From 0c98f13eee10a61cabdc13e7aa75916d50b8b078 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philip=20H=C3=A4usler?= <msquare@notrademark.de>
Date: Thu, 26 Dec 2013 13:34:48 +0100
Subject: [PATCH] user password recovery

---
 db/update.sql                                 |   4 +
 includes/controller/users_controller.php      |  84 +++++++++++++++
 includes/helper/email_helper.php              |  16 +++
 .../helper/internationalization_helper.php    |  16 ++-
 includes/model/User_model.php                 |  46 +++++++-
 includes/pages/guest_login.php                |   3 +
 includes/sys_auth.php                         |   2 +-
 includes/view/User_view.php                   |  66 ++++++++----
 locale/de_DE.UTF-8/LC_MESSAGES/default.mo     | Bin 16110 -> 16555 bytes
 locale/de_DE.UTF-8/LC_MESSAGES/default.po     |  34 ++++--
 public/index.php                              | 102 +++++++++---------
 11 files changed, 295 insertions(+), 78 deletions(-)
 create mode 100644 includes/controller/users_controller.php
 create mode 100644 includes/helper/email_helper.php

diff --git a/db/update.sql b/db/update.sql
index 7da5f3e6..c8079f3a 100644
--- a/db/update.sql
+++ b/db/update.sql
@@ -1,3 +1,7 @@
+/* password recovery */
+ALTER TABLE `User` ADD `password_recovery_token` VARCHAR( 32 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL AFTER `Passwort` ,
+ADD INDEX ( `password_recovery_token` );
+
 /* Update für #27, iCal-Export */
 ALTER TABLE `User` ADD `ical_key` VARCHAR( 32 ) NOT NULL;
 ALTER TABLE `User` ADD INDEX ( `ical_key` );
diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php
new file mode 100644
index 00000000..8e0aace7
--- /dev/null
+++ b/includes/controller/users_controller.php
@@ -0,0 +1,84 @@
+<?php
+
+/**
+ * User password recovery. (By email)
+ */
+function user_password_recovery_controller() {
+  if (isset($_REQUEST['token'])) {
+    $user_source = User_by_password_recovery_token($_REQUEST['token']);
+    if ($user_source === false)
+      engelsystem_error("Unable to load user.");
+    if ($user_source == null) {
+      error(_("Token is not correct."));
+      redirect(page_link_to('login'));
+    }
+    
+    if (isset($_REQUEST['submit'])) {
+      $ok = true;
+      
+      if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
+        if ($_REQUEST['password'] != $_REQUEST['password2']) {
+          $ok = false;
+          error(_("Your passwords don't match."));
+        }
+      } else {
+        $ok = false;
+        error(_("Your password is to short (please use at least 6 characters)."));
+      }
+      
+      if ($ok) {
+        $result = set_password($user_source['UID'], $_REQUEST['password']);
+        if ($result === false)
+          engelsystem_error(_("Password could not be updated."));
+        
+        success(_("Password saved."));
+        redirect(page_link_to('login'));
+      }
+    }
+    
+    return User_password_set_view();
+  } else {
+    if (isset($_REQUEST['submit'])) {
+      $ok = true;
+      
+      if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) {
+        $email = strip_request_item('email');
+        if (check_email($email)) {
+          $user_source = User_by_email($email);
+          if ($user_source === false)
+            engelsystem_error("Unable to load user.");
+          if ($user_source == null) {
+            $ok = false;
+            $msg .= error(_("E-mail address is not correct."), true);
+          }
+        } else {
+          $ok = false;
+          $msg .= error(_("E-mail address is not correct."), true);
+        }
+      } else {
+        $ok = false;
+        $msg .= error(_("Please enter your e-mail."), true);
+      }
+      
+      if ($ok) {
+        $token = User_generate_password_recovery_token($user_source);
+        if ($token === false)
+          engelsystem_error("Unable to generate password recovery token.");
+        $result = engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token));
+        if ($result === false)
+          engelsystem_error("Unable to send password recovery email.");
+        
+        success(_("We sent an email containing your password recovery link."));
+        redirect(page_link_to('login'));
+      }
+    }
+    
+    return User_password_recovery_view();
+  }
+}
+
+function user_password_recovery_title() {
+  return _("Password recovery");
+}
+
+?>
\ No newline at end of file
diff --git a/includes/helper/email_helper.php b/includes/helper/email_helper.php
new file mode 100644
index 00000000..98cfd0f3
--- /dev/null
+++ b/includes/helper/email_helper.php
@@ -0,0 +1,16 @@
+<?php
+
+function engelsystem_email_to_user($user, $title, $message) {
+  gettext_locale($user['Sprache']);
+  
+  $message = sprintf(_("Hi %s,"), $user['Nick']) . "\n\n" . _("here is a message for you from the engelsystem:") . "\n\n" . $message . "\n\n" . _("This email is autogenerated and has not to be signed. You got this email because you are registered in the engelsystem.");
+  
+  gettext_locale();
+  return engelsystem_email($user['email'], $title, $message);
+}
+
+function engelsystem_email($address, $title, $message) {
+  return mail($address, $title, $message, "Content-Type: text/plain; charset=UTF-8\r\nFrom: Engelsystem <noreply@engelsystem.de>");
+}
+
+?>
\ No newline at end of file
diff --git a/includes/helper/internationalization_helper.php b/includes/helper/internationalization_helper.php
index ae88eb21..db150fec 100644
--- a/includes/helper/internationalization_helper.php
+++ b/includes/helper/internationalization_helper.php
@@ -17,13 +17,25 @@ function gettext_init() {
   elseif (! isset($_SESSION['locale']))
     $_SESSION['locale'] = $default_locale;
   
