click', function(e){
     e.preventDefault();
     var member_id = jQuery(this).data('id');
diff --git a/models/admin/ajax/itineraryList.php b/models/admin/ajax/itineraryList.php
index a41e137..432e80e 100644
--- a/models/admin/ajax/itineraryList.php
+++ b/models/admin/ajax/itineraryList.php
@@ -141,6 +141,7 @@ class GlmMembersAdmin_ajax_itineraryList //extends GlmDataMemberInfo
         }
 
         // trigger_error( print_r( $_SESSION, true ), E_USER_NOTICE );
+        echo count( $_SESSION['travel-list'] );
 
         return true;
 
diff --git a/models/front/itinerary/list.php b/models/front/itinerary/list.php
index 2af3458..e8bc9a9 100755
--- a/models/front/itinerary/list.php
+++ b/models/front/itinerary/list.php
@@ -72,6 +72,8 @@ class GlmMembersFront_itinerary_list // extends GlmMembersFront_events_baseActio
         $userLoggedIn      = false;
         $loginFailed       = false;
         $createSuccess     = false;
+        $email             = false;
+        $token             = false;
         $members           = array();
         $membersWithEmails = array();
         $memberEmails      = array();
@@ -232,11 +234,52 @@ class GlmMembersFront_itinerary_list // extends GlmMembersFront_events_baseActio
         case 'forgot':
             $view = 'forgot.html';
             break;
+        case 'emailReset':
+            $email = filter_var( $_REQUEST['email'], FILTER_VALIDATE_EMAIL );
+            $token = filter_var( $_REQUEST['token'], FILTER_SANITIZE_STRING );
+            if ( $email ) {
+                $emailFound = $this->wpdb->get_row(
+                    $this->wpdb->prepare(
+                        "SELECT id,reset_token
+                           FROM " . GLM_MEMBERS_ITINERARY_PLUGIN_DB_PREFIX . "user
+                          WHERE email = %s",
+                        $email
+                    ),
+                    ARRAY_A
+                );
+                if ( isset( $emailFound ) && isset( $emailFound['reset_token'] ) ) {
+                    // See if the resetToken matches
+                    if ( $emailFound['reset_token'] == $token ) {
+                        // echo '<pre>$token (matches): ' . print_r( $token, true ) . '</pre>';
+                        $view = 'passwordResetForm.html';
+                        if ( isset( $_REQUEST['new_pass'] ) && $newPassword = filter_var( $_REQUEST['new_pass'], FILTER_SANITIZE_STRING ) ) {
+                            // echo '<pre>$_REQUEST: ' . print_r( $_REQUEST, true ) . '</pre>';
+                            // empty the reset_token and update password
+                            $this->wpdb->update(
+                                GLM_MEMBERS_ITINERARY_PLUGIN_DB_PREFIX . 'user',
+                                array( 'reset_token' => '', 'password' => md5( $newPassword ) ),
+                                array( 'id' => $emailFound['id'] ),
+                                array( '%s', '%s' ),
+                                array( '%d' )
+                            );
+                            $createSuccess = true;
+                        }
+                    } else {
+                        $formErrors['user'] = true;
+                        // echo '<pre>$token (NOT A MATCH): ' . print_r( $token, true ) . '</pre>';
+                        $view = 'forgot.html';
+                    }
+
+                }
+            }
+            // $view = 'passwordResetForm.html';
+            break;
         case 'reset':
             // Search for the email.
             // If not found then say something about not finding the account and link to the new account form.
             // If found then send the email reset.
-            $email      = filter_var( $_REQUEST['username'], FILTER_VALIDATE_EMAIL );
+            $email = filter_var( $_REQUEST['email'], FILTER_VALIDATE_EMAIL );
+            // echo '<pre>$email: ' . print_r( $email, true ) . '</pre>';
             if ( $email ) {
                 $emailFound = $this->wpdb->get_var(
                     $this->wpdb->prepare(
@@ -246,14 +289,30 @@ class GlmMembersFront_itinerary_list // extends GlmMembersFront_events_baseActio
                         $email
                     )
                 );
+                // echo '<pre>$emailFound: ' . print_r( $emailFound, true ) . '</pre>';
                 if ( $emailFound ) {
                     // Setup the email message.
                     // Create the md5 reset token.
+                    $resetToken = md5( $email . time() );
+                    $this->wpdb->update(
+                        GLM_MEMBERS_ITINERARY_PLUGIN_DB_PREFIX . 'user',
+                        array( 'reset_token' => $resetToken ),
+                        array( 'id' => $emailFound ),
+                        array( '%s' ),
+                        array( '%d' )
+                    );
                     // Send email.
+                    // echo '<pre>$resetToken: ' . print_r( $resetToken, true ) . '</pre>';
+                    $this->sendResetEmail( $email, $resetToken );
+                } else {
+                    $formErrors['user'] = true;
                 }
             } else {
                 // No email given
+                $formErrors['user'] = true;
             }
+            // Show message about email.
+            $view = 'passwordReset.html';
             break;
         case 'moreinfo':
             // Need to create two list one with emails and one without.
@@ -313,6 +372,8 @@ class GlmMembersFront_itinerary_list // extends GlmMembersFront_events_baseActio
             'formErrors'        => $formErrors,
             'createSuccess'     => $createSuccess,
             'userInfo'          => $userInfo,
+            'email'             => $email,
+            'token'             => $token,
         );
 
