From d1d6b8241bb8929ca474515f6932375606527680 Mon Sep 17 00:00:00 2001 From: Kyle Drake Date: Sun, 21 Jul 2013 15:29:42 -0400 Subject: [PATCH] fix password reset for multiple accounts, add clarifications --- app.rb | 12 ++++++++---- views/contact.slim | 6 ++++++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/app.rb b/app.rb index 0357f095..2ed1e83c 100644 --- a/app.rb +++ b/app.rb @@ -446,6 +446,8 @@ Hello! This is the NeoCities cat, and I have received a password reset request f Go to this URL to reset your password: http://neocities.org/password_reset_confirm?code=#{token} +After clicking on this link, your password for all the sites registered to this email address will be changed to this token: #{token} + If you didn't request this reset, you can ignore it. Or hide under a bed. Or take a nap. Your call. Meow, @@ -467,11 +469,13 @@ the NeoCities Cat end get '/password_reset_confirm' do - site = Site[password_reset_token: params[:code]] + site = Site.filter(password_reset_token: params[:code]).all - if site - site.password = params[:code] - site.save + if sites.length < 0 + sites.each do |site| + site.password = params[:code] + site.save + end flash[:success] = 'Your password has been changed to the token sent in your e-mail. Please login and change your password in the settings page as soon as possible.' else diff --git a/views/contact.slim b/views/contact.slim index 1eceb366..3b857899 100644 --- a/views/contact.slim +++ b/views/contact.slim @@ -14,6 +14,12 @@ javascript: .span8.offset2 h2 style="margin-bottom: 20px" Contact Us + div + h5 Please Note Before Contacting: + ul + li For security reasons, we cannot reset your password if you did not enter an e-mail for your site. You will have to make a new site (don't worry, it's free!). If you didn't get an e-mail from the password reset form, you didn't enter an e-mail (or it's in your spam folder). Again you will have to make a new site, we cannot help you for security reasons. + li We do not support FTP or GIT uploading, and have no plans to. SFTP possibly, if we can find the time. + form action="/contact" method="POST" input name="csrf_token" type="hidden" value="#{csrf_token}"