-  putenv('LC_ALL=' . $_SESSION['locale']);
-  setlocale(LC_ALL, $_SESSION['locale']);
+  gettext_locale();
   bindtextdomain('default', '../locale');
   bind_textdomain_codeset('default', 'UTF-8');
   textdomain('default');
 }
 
+/**
+ * Swich gettext locale.
+ *
+ * @param string $locale          
+ */
+function gettext_locale($locale = null) {
+  if ($locale == null)
+    $locale = $_SESSION['locale'];
+  
+  putenv('LC_ALL=' . $locale);
+  setlocale(LC_ALL, $locale);
+}
+
 /**
  * Renders language selection.
  *
diff --git a/includes/model/User_model.php b/includes/model/User_model.php
index 884aeae8..523685df 100644
--- a/includes/model/User_model.php
+++ b/includes/model/User_model.php
@@ -30,10 +30,40 @@ function User_by_api_key($api_key) {
   return $user[0];
 }
 
+/**
+ * Returns User by email.
+ *
+ * @param string $email          
+ * @return Matching user, null or false on error
+ */
+function User_by_email($email) {
+  $user = sql_select("SELECT * FROM `User` WHERE `email`='" . sql_escape($email) . "' LIMIT 1");
+  if ($user === false)
+    return false;
+  if (count($user) == 0)
+    return null;
+  return $user[0];
+}
+
+/**
+ * Returns User by password token.
+ *
+ * @param string $token          
+ * @return Matching user, null or false on error
+ */
+function User_by_password_recovery_token($token) {
+  $user = sql_select("SELECT * FROM `User` WHERE `password_recovery_token`='" . sql_escape($token) . "' LIMIT 1");
+  if ($user === false)
+    return false;
+  if (count($user) == 0)
+    return null;
+  return $user[0];
+}
+
 /**
  * Generates a new api key for given user.
  *
- * @param User $user
+ * @param User $user          
  */
 function User_reset_api_key(&$user) {
   $user['api_key'] = md5($user['Nick'] . time() . rand());
@@ -43,4 +73,18 @@ function User_reset_api_key(&$user) {
   engelsystem_log("API key resetted.");
 }
 
+/**
+ * Generates a new password recovery token for given user.
+ *
+ * @param User $user          
+ */
+function User_generate_password_recovery_token(&$user) {
+  $user['password_recovery_token'] = md5($user['Nick'] . time() . rand());
+  $result = sql_query("UPDATE `User` SET `password_recovery_token`='" . sql_escape($user['password_recovery_token']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
+  if ($result === false)
+    return false;
+  engelsystem_log("Password recovery for " . $user['Nick'] . " started.");
+  return $user['password_recovery_token'];
+}
+
 ?>
\ No newline at end of file
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index f072e411..605d32b1 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -216,6 +216,9 @@ function guest_login() {
           form_password('password', _("Password")),
           form_submit('submit', _("Login")) 
       )),
+      buttons(array(
+          button(page_link_to('user_password_recovery'), _("I forgot my password")) 
+      )),
       info(_("Please note: You have to activate cookies!"), true) 
   ));
 }
diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index 3902aea2..e9fa197d 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -30,7 +30,7 @@ function generate_salt($length = 16) {
 
 // set the password of a user
 function set_password($uid, $password) {
-  return sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1");
+  return sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1");
 }
 