         error_reporting(E_ALL ^ E_NOTICE);
@@ -324,4 +385,62 @@ class GlmMembersFront_itinerary_list // extends GlmMembersFront_events_baseActio
             'data'             => $templateData,
         );
     }
+
+    /**
+     * Send password reset link.
+     *
+     * @param string $email      Email To:
+     * @param string $resetToken Reset token
+     *
+     * @return void
+     */
+    public function sendResetEmail( $email, $resetToken )
+    {
+        $subject = 'Your password reset instructions';
+        $from_header = 'Test Server <dev@gaslightmedia.com>';
+        $smarty   = new smartyTemplateSupport();
+        $viewPath = GLM_MEMBERS_ITINERARY_PLUGIN_PATH . '/views';
+        $smarty->template->setTemplateDir( $viewPath );
+        $viewFile = 'front/itinerary/passwordResetEmail.html';
+
+        $smarty->templateAssign( 'title', $subject );
+        $smarty->templateAssign( 'email', $email );
+        $smarty->templateAssign( 'resetToken', $resetToken );
+        $smarty->templateAssign( 'tripPage', get_permalink( $this->config['settings']['itinerary_page'] ) );
+
+        // Generate output from model data and view
+        $htmlMessage = $smarty->template->fetch( $viewFile );
+
+        // change the default wordpress from name when sending mail
+        add_filter(
+            'wp_mail_from_name',
+            function ( $name ) {
+                $siteName = get_bloginfo( 'name' );
+                return $siteName;
+            }
+        );
+        // Send confirmation email, set the content type to allow html by using this filter
+        add_filter( 'wp_mail_content_type', array( $this, 'set_content_type' ) );
+
+        $message  = $htmlMessage;
+        $header[] = 'From:' . $from_header;
+        if ( $replyto ) {
+            $header[] = 'Reply-To:' . $replyto;
+        }
+
+        wp_mail( $email, $subject, $message, $header );
+
+        // remove the filter to avoid conflicts
+        remove_filter( 'wp_mail_content_type', array( $this, 'set_content_type' ) );
+    }
+
+    /**
+     * Set content type of the email.
+     *
+     * Used as filter for the wp_mail_content_type
+     */
+    function set_content_type()
+    {
+        return "text/html";
+    }
 }
diff --git a/views/front/itinerary/forgot.html b/views/front/itinerary/forgot.html
index 33c8cb8..a16a255 100644
--- a/views/front/itinerary/forgot.html
+++ b/views/front/itinerary/forgot.html
@@ -1,15 +1,20 @@
 <h2>Password Recovery</h2>
 
-<div class="glm_row">
+{if isset($formErrors) && !empty($formErrors)}
+    <p>There was an error.</p>
+    <p><a href="{$thisUrl}">Go to Trip Planner</a></p>
+{else}
+    <div class="glm_row">
 
-    <form action="{$thisUrl}" method="post">
-        <p>Enter your email address.</p>
-        <input type="hidden" name="option" value="reset" />
-        <div class="glm-columns glm-small-12 glm-medium-4">
-            <label for="email" class="glm-required"> Email </label>
-            <input type="email" id="email" name="email"  />
-            <input type="submit" value="Password Recovery" class="button" />
-        </div>
-    </form>
+        <form action="{$thisUrl}" method="post">
+            <p>Enter your email address.</p>
+            <input type="hidden" name="option" value="reset" />
+            <div class="glm-columns glm-small-12 glm-medium-4">
+                <label for="email" class="glm-required"> Email </label>
+                <input type="email" id="email" name="email"  />
+                <input type="submit" value="Password Recovery" class="button" />
+            </div>
+        </form>
 
-</div>
+    </div>
+{/if}
diff --git a/views/front/itinerary/list.html b/views/front/itinerary/list.html
index 19bfa0b..372e073 100644
--- a/views/front/itinerary/list.html
+++ b/views/front/itinerary/list.html
@@ -135,6 +135,31 @@
 <script src="{$jsUrl}/PrintArea/jquery.PrintArea.js"></script>
 <script>
     jQuery(document).ready(function($){
+        var glm_itinerary_page_url = '{$thisUrl}';
+
+        $('.glm-itinerary-delete').on('click', function(e){
+            e.preventDefault();
+            var member_id = $(this).data('id');
+            var base_url  = $(this).data('baseurl');
+            var button    = $(this);
+            if ( member_id ) {
+                $.ajax({
+                    url: base_url + '/wp-admin/admin-ajax.php',
+                    cache: false,
+                    data: {
+                        action: 'glm_members_admin_ajax',
+                        glm_action: 'itineraryList',
+                        member_id: member_id,
+                        del: true
+                    },
+                    success: function(){
+                        button.parent('.glm-itinerary-list-item').remove();
+                        window.location.href = glm_itinerary_page_url + '';
+                    }
+                });
+            }
+            return false;
+        });
         $(".list-print").click(function(){
             var areaToPrint = $(this).attr('data-areaToPrint');
             var position = $(this).offset();
diff --git a/views/front/itinerary/passwordReset.html b/views/front/itinerary/passwordReset.html
new file mode 100644
index 0000000..d5872a8
--- /dev/null
+++ b/views/front/itinerary/passwordReset.html
@@ -0,0 +1,10 @@
+<h2>Password Reset</h2>
+
+{if isset($formErrors) && !empty($formErrors)}
+    <p>Could not find your email. Try creating one.</p>
+    <p><a href="{$thisUrl}/?option=create">Create Account</a></p>
+{else}
+    <p>Use the email sent to reset your password.</p>
+    <p><a href="{$thisUrl}">Go to Trip Planner</a></p>
+{/if}
+
diff --git a/views/front/itinerary/passwordResetEmail.html b/views/front/itinerary/passwordResetEmail.html
new file mode 100644
index 0000000..b30ba5e
--- /dev/null
+++ b/views/front/itinerary/passwordResetEmail.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta http-equiv="content-type" content="text/html;charset=utf-8">
+    </head>
+    <body>
+        <h1 id="title"> {$title} </h1>
+        <p>
+            You have asked for a password reset. To reset your password click
+            <a href="{$tripPage}?option=emailReset&email={$email}&token={$resetToken}">Reset</a>
+        </p>
+    </body>
+</html>
diff --git a/views/front/itinerary/passwordResetForm.html b/views/front/itinerary/passwordResetForm.html
new file mode 100644
index 0000000..ae0ae1e
--- /dev/null
+++ b/views/front/itinerary/passwordResetForm.html
@@ -0,0 +1,18 @@
+<h2>Password Reset</h2>
+
+{if $createSuccess}
+    <p>Password reset done!</p>
+    <p><a href="{$thisUrl}">Go to Trip Planner</a></p>
+{else}
+    <div class="glm_row">
+        <form action="{$thisUrl}" method="post">
+            <input type="hidden" name="option" value="emailReset" />
+            <input type="hidden" name="email" value="{$email}" />
+            <input type="hidden" name="token" value="{$token}" />
+            <div class="glm-columns glm-small-12 glm-medium-4">
+                <input type="password" name="new_pass" />
+                <input type="submit" value="Reset Password" class="button" />
+            </div>
+        </form>
+    </div>
+{/if}
-- 
2.17.1