Added features of Forgot Password / Reset Password

applications/frontend/config/form_validation.php

@@ -60,4 +60,18 @@
 		),
 	),
 
+	// Reset Password
+	'account/reset_password' => array(
+		array(
+			'field'		=> 'password',
+			'label'		=> 'Password',
+			'rules'		=> 'required|matches[retype_password]',
+		),
+		array(
+			'field'		=> 'retype_password',
+			'label'		=> 'Retype Password',
+			'rules'		=> 'required',
+		),
+	),
+
 );

applications/frontend/controllers/account.php

@@ -26,7 +26,7 @@ public function signup()
 		{
 			$user_data = elements(['first_name', 'last_name', 'email', 'password'], $this->input->post());
 			$user_data['password'] = hash_pw($user_data['password']);
-			$user_data['activation_code'] = generate_activation_code();
+			$user_data['activation_code'] = generate_unique_code();
 
 			// confirm to create user
 			$user_id = $this->users->insert($user_data);
@@ -49,7 +49,7 @@ public function signup()
 			}
 
 			// failed
-			set_alert('danger', 'Cannot create user');
+			set_alert('danger', 'Failed to create user.');
 			redirect('signup');
 		}
 	}
@@ -69,30 +69,33 @@ public function login()
 				'active'	=> 1
 			]);
 
-			// "remember me"
-			if ( $this->input->post('remember') )
+			if ( !empty($user) )
 			{
-				$this->session->sess_expire_on_close = FALSE;
-				$this->session->sess_update();
-			}
-
-			// check password
-			if ( verify_pw($password, $user['password']) )
-			{
-				// limited fields to store in session
-				$fields = array('id', 'role', 'first_name', 'last_name', 'created_at');
-				$user_data = elements($fields, $user);
-				login_user($user_data);
-
-				// success
-				set_alert('success', 'Login success.');
-				redirect('home');
-				exit;
+				// "remember me"
+				if ( $this->input->post('remember') )
+				{
+					$this->session->sess_expire_on_close = FALSE;
+					$this->session->sess_update();
+				}
+
+				// check password
+				if ( verify_pw($password, $user['password']) )
+				{
+					// limited fields to store in session
+					$fields = array('id', 'role', 'first_name', 'last_name', 'created_at');
+					$user_data = elements($fields, $user);
+					login_user($user_data);
+
+					// success
+					set_alert('success', 'Login success.');
+					redirect('home');
+					exit;
+				}
 			}
 
 			// failed
 			$this->session->set_flashdata('form_fields', ['email' => $email]);
-			set_alert('danger', 'Invalid Login');
+			set_alert('danger', 'Invalid Login.');
 			redirect('account/login');
 		}
 	}
@@ -123,7 +126,7 @@ public function activate($code)
 		}
 
 		// failed
-		set_alert('danger', 'Invalid Code');
+		set_alert('danger', 'Invalid code.');
 		redirect('account/login');
 	}
 
@@ -132,10 +135,44 @@ public function forgot_password()
 	{
 		$this->mTitle = "Forgot Password";
 		$this->mViewFile = 'account/forgot_password';
+		$this->mViewData['alert'] = get_alert();
 
 		if ( validate_form() )
 		{
+			$email = $this->input->post('email');
+			$user = $this->users->get_by([
+				'email'		=> $email,
+				'active'	=> 1
+			]);
+
+			if ( !empty($user) )
+			{
+				// generate unique code
+				$forgot_password_code = generate_unique_code();
+				$this->users->update($user['id'], [
+					'forgot_password_code'	=> $forgot_password_code,
+					'forgot_password_time'	=> date('Y-m-d H:i:s')
+				]);
+
+				// send Reset Password email (make sure config/email.php is properly set first)
+				/*
+				$to_name = $user['first_name'].' '.$user['last_name'];
+				$subject = 'Reset Password';
+				$user['forgot_password_code'] = $forgot_password_code;
+				send_email($user['email'], $to_name, $subject, 'reset_password', $user);
+				*/
 