 // verify a password given a precomputed salt.
diff --git a/includes/view/User_view.php b/includes/view/User_view.php
index ef4f9831..eda29d58 100644
--- a/includes/view/User_view.php
+++ b/includes/view/User_view.php
@@ -3,25 +3,55 @@
 /**
  * Available T-Shirt sizes
  */
-$tshirt_sizes = array (
-  '' => _("Please select..."),
-  'S' => "S",
-  'M' => "M",
-  'L' => "L",
-  'XL' => "XL",
-  '2XL' => "2XL",
-  '3XL' => "3XL",
-  '4XL' => "4XL",
-  '5XL' => "5XL",
-  'S-G' => "S Girl",
-  'M-G' => "M Girl",
-  'L-G' => "L Girl",
-  'XL-G' => "XL Girl"
+$tshirt_sizes = array(
+    '' => _("Please select..."),
+    'S' => "S",
+    'M' => "M",
+    'L' => "L",
+    'XL' => "XL",
+    '2XL' => "2XL",
+    '3XL' => "3XL",
+    '4XL' => "4XL",
+    '5XL' => "5XL",
+    'S-G' => "S Girl",
+    'M-G' => "M Girl",
+    'L-G' => "L Girl",
+    'XL-G' => "XL Girl" 
 );
 
+/**
+ * View for password recovery step 1: E-Mail
+ */
+function User_password_recovery_view() {
+  return page(array(
+      msg(),
+      _("We will send you an e-mail with a password recovery link. Please use the email address you used for registration."),
+      form(array(
+          form_text('email', _("E-Mail"), ""),
+          form_submit('submit', _("Recover")) 
+      )) 
+  ));
+}
+
+/**
+ * View for password recovery step 2: New password
+ */
+function User_password_set_view() {
+  return page(array(
+      msg(),
+      _("Please enter a new password."),
+      form(array(
+          form_password('password', _("Password")),
+          form_password('password2', _("Confirm password")),
+          form_submit('submit', _("Save")) 
+      )) 
+  ));
+}
+
 /**
  * Render a users avatar.
- * @param User $user
+ *
+ * @param User $user          
  * @return string
  */
 function User_Avatar_render($user) {
@@ -30,16 +60,16 @@ function User_Avatar_render($user) {
 
 /**
  * Render a user nickname.
- * @param User $user_source
+ *
+ * @param User $user_source          
  * @return string
  */
 function User_Nick_render($user_source) {
   global $user, $privileges;
-  if($user['UID'] == $user_source['UID'] || in_array('user_shifts_admin', $privileges))
+  if ($user['UID'] == $user_source['UID'] || in_array('user_shifts_admin', $privileges))
     return '<a href="' . page_link_to('user_myshifts') . '&amp;id=' . $user_source['UID'] . '">' . htmlspecialchars($user_source['Nick']) . '</a>';
   else
     return htmlspecialchars($user_source['Nick']);
 }
 
-
 ?>
\ No newline at end of file
diff --git a/locale/de_DE.UTF-8/LC_MESSAGES/default.mo b/locale/de_DE.UTF-8/LC_MESSAGES/default.mo
index 47a0aa3f48e36a7fb9bdce6bcc272e6b60c989ff..224b676b5f314ebbeb00a295a8cf04a2ab42c777 100644
GIT binary patch
delta 5105
zcmZA433L_J0mku*Bq1RXVjyfv7z#-UOCW?@3|I)83J8=XV(JSSk{7bTdoK-8;7I`s
zZ53jmAd1SSsUV9fRD~jfhKejgs|5<RAV<-%94OR7YqkIH&E=e)j(+*go#o!S%S^(x
z1zQ(22>&%HYPDfIOYSFEVvI>`V9dUzI%>?gBx8PnkD<<okV{N8>XNnC2w%l!xE&kf
ze(OPOOu62A64NN3L&un~Y1rJDP8{fjt#K5#!2(Rg`Iv&wpc>wWs<6(M_oJ@+0ORpf
zq;7K&6Yw_1VpI$7x~ABKatem|&va!+Pren^lfBpu520?nfU59oR73wkRh*FQRn!hO
z5?xUD_s1w4V$DU>KN>YMd8m%&OWHS8>}26eR1XiLdi)`(qRXg?uc98{Hmbsymfi!j
z#Eq0YqOPk)HE<kN-<PNnyM`K}JNO7jw_*fzU_3j0F&`)6YMg~vQFEV9ZJM)1*coe4
z$4{afxP=<2e`5!XV*b?AG}P2~!BiY;%ay2(tZT#gPhn>(2UJm1Tdzm)s0v$S9ComF
zMP1j&o*!h7=b{=Mi_tg%b=_3dR6U6rnF>_BRkr+8TgG1pme~{4s2kUz8s30Rx7mvK
z;sMlLpF%bGH`HRfWRKrKP1*Oh9Ce>pPC~WQ3RSOzs;^6!9X;V7)FOKrOEKSG@DZxQ
z^QfL(L{)GZ^&mG<_v_u%`DUnwl96dPDX6v52Q}omsOu(K!_(O5!+`?qj%$%=H1*gI
zKeOdlyb?Oz6MNz)?1l4?*)wlo7d(utPjeHsh-3MohSM?fcAy?`2-1<T8D$Slz}cLb
zhV$?^s^_EHdrv&ZIuUg|4|z88W7L$*M~%p0<drwosD`$nMqoQ?r1qnx^cXhL`+w1%
zxQ?pmJJjnE?RX6(qK+q{dT>AL0Xm@?$UqHgFVu+i$B8%-)!+ftTX6!n;0>(8H5|;Q
zebbD0DG!IDDt-yo;3m}T`8sN7_n;cOfa<}QsG<HAb$wDt78tfcjYJj};$YPMn^7Zs
z0vTL0x)bAH&W@iQJ^5+ujPa@7llMlIhvGmi#VmXcAH*}r`ZKN4ya&rhjnDv$!iQ{m
zII1IKFb4BbBjZbB{B_|h4rnMVQRRi!#i$#XVGmqo%kQIJyN^-#ok#Wf3sl9oFd7@C
zds7*Qx~>H_#CDi^57Uy)__J?DWO!ey3XGw=3e~_1wp@#Popzuqu17uSQPf&FiE8*9
zY9#-TEF+V`xHCv52URXa2bZ9xZcEr6*o$iT95%+!u@PRwB>X38B;vYyt2-I>0m(oe
ze*m>6Mxb7|X;^|~7>B2=7qKnnE7%yrjk<X~OF~tUfvO+}HKb!vuhSE#2bzuQ`CQaU
zEJXEu32JC-P~U?!sD^f7HXcQFP#+nssYb~CVbhZxJz-ze>K%eja0=>yT-=WHP!Eui
z=?!5Ps>1Q8<5MvneK-couqp1t96W;4F^+|_ROc~O@Bcp{J3MtyZ!HW)Jz){*!B(Og
