From 28738ac2af2297dbe203646ea81ca76b4a461e23 Mon Sep 17 00:00:00 2001
From: areeshatariq <areeshatariq02@gmail.com>
Date: Thu, 6 Aug 2020 22:01:17 +0500
Subject: [PATCH 1/3] Reset Password Templatization

---
 cgi/reset_password.pl            | 138 ++++++++++++++-----------------
 templates/reset_password.tt.html |  45 ++++++++++
 2 files changed, 105 insertions(+), 78 deletions(-)
 create mode 100755 templates/reset_password.tt.html
diff --git a/cgi/reset_password.pl b/cgi/reset_password.pl
index 5a9e419a3a1fb..9171727b4775d 100755
--- a/cgi/reset_password.pl
+++ b/cgi/reset_password.pl
@@ -42,6 +42,20 @@
 
 ProductOpener::Display::init();
 
+# Initialize the Template module
+my $tt = Template->new({
+	INCLUDE_PATH => $data_root . '/templates',
+	INTERPOLATE => 1,
+	EVAL_PERL => 1,
+	STAT_TTL => 60,	# cache templates in memory for 1 min before checking if the source changed
+	COMPILE_EXT => '.ttc',	# compile templates to Perl code for much faster reload
+	COMPILE_DIR => $data_root . '/tmp/templates',
+});
+
+my $template_data_ref = {
+	lang => \&lang,
+};
+
 my $type = param('type') || 'send_email';
 my $action = param('action') || 'display';
 
@@ -107,113 +121,81 @@
 	}
 }
 
+$template_data_ref->{action} = $action;
+$template_data_ref->{error_count} = $#errors;
+$template_data_ref->{type} = $type;
+
 
 if ($action eq 'display') {
+	push @{$template_data_ref->{errors}}, @errors;
+}
 
+elsif ($action eq 'process') {
 
-	$html .= $Lang{"reset_password_${type}_msg"}{$lang};
+	if ($type eq 'send_email') {
 
-	if ($#errors >= 0) {
-		$html .= "<p><b>$Lang{correct_the_following_errors}{$lang}</b></p><ul>\n";
-		foreach my $error (@errors) {
-			$html .= "<li class=\"error\">$error</li>\n";
+		my @userids = ();
+		if (defined $email_ref) {
+			@userids = @{$email_ref};
+		}
+		elsif (defined $userid) {
+			@userids = ($userid);
 		}
-		$html .= "</ul>\n";
-	}
-
-	$html .= start_form('POST', '/cgi/reset_password.pl');
 
-	if ($type eq 'send_email') {
+		my $i = 0;
 
-		$html .= '<label>'
-		. "$Lang{userid_or_email}{$lang}"
-		. textfield(-name=>'userid_or_email', -value=>'',-override=>1)
-		. "</label>";
-	}
-	elsif ($type eq 'reset') {
-		$html .= "<table>"
-		. "\n<tr><td>$Lang{password}{$lang}</td><td>"
-		. password_field(-name=>'password', -value=>'', -override=>1) . "</td></tr>"
-		. "\n<tr><td>$Lang{password_confirm}{$lang}</td><td>"
-		. password_field(-name=>'confirm_password', -value=>'', -override=>1) . "</td></tr>"
-		. "</table>"
-		. hidden(-name=>'resetid', -value=>param('resetid'), -override=>1)
-		. hidden(-name=>'token', -value=>param('token'), -override=>1)
-	}
+		foreach my $userid (@userids) {
 
+			my $user_ref = retrieve("$data_root/users/$userid.sto");
+			if (defined $user_ref) {
 
-	$html .= "\n"
-	. hidden(-name=>'action', -value=>'process', -override=>1)
-	. hidden(-name=>'type', -value=>$type, -override=>1)
-	. submit(-class=>'button')
-	. end_form();
+				$user_ref->{token_t} = time();
+				$user_ref->{token} = generate_token(64);
+				$user_ref->{token_ip} = remote_addr();
 
-}
-elsif ($action eq 'process') {
+				store("$data_root/users/$userid.sto", $user_ref);
 
-if ($type eq 'send_email') {
+				my $url = format_subdomain($subdomain) . "/cgi/reset_password.pl?type=reset&resetid=$userid&token=" . $user_ref->{token};
 
