Add option for password reset method

modules/member/lang/en.php

@@ -217,6 +217,9 @@ $lang->cmd_password_hashing_algorithm = 'Password Hashing Algorithm';
 $lang->cmd_password_hashing_work_factor = 'Password Hashing Work Factor';
 $lang->cmd_password_hashing_auto_upgrade = 'Auto-upgrade Hashing Algorithm';
 $lang->cmd_password_change_invalidate_other_sessions = 'Sign out other devices on password change';
+$lang->cmd_password_reset_method = 'Password Reset';
+$lang->cmd_password_reset_method_v1 = 'Email random password';
+$lang->cmd_password_reset_method_v2 = 'Email link to password reset page (recommended)';
 $lang->cmd_login_invalidate_other_sessions = 'Sign out other devices';
 $lang->password_strength_low = 'low';
 $lang->password_strength_normal = 'normal';
@@ -226,6 +229,7 @@ $lang->about_password_hashing_algorithm = 'Choose how to encrypt (hash) password
 $lang->about_password_hashing_work_factor = 'Higher work factors result in more security, but at the cost of delays at login and increased server load.<br />With bcrypt, each step takes twice as long as the step below. Similar conversions are applied to pbkdf2 and argon2id.';
 $lang->about_password_hashing_auto_upgrade = 'Passwords not encrypted using the method configured above will be automatically converted to the configured method at next login.';
 $lang->about_password_change_invalidate_other_sessions = 'Sign out all other devices (browsers) when a member changes the password.';
+$lang->about_password_reset_method = 'Select how to assign a new password in the Find Member Account feature.';
 $lang->about_login_invalidate_other_sessions = 'Allow login from only one device. Previously used machines will be signed out automatically.';
 $lang->about_password_strength['low'] = 'the password should be longer, at least four characters';
 $lang->about_password_strength['normal'] = 'the password should be at least six characters, and should have at least one alpha character and numeric characters';

modules/member/lang/ko.php

@@ -219,6 +219,9 @@ $lang->cmd_password_hashing_algorithm = '비밀번호 암호화 알고리즘';
 $lang->cmd_password_hashing_work_factor = '비밀번호 암호화 소요시간';
 $lang->cmd_password_hashing_auto_upgrade = '알고리즘 자동 업그레이드';
 $lang->cmd_password_change_invalidate_other_sessions = '비번 변경시 다른 기기 로그아웃';
+$lang->cmd_password_reset_method = 'ID/PW 찾기 방법';
+$lang->cmd_password_reset_method_v1 = '랜덤 비밀번호 전달';
+$lang->cmd_password_reset_method_v2 = '비밀번호 변경 화면 링크 전달 (권장)';
 $lang->cmd_login_invalidate_other_sessions = '다른 기기 로그아웃';
 $lang->password_strength_low = '낮음';
 $lang->password_strength_normal = '보통';
@@ -228,6 +231,7 @@ $lang->about_password_hashing_algorithm = '회원들의 비밀번호를 DB에
 $lang->about_password_hashing_work_factor = '오래 걸리는 암호화 방식일수록 안전하지만, 로그인이 오래 걸리거나 서버 부하가 상승할 수 있습니다.<br />소요시간은 bcrypt 기준 각 단계마다 2배씩 늘어나며, pbkdf2와 argon2id에서도 유사한 기준으로 적용됩니다.';
 $lang->about_password_hashing_auto_upgrade = '위에서 설정된 것과 다른 방법으로 암호화된 비밀번호가 있으면 다음 로그인시 설정된 알고리즘으로 자동 변환합니다.';
 $lang->about_password_change_invalidate_other_sessions = '비밀번호를 변경하면 현재 기기(브라우저)를 제외한 모든 로그인이 풀리도록 합니다.';
+$lang->about_password_reset_method = 'ID/PW 찾기 기능 사용시, 새 비밀번호로 변경하는 방법을 선택합니다.';
 $lang->about_login_invalidate_other_sessions = '한 번에 하나의 기기에서만 로그인할 수 있도록 합니다.';
 $lang->about_password_strength['low'] = '비밀번호는 4자 이상이어야 합니다.';
 $lang->about_password_strength['normal'] = '비밀번호는 6자리 이상이어야 하며 영문과 숫자를 반드시 포함해야 합니다.';

modules/member/member.admin.controller.php

@@ -241,6 +241,7 @@ class MemberAdminController extends Member
 			'password_hashing_work_factor',
 			'password_hashing_auto_upgrade',
 			'password_change_invalidate_other_sessions',
+			'password_reset_method',
 			'allow_nickname_change',
 			'update_nickname_log',
 			'nickname_symbols',
@@ -330,7 +331,7 @@ class MemberAdminController extends Member
 		{
 			$args->password_hashing_auto_upgrade = 'N';
 		}
-
+		$args->password_reset_method = intval($args->password_reset_method);
 		if(!in_array($args->nickname_symbols, ['Y', 'N', 'LIST']))
 		{
 			$args->nickname_symbols = 'Y';

modules/member/tpl/default_config.html

@@ -138,6 +138,14 @@
 			<p class="x_help-block">{$lang->about_password_change_invalidate_other_sessions}</p>
 		</div>
 	</div>
+	<div class="x_control-group">
+		<label class="x_control-label">{$lang->cmd_password_reset_method}</label>
+		<div class="x_controls">
+			<label for="password_reset_method_v2" class="x_inline"><input type="radio" name="password_reset_method" id="password_reset_method_v2" value="2" checked="checked"|cond="$config->password_reset_method == 2" /> {$lang->cmd_password_reset_method_v2}</label>
+			<label for="password_reset_method_v1" class="x_inline"><input type="radio" name="password_reset_method" id="password_reset_method_v1" value="1" checked="checked"|cond="$config->password_reset_method != 2" /> {$lang->cmd_password_reset_method_v1}</label>
+			<p class="x_help-block">{$lang->about_password_reset_method}</p>
+		</div>
+	</div>
 	<div class="x_control-group">
 		<label class="x_control-label" for="member_sync">{$lang->cmd_member_sync}</label>
 		<div class="x_controls">