zSckkhW+SSn^{BVu2+}$8tu=##8nH>J21`&6dK?q*6I6YdFqZbs746_{)P>)n8i-~k
zX{h5+<pk7_C!wxujaroLQ5E*J=Aa&YIBJf^p+@F$)cr-+49hUACtbi!5>{g(Zbmh@
z+m_!(-Eai;Kxb|FGh4oHy@i^(JE%1f!^EpT2esO>a5;`ZP4&ra#$QkL6$jLV>!^|V
z2GyYH?ag5#s>dm)^Qou`Gp)l=*XN<?DM8g6Kz*p@U=Q4b`X%-Sj>hkMGyeL5jqc;k
z*$nJQc^(eHH?bpLL9K~I{!G#@odKxhldw6?Lp|8DsD{^|hJHP2L~3yn?#30^k47|-
zhr{gXhNGw+o<hyt8PqrWb9?@t{$53~s2(JvR(B@qH5-IUIN6p<um$C%n2hUC_3lKC
z)H|q=3Ljx7(y%>n#+EOjdUV-(1Nml{e_=7EF+A$|3e3PwxC4*ji@1Pa7_4K{_5prH
z<0GgZZ$q`W3#mVB-eQM0$Gm4RxQQC#Z%{pIG03|i9a~e*MD<_<=Hp~!kjx%jjo0u#
zT*Abc;47%}@q7f*aVTm^W@2Z(|8v-(Ewcfc9&;Y~-?SL)^=txaBo?6N^l8-4Rij?3
z=TWPC3+lQ(s0V-7mQSIk>MyAKze0_~EsPJdbB7%@96iLVa1d(FMxur)ANApIQ4NJq
z6)r_RKn<$lmyus;rWPAu8TkXzw#LJ}gR1lQgqbu`f5Z>XpSHJ23aM3rO$(-;3@3+4
zAxS0r+C5F4A@`CGh<dDT4yhwkYnmps3csX7Y-wa3amZ^#o0g|G7D{BoMny{AB))I=
z#dCyjcVwH!&-r8vd6FC_r^)N&SEPvinb<8U^3RxIlzwZE<ksv?XdgaFsfKJN>Gq7!
zI^6a@W$kV!<H<S|*nUZRky4_Mq_#hju|y006A~o9AlhCaC&&U7ye({wu(Ohc>=8}l
z61zVgtH}&o76J0OEjPD{x#W3U*7v2Q-Ct<!fRB<5<QO?hc4*P>W=Gq5L~E*wbSJw=
zB^gSz&Gax2;~uh~=zFE@BXWS`ljTHfSld1_kvu_)NmJ5@d`wP}S3B`z2zir4k)>o6
z89~kxZHsFv6VoGqovO5n@L`Gkvz5Pg&Aa3cqSxmkQbO7hZ6A`3kv(I6gB2v1G$FG|
zZ}KU5h1}hK$c|niZ9B>D$g`@RS2MDW<L8TZ--izpeT}q@Aw9?>q7TVl;u38e$r;j_
zyhU<IdvbRxxVvMWf=>|*(V<B9*m;Z`B+bZ3vX(R^+Wh3#WC9sYCX>x1k7)auN8}r<
z-2_`+k8Macd71o#X!|)?MplrYYI6Qm*Dk3xCfe_$2D{ZAYP~Tw?3VfbrH()7_$osc
zMQ*tp@P*t$$5&qH6#Ifsc}2(xRX7E%6Z99AyM>v~)QU={NJopg$-BG2o$jj)y3Slq
z`2wyJaEtuGkQ<;Le>oSrj$2;jmImi?kiX<6>dsldB9~_CN;}Mr>QT(Kk!Ntq++a{=
zW>f?s)y)W0l>L7V18Xj&u8-}N?exkT*r#93@-!z>$R3#0chj!4xVVwN($b1Z4|n$X
zIxd{s{ZVzXsxnaMMtWK13;Bc7i=9Ys{ca%SRMOkB%3#nb^zkT8xqo`G4$=j#3;5jv
zx7?|6xxYNq8CI!*2|0y+moD4N3*4C%Wo2%8H!h<suJM;Sxsgt{jP%-$33bt20i#p*
u+<>c5eTym6@sQ*C%Ux%TPpzqKhSMo@?^fZ}Fyqj^fHREK18WxM%=$0qTw(J7

delta 4659
zcmXxn3w)Jh0LSrXc4@1%)@f@iWvA8IIa{~2wdpRGT(Tl0QflThQ&UQadRqz;Yi+Bj
z$gqqNYf+XVx{XFL;Y0ffLx@zaDSrR+K6`!seV^w!@B6&Z<$ceYnxc?j7C0@Qu$6}6
zQ__PpM;PM^G3JquYBk2|F(w&%p+3I=ImP6nPRYl1I1fAFLJY+cYZ<nuzRFsODb!y?
zuQ87Km_i>KPGBN->q0OCV=)KM!l|em--qh(ep@d=owpJ@;0B~Cvk7BxCq`m3>b!#(
zjlZD7f950wjr`s?cP7iQC-rjFg|(;->rovvp*n6sb#w%^691r9A~N2XFpRavqx$cT
zTA4J|L<dOjZ!V%R2&bcFScaPM<EW0dqB?Fs4PYm#!vm-Re1}itanyOMy1F-b64l=p
z)QY`{TA@bF!B5apLvn&K**E|v;Y~OT8&G>cfZ=M-CSU;XMzvR>R%i$I!Y0%Ve?@KS
zar9v#`>FaU)CBVI8l2mW_16fSXwXcWQ5_z_DE!fS0(IVL`+0bG_wyLk4HGdOd!Wus
zMr~0lYDI>i`W<cSm)QD*?ySE)m`sB%%tPI{0NGA67dvAyYLC~VZumTEz%SYMdem0!
zvGpcf{{q$jSEzmuqxw6J8eq6{ru%Tk;S3u5s1qts9d1C)tOnIVEova!P#rYd&p$)m
zs0G<p^F8VrIgMKK7~Wm=lVtT_7ImjDh5i(Bk?k_e@ocQN^{=ddV>;~~UX2VqAK48v
z57V#|dH&2c)Wf?Ub>pL`EeN4e1B^mV#N*Z-(}Tin8hkh(SEFX`NpeS=VC{)&?~RPb
z1W;Qx2DKtN$eU~?qi$4)T7kPzEA=31OIM+`t|r*-@On{DN4rt4$p@$#eQw)ZP%~(?
z?MF~IIEGr%lc*I5@fvd#4o2Ou81+^>hE-UPnK+%s$ykA54uxMSXaFZruj5J7lD6X=
z(+x6EBOiiV;&B*!Sdll>6rfgMG2V!!sOx`6t*E!RyCrL}ka|68z^Q%M{{V$46g1+c
zsCoqs!v-9Lf8j_>^BKeQWb#o1TY_4dhcOJxY<)FqBI{8DtwHs_33c9f)C%tM@&2pf
zL;FE9>cY>ht*E{F4Ryh3)J)r@xE;o0IQ2fLtxH3lmxX#wN1^WwW6ncA^?YW>TudoO
z;Hv@FUpIKeHZ-DMpM9u~zef%52<isMP%}A&TEgg5UMV~W8Jn4A>r2r~y$ZEuyKMbS
z)QwM}`U`W|C@o<p^k4#N1=3JYb2jSxV61JQf_fJ6QLonmEWi?s!oRJdefhzm-Vxhl
z05!2p)b(Rg*E`cFXh~<GZnzLNpfc3V*PvEnJ!<AvsHNSEdjGegZuAlA={|y*VXuDf
zvlKvGKLItsNvMZ57o)kqxrc&A^Z;(ewWtA%?e8w(6{rs9pxWnS2V9Kfu>?EfK^%oY
zVIHOp;DOfXsI7?`=sFDj)Td*B`<sU-sN-7X%`mT{W_S?w^dCaTWV-P6Cr6`JY9{JN
zMW_L`VhsL_>hB~*Vkn)+Xw-S}sQ!Ck@csAN1|MpvQc))kMD1BNs>5;CiKwNVirU*-
zP%Cl=>iUJ)374P-T7i1DsxcO~p$4!Q9X0HupbHM6_WU<n|HIZJc+}P20i!V%wf8+y
z*Po4g$}h%ZydJg3KcEJr2SXExK&?a!>V65CtiSfoPlINhWltD^>TrzpI@ATTQ5_Yb
zIxa?iF)hb|*o68KJB4Gh>tOc_D;K*^Ux4~?TY*EdaWMPen?h)o`?UH|KQ5P}+GnCJ
zT!9*S73#(tQA@uWwIXj}5$?t1I6m85u@=<%-=HRV7`1grk>5G<k7G~h#<0{;5^4th
zP%ASA^?F^29xSx=B8;QH4&$*F)$wlBO6^Cj)FBMs*w&BQ`d_FCIse&0<Pc+cbxmi?
z$C0R+Z@^Tn$CvS2<gqXntlu=;g?ctp_`%SP`l33{Kwbbd9QFAO)XL6AO{4@l-!YXG
z5^1PLjeI*^kNc6ane^fOZIAh=AD`1$fZa#9pD#r}^#;@mwqgK}A*Y%%c|cfXGYR$m
zP=cCJ6GrO&|C56DQlDzcI-p*sE~uwF2{og1)X0b0dJbxfCZev-L(Q}hb^RQxgW95H
zs1>S2eNR+lEcZ8CD5#@7s0$CEZum9w<7Ixr5S&4F5gn^s%vMyV+Xy=o`~yU@)3Jq|
zMV?cIL(j(!GKTCVc_h`xKmEv3@(Afn-X)r;j=M-Lxu$$%OoH=-nmAI(J;X~k5FL6P
zb+B*2jk-8k<4M7HY+0-zd?yEw>-hIx@+{HQw3mEBo+r!5&7_&w!((ozbOG69TNakL
z#w2MGO_^=cv(R?v0eqpYVto-OkjHKPVay=6kx<*V566>1<RfwiDJDABkS21UD(>N!
zJrtIcIkrXHc)u;*fTiRnTNks*WLwu;)^^-Y;W1lTgk5cUfwdRrkf+G|<UR6|9^yI*
zI^H6BXy=jsM6c{zaz4>f;1c|H+)Vim5^mcX@l7(7JVf-?=%^=Gk}2dCqGwev$_L~_
zQq_llMw3@a7+FHf$%W)oqGNG+Rjl8c=~jaOyUG`bxs)W622w-zlXJ<fq$km_oAeHr
zcxSMX=zWSNv&dlbF<DRAj`Ju)+R8?Jl{~6%n{#aAWw_Rsr{hSHXzSx}Ael&plh?_O
zL`Nk#Kmz17!mAnl0}z5oZd<`R3E7_DU!B{7B`TMbw@D{*5m`;z6CL?vCAorJLarvy
zkZXyKBA4J-q>3@Nz7D&QO!6eTljwMWJV;8&d~J@Y8|SHxsQWkZsmQvx<V9iSJ5ts~
nre}HwWe>|5Ql9VkwpE5cQ|gbZTa$h`s?IySHLQHZ=-dAXA^*<5

diff --git a/locale/de_DE.UTF-8/LC_MESSAGES/default.po b/locale/de_DE.UTF-8/LC_MESSAGES/default.po
index 64d09ad7..2946965a 100644
--- a/locale/de_DE.UTF-8/LC_MESSAGES/default.po
+++ b/locale/de_DE.UTF-8/LC_MESSAGES/default.po
@@ -1,8 +1,8 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: Engelsystem 2.0\n"
-"POT-Creation-Date: 2013-12-03 16:58+0100\n"
-"PO-Revision-Date: 2013-12-03 16:59+0100\n"
+"POT-Creation-Date: 2013-12-23 21:57+0100\n"
+"PO-Revision-Date: 2013-12-23 23:16+0100\n"
 "Last-Translator: msquare <msquare@notrademark.de>\n"
 "Language-Team: \n"
 "Language: de_DE\n"
@@ -21,7 +21,25 @@ msgstr ""
 msgid "No data found."
 msgstr "Nichts gefunden."
 
-#: /Users/msquare/workspace/projects/engelsystem/includes/helper/internationalization_helper.php:40
+#: /Users/msquare/workspace/projects/engelsystem/includes/helper/email_helper.php:6
+#, php-format
+msgid "Hi %s,"
+msgstr "Hallo %s,"
+
+#: /Users/msquare/workspace/projects/engelsystem/includes/helper/email_helper.php:6
+msgid "here is a message for you from the engelsystem:"
+msgstr "hier ist eine Nachricht aus dem Engelsystem für Dich:"
+
+#: /Users/msquare/workspace/projects/engelsystem/includes/helper/email_helper.php:6
+msgid ""
+"This email is autogenerated and has not to be signed. You got this email "
+"because you are registered in the engelsystem."
+msgstr ""
+"Diese E-Mail wurde automatisch generiert und muss daher nicht unterschrieben "
+"werden. Du hast diese E-Mail bekommen, weil Du im Engelsystem registriert "
+"bist."
+
+#: /Users/msquare/workspace/projects/engelsystem/includes/helper/internationalization_helper.php:47
 msgid "Language"
 msgstr "Sprache"
 
@@ -1016,11 +1034,11 @@ msgstr "Kommentar (nur für Dich):"
 msgid "Please select..."
 msgstr "Bitte auswählen..."
 
-#: /Users/msquare/workspace/projects/engelsystem/public/index.php:174
+#: /Users/msquare/workspace/projects/engelsystem/public/index.php:188
 msgid "No Access"
 msgstr "Kein Zugriff"
 
-#: /Users/msquare/workspace/projects/engelsystem/public/index.php:175
+#: /Users/msquare/workspace/projects/engelsystem/public/index.php:189
 msgid ""
 "You don't have permission to view this page. You probably have to sign in or "
 "register in order to gain access!"
@@ -1028,7 +1046,7 @@ msgstr ""
 "Du hast keinen Zugriff auf diese Seite. Registriere Dich und logge Dich "
 "bitte ein, um Zugriff zu erhalten!"
 
-#: /Users/msquare/workspace/projects/engelsystem/public/index.php:188
+#: /Users/msquare/workspace/projects/engelsystem/public/index.php:202
 msgid ""
 "You are not marked as arrived. Please go to heaven's desk, get your angel "
 "badge and/or tell them that you arrived already."
@@ -1036,11 +1054,11 @@ msgstr ""
 "Du bist nicht als angekommen markiert. Bitte gehe zur Himmelsverwaltung, "
 "hole Dein Badge ab und/oder erkläre ihnen, dass Du bereits angekommen bist."
 
-#: /Users/msquare/workspace/projects/engelsystem/public/index.php:191
+#: /Users/msquare/workspace/projects/engelsystem/public/index.php:205
 msgid "You need to specify a tshirt size in your settings!"
 msgstr ""
 
-#: /Users/msquare/workspace/projects/engelsystem/public/index.php:194
+#: /Users/msquare/workspace/projects/engelsystem/public/index.php:208
 msgid ""
 "You need to specify a DECT phone number in your settings! If you don't have "
 "a DECT phone, just enter \"-\"."
diff --git a/public/index.php b/public/index.php
index fccbc69b..fb0d7966 100644
--- a/public/index.php
+++ b/public/index.php
@@ -24,6 +24,7 @@ require_once ('includes/view/User_view.php');
 require_once ('includes/helper/internationalization_helper.php');
 require_once ('includes/helper/message_helper.php');
 require_once ('includes/helper/error_helper.php');
+require_once ('includes/helper/email_helper.php');
 
 require_once ('config/config.default.php');
 if (file_exists('../config/config.php'))
@@ -62,37 +63,40 @@ load_auth();
 if (isset($_REQUEST['auth']))
   json_auth_service();
 
-$api_pages = array(
+$free_pages = array(
     'stats',
-    'shifts_json_export_all' 
+    'shifts_json_export_all',
+    'user_password_recovery' 
 );
 