-	my @userids = ();
-	if (defined $email_ref) {
-		@userids = @{$email_ref};
-	}
-	elsif (defined $userid) {
-		@userids = ($userid);
-	}
+				my $email = lang("reset_password_email_body");
+				$email =~ s/<USERID>/$userid/g;
+				$email =~ s/<RESET_URL>/$url/g;
+				send_email($user_ref, lang("reset_password_email_subject"), $email);
 
-	my $i = 0;
+				$i++;
+			}
+		}
 
-	foreach my $userid (@userids) {
+		$template_data_ref->{i} = $i;
 
+	}
+	elsif ($type eq 'reset') {
+		my $userid = get_string_id_for_lang("no_language", param('resetid'));
 		my $user_ref = retrieve("$data_root/users/$userid.sto");
 		if (defined $user_ref) {
 
-			$user_ref->{token_t} = time();
-			$user_ref->{token} = generate_token(64);
-			$user_ref->{token_ip} = remote_addr();
-
-			store("$data_root/users/$userid.sto", $user_ref);
-
-			my $url = format_subdomain($subdomain) . "/cgi/reset_password.pl?type=reset&resetid=$userid&token=" . $user_ref->{token};
-
-			my $email = lang("reset_password_email_body");
-			$email =~ s/<USERID>/$userid/g;
-			$email =~ s/<RESET_URL>/$url/g;
-			send_email($user_ref, lang("reset_password_email_subject"), $email);
-
-			$i++;
-		}
-	}
-
-	if ($i > 0) {
-		$html .= $Lang{reset_password_send_email}{$lang};
-	}
-
-}
-elsif ($type eq 'reset') {
-	my $userid = get_string_id_for_lang("no_language", param('resetid'));
-	my $user_ref = retrieve("$data_root/users/$userid.sto");
-	if (defined $user_ref) {
+			if ((param('token') eq $user_ref->{token}) and (time() < ($user_ref->{token_t} + 86400*3))) {
+				
+				$template_data_ref->{user_token} = "defined";
 
-		if ((param('token') eq $user_ref->{token}) and (time() < ($user_ref->{token_t} + 86400*3))) {
+				$user_ref->{encrypted_password} = create_password_hash( encode_utf8 (decode utf8=>param('password')) );
 
-			$user_ref->{encrypted_password} = create_password_hash( encode_utf8 (decode utf8=>param('password')) );
+				delete $user_ref->{token};
 
-			delete $user_ref->{token};
+				store("$data_root/users/$userid.sto", $user_ref);
 
-			store("$data_root/users/$userid.sto", $user_ref);
-
-			$html .= $Lang{reset_password_reset}{$lang};
-		}
-		else {
-			display_error($Lang{error_reset_invalid_token}{$lang}, undef);
+			}
+			else {
+				display_error($Lang{error_reset_invalid_token}{$lang}, undef);
+			}
 		}
 	}
-}
 
 
 }
 
+$tt->process('reset_password.tt.html', $template_data_ref, \$html);
+$html .= "<p>" . $tt->error() . "</p>";
 
 display_new( {
 
diff --git a/templates/reset_password.tt.html b/templates/reset_password.tt.html
new file mode 100755
index 0000000000000..f221145c736fe
--- /dev/null
+++ b/templates/reset_password.tt.html
@@ -0,0 +1,45 @@
+[% IF action == 'display' %]
+    [% lang("reset_password_${type}_msg") %]
+    [% IF error_count >= 0 %]
+        <p><strong>[% lang("correct_the_following_errors") %]</strong></p>
+        <ul>
+            [% FOREACH error IN errors %]
+                <li class="error">[% error %]</li>
+            [% END %]
+        </ul>
+    [% END %]
+    <form method="post" action="/cgi/reset_password.pl" enctype="multipart/form-data">
+        [% IF type == 'send_email' %]
+            <label>
+                [% lang('userid_or_email') %]
+                <input type="text" name="userid_or_email"/>
+            </label>
+        [% ELSIF type == 'reset' %]
+            <table>
+                <tr>
+                    <td>[% lang('password') %]</td>
+                    <td><input type='password' name='password'/></td>
+                </tr>
+                <tr>
+                    <td>[% lang('password_confirm') %]</td>
+                    <td><input type='password' name='confirm_password'/></td>
+                </tr>
+            </table>
+            <input type='hidden' name='resetid' value=param('resetid') />
+            <input type='hidden' name='token' value=param('token') />
+        [% END %]
+        <input type='hidden' name='action' value='process' />
+        <input type='hidden' name='type' value=[% type %] />
+        <input type='submit' name='.submit' class='button' />
+    </form>
+[% ELSIF action == 'process' %]
+    [% IF type == 'send_email' %]
+        [% IF i > 0 %]
+            [% lang('reset_password_send_email') %]
+        [% END %]
+    [% ELSIF type == 'reset' %]
+        [% IF user_token == 'defined' %]
+            [% lang('reset_password_reset') %]
+        [% END %]
+    [% END %]
+[% END %]