+				// success
+				set_alert('success', 'A email is sent to you to reset your password.');
+				redirect('account/forgot_password');
+				exit;
+			}
+			else
+			{
+				// failed
+				set_alert('danger', 'No record found.');
+				redirect('account/login');
+			}
 		}
 	}
 
@@ -144,6 +181,41 @@ public function reset_password($code)
 	{
 		$this->mTitle = "Reset Password";
 		$this->mViewFile = 'account/reset_password';
+
+		// TODO: check Forgot Password time
+		$user = $this->users->get_by([
+			'forgot_password_code' 	=> $code,
+			'active'				=> 1
+		]);
+
+		// invalid Forgot Password code
+		if ( empty($user) )
+		{
+			set_alert('danger', 'Invalid code.');
+			redirect('account/login');
+			exit;
+		}
+
+		// continue form validation
+		if ( validate_form('', 'account/reset_password') )
+		{
+			// change user password
+			$password = $this->input->post('password');
+			$this->users->update($user['id'], [
+				'forgot_password_code'	=> '',
+				'forgot_password_time'	=> '',
+				'password'				=> hash_pw($password)
+			]);
+
+			// (optional) send reset password email
+			//$to_name = $user['first_name'].' '.$user['last_name'];
+			//$subject = 'Your password has been changed';
+			//send_email($user['email'], $to_name, $subject, 'password_changed', $user);
+
+			// success
+			set_alert('success', 'Password successfully changed! Please login your account with your new password.');
+			redirect('account/login');
+		}
 	}
 
 	// Logout

applications/frontend/helpers/MY_html_helper.php

@@ -0,0 +1,17 @@
+<?php
+
+/**
+ * Helper class to generate HTML elements
+ */
+
+function btn($label, $url = '', $icon = '', $style = 'primary', $size = '')
+{
+	$size = empty($size) ? '' : 'btn-'.$size;
+	$url = empty($url) ? '' : site_url($url);
+	$icon = empty($icon) ? '' : "<i class='fa fa-$icon'></i>";
+
+	if ( empty($url) )
+		return "<button class='btn btn-$style $size'>$icon $label</button>";
+	else
+		return "<a class='btn btn-$style $size' href='$url'>$icon $label</a>";
+}

applications/frontend/helpers/auth_helper.php

@@ -26,8 +26,8 @@ function verify_pw($plain_pw, $hashed_pw)
 	return password_verify($plain_pw, $hashed_pw);
 }
 
-// Activation code for new users
-function generate_activation_code()
+// Activation / Forgot Password code
+function generate_unique_code()
 {
 	$CI =& get_instance();
 	$CI->load->helper('string');

applications/frontend/views/account/forgot_password.php

@@ -2,15 +2,23 @@
 <div class="well bs-component col-md-6">
 
 	<?php echo alert_box(); ?>
+
+	<?php if ( !empty($alert) && $alert['type']=='success' ) { ?>
+
+		<?php echo btn('Back to Login', 'account/login'); ?>
+
+	<?php } else { ?>
 
-	<?php echo form_open(); ?>
+		<?php echo form_open(); ?>
+
+			<?php echo form_group_input('email'); ?>
 
-		<?php echo form_group_input('email'); ?>
+			<hr/>
 
-		<hr/>
+			<?php echo form_submit('Reset Password'); ?>
 
-		<?php echo form_submit('Reset Password'); ?>
+		<?php echo form_close(); ?>
 
-	<?php echo form_close(); ?>
+	<?php } ?>
 
 </div>

applications/frontend/views/account/reset_password.php

@@ -0,0 +1,18 @@
+
+<div class="well bs-component col-md-6">
+
+	<?php echo alert_box(); ?>
+
+	<?php echo form_open(); ?>
+
+		<?php echo form_group_password('password', 'New Password'); ?>
+
+		<?php echo form_group_password('retype_password'); ?>
+
+		<hr/>
+
+		<?php echo form_submit('Confirm'); ?>
+
+	<?php echo form_close(); ?>
+
+</div>