 // Gewünschte Seite/Funktion
 $p = isset($user) ? "news" : "login";
-if (isset($_REQUEST['p']) && preg_match("/^[a-z0-9_]*$/i", $_REQUEST['p']) && (in_array($_REQUEST['p'], $api_pages) || (sql_num_query("SELECT * FROM `Privileges` WHERE `name`='" . sql_escape($_REQUEST['p']) . "' LIMIT 1") > 0)))
+if (isset($_REQUEST['p']) && preg_match("/^[a-z0-9_]*$/i", $_REQUEST['p']) && (in_array($_REQUEST['p'], $free_pages) || in_array($_REQUEST['p'], $privileges))) {
   $p = $_REQUEST['p'];
-
-$title = $p;
-$content = "";
-
-if ($p == "ical") {
-  require_once ('includes/pages/user_ical.php');
-  user_ical();
-} elseif ($p == "atom") {
-  require_once ('includes/pages/user_atom.php');
-  user_atom();
-} elseif ($p == "shifts_json_export") {
-  require_once ('includes/controller/shifts_controller.php');
-  shifts_json_export_controller();
-} elseif ($p == "shifts_json_export_all") {
-  require_once ('includes/controller/shifts_controller.php');
-  shifts_json_export_all_controller();
-} elseif ($p == "stats") {
-  require_once ('includes/pages/guest_stats.php');
-  guest_stats();
-} // Recht dafür vorhanden?
-elseif (in_array($p, $privileges)) {
-  if ($p == "news") {
+  
+  $title = $p;
+  $content = "";
+  
+  if ($p == "ical") {
+    require_once ('includes/pages/user_ical.php');
+    user_ical();
+  } elseif ($p == "atom") {
+    require_once ('includes/pages/user_atom.php');
+    user_atom();
+  } elseif ($p == "shifts_json_export") {
+    require_once ('includes/controller/shifts_controller.php');
+    shifts_json_export_controller();
+  } elseif ($p == "shifts_json_export_all") {
+    require_once ('includes/controller/shifts_controller.php');
+    shifts_json_export_all_controller();
+  } elseif ($p == "stats") {
+    require_once ('includes/pages/guest_stats.php');
+    guest_stats();
+  } elseif ($p == "user_password_recovery") {
+    require_once ('includes/controller/users_controller.php');
+    $title = user_password_recovery_title();
+    $content = user_password_recovery_controller();
+  } elseif ($p == "news") {
     $title = news_title();
     $content = user_news();
   } elseif ($p == "news_comments") {
@@ -171,14 +175,14 @@ elseif (in_array($p, $privileges)) {
   } elseif ($p == "admin_log") {
     $title = admin_log_title();
     $content = admin_log();
+  } elseif ($p == "credits") {
+    require_once ('includes/pages/guest_credits.php');
+    $title = credits_title();
+    $content = guest_credits();
   } else {
     require_once ('includes/pages/guest_start.php');
     $content = guest_start();
   }
-} elseif ($p == "credits") {
-  require_once ('includes/pages/guest_credits.php');
-  $title = credits_title();
-  $content = guest_credits();
 } else {
   // Wenn schon eingeloggt, keine-Berechtigung-Seite anzeigen
   if (isset($user)) {
@@ -190,27 +194,29 @@ elseif (in_array($p, $privileges)) {
   }
 }
 
-// Hinweis für ungelesene Nachrichten
-if (isset($user) && $p != "user_messages")
-  $content = user_unread_messages() . $content;
+if (isset($user)) {
+  // Hinweis für ungelesene Nachrichten
+  if ($p != "user_messages")
+    $content = user_unread_messages() . $content;
+    
+    // Hinweis für Engel, die noch nicht angekommen sind
+  if ($user['Gekommen'] == 0)
+    $content = error(_("You are not marked as arrived. Please go to heaven's desk, get your angel badge and/or tell them that you arrived already."), true) . $content;
   
-  // Hinweis für Engel, die noch nicht angekommen sind
-if (isset($user) && $user['Gekommen'] == 0)
-  $content = error(_("You are not marked as arrived. Please go to heaven's desk, get your angel badge and/or tell them that you arrived already."), true) . $content;
-
-if (isset($user) && $enable_tshirt_size && $user['Size'] == "")
-  $content = error(_("You need to specify a tshirt size in your settings!"), true) . $content;
-
-if (isset($user) && $user['DECT'] == "")
-  $content = error(_("You need to specify a DECT phone number in your settings! If you don't have a DECT phone, just enter \"-\"."), true) . $content;
-  
-  // Erzengel Hinweis für unbeantwortete Fragen
-if (isset($user) && $p != "admin_questions")
-  $content = admin_new_questions() . $content;
+  if ($enable_tshirt_size && $user['Size'] == "")
+    $content = error(_("You need to specify a tshirt size in your settings!"), true) . $content;
   
-  // Erzengel Hinweis für freizuschaltende Engeltypen
-if (isset($user) && $p != "admin_user_angeltypes")
-  $content = admin_new_user_angeltypes() . $content;
+  if ($user['DECT'] == "")
+    $content = error(_("You need to specify a DECT phone number in your settings! If you don't have a DECT phone, just enter \"-\"."), true) . $content;
+    
+    // Erzengel Hinweis für unbeantwortete Fragen
+  if ($p != "admin_questions")
+    $content = admin_new_questions() . $content;
+    
+    // Erzengel Hinweis für freizuschaltende Engeltypen
+  if ($p != "admin_user_angeltypes")
+    $content = admin_new_user_angeltypes() . $content;
+}
 
 echo template_render('../templates/layout.html', array(
     'theme' => isset($user) ? $user['color'] : $default_theme,