From 6c79c75ae974fc3de9292f92e9e0b06046fc92a7 Mon Sep 17 00:00:00 2001
From: areeshatariq <areeshatariq02@gmail.com>
Date: Fri, 7 Aug 2020 19:56:59 +0500
Subject: [PATCH 2/3] Remove template init

---
 cgi/reset_password.pl            | 10 ----------
 templates/reset_password.tt.html |  2 +-
 2 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/cgi/reset_password.pl b/cgi/reset_password.pl
index 9171727b4775d..05e685f8b7bea 100755
--- a/cgi/reset_password.pl
+++ b/cgi/reset_password.pl
@@ -42,16 +42,6 @@
 
 ProductOpener::Display::init();
 
-# Initialize the Template module
-my $tt = Template->new({
-	INCLUDE_PATH => $data_root . '/templates',
-	INTERPOLATE => 1,
-	EVAL_PERL => 1,
-	STAT_TTL => 60,	# cache templates in memory for 1 min before checking if the source changed
-	COMPILE_EXT => '.ttc',	# compile templates to Perl code for much faster reload
-	COMPILE_DIR => $data_root . '/tmp/templates',
-});
-
 my $template_data_ref = {
 	lang => \&lang,
 };
diff --git a/templates/reset_password.tt.html b/templates/reset_password.tt.html
index f221145c736fe..07537e5fc97e5 100755
--- a/templates/reset_password.tt.html
+++ b/templates/reset_password.tt.html
@@ -15,7 +15,7 @@
                 <input type="text" name="userid_or_email"/>
             </label>
         [% ELSIF type == 'reset' %]
-            <table>
+            <table role="presentation">
                 <tr>
                     <td>[% lang('password') %]</td>
                     <td><input type='password' name='password'/></td>

From 1db089bdba7ded72dd809a1e63518912b63064f3 Mon Sep 17 00:00:00 2001
From: areeshatariq <areeshatariq02@gmail.com>
Date: Tue, 18 Aug 2020 00:54:34 +0500
Subject: [PATCH 3/3] Added alert box class

---
 templates/reset_password.tt.html | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/templates/reset_password.tt.html b/templates/reset_password.tt.html
index 07537e5fc97e5..4545285c2974c 100755
--- a/templates/reset_password.tt.html
+++ b/templates/reset_password.tt.html
@@ -1,12 +1,14 @@
 [% IF action == 'display' %]
     [% lang("reset_password_${type}_msg") %]
     [% IF error_count >= 0 %]
-        <p><strong>[% lang("correct_the_following_errors") %]</strong></p>
-        <ul>
-            [% FOREACH error IN errors %]
-                <li class="error">[% error %]</li>
-            [% END %]
-        </ul>
+        <div data-alert class="alert-box alert">
+            <p><strong>[% lang("correct_the_following_errors") %]</strong></p>
+            <ul>
+                [% FOREACH error IN errors %]
+                    <li class="error">[% error %]</li>
+                [% END %]
+            </ul>
+        </div>
     [% END %]
     <form method="post" action="/cgi/reset_password.pl" enctype="multipart/form-data">
         [% IF type == 'send_email' %]

$Lang{password}{$lang}	" - . password_field(-name=>'password', -value=>'', -override=>1) . "
$Lang{password_confirm}{$lang}	" - . password_field(-name=>'confirm_password', -value=>'', -override=>1) . "