applications/frontend/views/email/password_changed.php

@@ -0,0 +1,7 @@
+<?php $this->load->view('email/_header'); ?>
+
+<p>Hi <?php echo $first_name; ?>,</p>
+
+<p>Please visit <a href="<?php echo site_url('account/login'); ?>">this link</a> and login your account.</p>
+
+<?php $this->load->view('email/_footer'); ?>

applications/frontend/views/email/reset_password.php

@@ -0,0 +1,7 @@
+<?php $this->load->view('email/_header'); ?>
+
+<p>Hi <?php echo $first_name; ?>,</p>
+
+<p>Please visit <a href="<?php echo site_url('account/reset_password/'.$forgot_password_code); ?>">this link</a> to reset your account password.</p>
+
+<?php $this->load->view('email/_footer'); ?>

changelog.txt

@@ -1,7 +1,8 @@
 
 v 0.4 (Date: 2014-08-14)
 	[Frontend] Use Bootswatch theme instead of original Bootstrap styling
-	[Frontend] Basic workflow and layout for user Login / Sign Up / Logout
+	[Frontend] Basic workflow and layout for user Login / Sign Up / Activate / Logout
+	[Frontend] Basic workflow for Forgot Password / Reset Password
 	[Frontend] Show different menu for visitors, or login users
 	[Frontend] Includes some helpers (e.g. email, form validation) which come from Backend System
 

sql/ci_bootstrap.sql

@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost
--- Generation Time: Aug 11, 2014 at 06:36 PM
+-- Generation Time: Aug 14, 2014 at 12:58 AM
 -- Server version: 5.5.38-0ubuntu0.14.04.1
 -- PHP Version: 5.5.9-1ubuntu4.3
 
@@ -42,8 +42,8 @@ CREATE TABLE IF NOT EXISTS `backend_users` (
 --
 
 INSERT INTO `backend_users` (`id`, `role`, `username`, `password`, `full_name`, `active`, `created_at`) VALUES
-(1, 'admin', 'admin', '$2y$10$1gXeTjzYStfCBVC6VQcyCetO/r/Bkf8bf.mVLaKxH7E3FGjHbN/hW', 'Administrator', 1, '2014-07-31 04:56:41'),
-(2, 'staff', 'staff', '$2y$10$TnU47gPjBQufIGiYYNiMdunJwszy20pnsftgUjI/TOjmsnwJR.eyO', 'Staff', 1, '2014-08-11 10:10:37');
+(1, 'admin', 'admin', '$2y$10$5Ckk.kPJyZeJ368XvIfLC.Sns4MqOueMOASIqk0oGZB9zlQgIi34S', 'Administrator', 1, '2014-07-31 04:56:41'),
+(2, 'staff', 'staff', '$2y$10$uvx0ySA7s2GZDsKcrlv40.Wev5q9xkjVg.pirwZOH9n2K4lPrIOvC', 'Staff', 1, '2014-08-11 10:10:37');
 
 -- --------------------------------------------------------
 
@@ -59,8 +59,8 @@ CREATE TABLE IF NOT EXISTS `users` (
   `password` varchar(255) NOT NULL,
   `first_name` varchar(50) DEFAULT NULL,
   `last_name` varchar(50) DEFAULT NULL,
-  `activation_code` varchar(40) DEFAULT NULL,
-  `forgot_password_code` varchar(40) DEFAULT NULL,
+  `activation_code` varchar(32) DEFAULT NULL,
+  `forgot_password_code` varchar(32) DEFAULT NULL,
   `forgot_password_time` timestamp NULL DEFAULT NULL,
   `active` tinyint(1) unsigned DEFAULT '0',
   `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP