<?php
namespace account;
require_once "verify_user_credentials.php";
function add_user_cookie($name)
{
   $hash = get_stored_hash($name);
   $expiration = time() + 30 * 24 * 60 * 60;
   $path = "/";
   setcookie("name", $name, $expiration, $path);
   setcookie("hash", $hash, $expiration, $path);
   setcookie("id", null, 0, $path);
   setcookie("code", null, 0, $path);
}

<?php
namespace account;
class Mail
{
   public function __construct($recipient, $sender, $subject)
   {
      $this->recipient = $recipient;
      $this->sender = $sender;
      $this->subject = $subject;
   }
   public function send()
   {
      $header = $this->build_header();
      $message = $this->build_message();
      return mail($this->recipient, $this->subject, $message, $header);
   }
   private function build_header()
   {
      $header = "From: " . $this->sender . "\r\n";
      $header .= "Content-Type: text/plain\r\n";
      return $header;
   }
   protected function build_message()
   {
      return "default message\n";
   }
}

<?php
namespace account;
require_once "Errors.php";
require_once "get_user_path.php";
require_once "user_exists.php";
$GLOBALS["HASH_FILE_NAME"] = "hash";
function verify_user_credentials($name, $password=null, $hash=null)
{
   $errors = new Errors();
   if (!user_exists($name))
   {
      $errors->add("username not found (note: usernames are case-sensitive)");
   }
   else if (!is_null($password))
   {
      if (!match_password_to_hash($name, $password))
      {
         $errors->add("password doesn't match username");
      }
   }
   else
   {
      if ($hash != get_stored_hash($name))
      {
         $errors->add("invalid or missing hash in cookie");
      }
   }
   return $errors;
}
function match_password_to_hash($username, $password)
{
   return match_to_hash($password, get_stored_hash($username));
}
function get_stored_hash($username)
{
   $path = build_user_path($username) . $GLOBALS["HASH_FILE_NAME"];
   return trim(file_get_contents($path));
}
function match_to_hash($key, $hash)
{
   return $hash == crypt($key, $hash);
}

<?php
namespace account;
class User
{
   function __construct(
      $name, $password=null, $repeated_password=null, $submitted_hash=null,
      $email_address=null)
   {
      $this->name = $name;
      $this->password = $password;
      $this->repeated_password = $repeated_password;
      $this->submitted_hash = $submitted_hash;
      $this->email_address = $email_address;
   }
}

<?php
namespace account;
require_once "Errors.php";
require_once "user_exists.php";
require_once "get_user_path.php";
require_once "Password_Mail.php";
require_once "add_user_account.php";
$GLOBALS["EMAIL_ADDRESS_FILE_NAME"] = "email";
$GLOBALS["GENERATED_PASSWORD_LENGTH"] = 10;
submit_reset_password_request();
function submit_reset_password_request()
{
   $name = $_GET["name"];
   $email_address = $_GET["email"];
   $errors = new Errors();
   if (!user_exists($name))
   {
      $errors->add("username not found");
   }
   else if (!match_to_existing($name, $email_address))
   {
      $errors->add("submitted address doesn't match account address");
   }
   else
   {
      store_password(build_user_path($name), email_password($email_address));
   }
   echo $errors;
}
function match_to_existing($name, $email_address)
{
   $path = build_user_path($name) . $GLOBALS["EMAIL_ADDRESS_FILE_NAME"];
   if (file_exists($path))
   {
      return $email_address == trim(file_get_contents($path));
   }
   return false;
}
function email_password($email_address)
{
   $password = generate_password();
   $mail = new Password_Mail($email_address, $password);
   $mail->send();
   return $password;
}
function generate_password()
{
   $length = $GLOBALS["GENERATED_PASSWORD_LENGTH"];
   $set = generate_character_set();
   $password = "";
   for ($ii = 0; $ii < $length; $ii++)
   {
      $password .= $set[rand(0, strlen($set) - 1)];
   }
   return $password;
}
function generate_character_set()
{
   $set = "";
   for ($ii = 0; $ii <= 90 - 65; $ii++)
   {
      $set .= chr($ii + 65);
   }
   for ($ii = 0; $ii <= 122 - 97; $ii++)
   {
      $set .= chr($ii + 97);
   }
   for ($ii = 0; $ii <= 9; $ii++)
   {
      $set .= $ii;
   }
   return $set;
}
function send_password($password)
{
   $email_address = $this->get_email_address();
}

<?php
namespace account;
require_once "Errors.php";
define("USERNAME_MIN_LENGTH", 5);
define("USERNAME_MAX_LENGTH", 15);
define("PASSWORD_MIN_LENGTH", 7);
define("PASSWORD_MAX_LENGTH", 15);
function validate_submission($username, $password, $email_address)
{
   $errors = new Errors();
   validate_username($username, $errors);
   validate_password($password, $errors);
   validate_email_address($email_address, $errors);
   return $errors;
}
function validate_username($username, $errors)
{
   if (user_exists($username))
   {
      $errors->add("username taken");
   }
   $length = strlen($username);
   if ($length < USERNAME_MIN_LENGTH)
   {
      $errors->add("username too short");
   }
   if ($length > USERNAME_MAX_LENGTH)
   {
      $errors->add("username too long");
   }
   if (!validate_username_characters($username))
   {
      $errors->add("username contains invalid characters");
   }
}
function validate_username_characters($username)
{
   return !preg_match("/[^0-9a-zA-Z]/", $username);
}
function validate_password($password, $errors)
{
   if ($password[0] != $password[1])
   {
      $errors->add("submitted passwords don't match");
   }
   $length = strlen($password[0]);
   if ($length < PASSWORD_MIN_LENGTH)
   {
      $errors->add("password too short");
   }
   if ($length > PASSWORD_MAX_LENGTH)
   {
      $errors->add("password too long");
   }
}
function validate_email_address($email_address, $errors)
{
   if (!preg_match("/.+@.+\..+/", $email_address))
   {
      $errors->add("invalid email address format");
   }
}