Revision 1551
Added by Dietmar over 12 years ago
| login_form.php | ||
|---|---|---|
| 4 | 4 |
* @category frontend |
| 5 | 5 |
* @package account |
| 6 | 6 |
* @author WebsiteBaker Project |
| 7 |
* @copyright 2004-2009, Ryan Djurovich |
|
| 7 | 8 |
* @copyright 2009-2011, Website Baker Org. e.V. |
| 8 | 9 |
* @link http://www.websitebaker2.org/ |
| 9 | 10 |
* @license http://www.gnu.org/licenses/gpl.html |
| ... | ... | |
| 17 | 18 |
|
| 18 | 19 |
// Must include code to stop this file being access directly |
| 19 | 20 |
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
|
| 20 |
// Check if the user has already submitted the form, otherwise show it |
|
| 21 |
if(isset($_POST['email']) && $_POST['email'] != "" && |
|
| 22 |
preg_match("/([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}/i", $_POST['email']))
|
|
| 23 |
{
|
|
| 24 |
$email = strip_tags($_POST['email']); |
|
| 25 |
// Check if the email exists in the database |
|
| 26 |
$sql = 'SELECT `user_id`,`username`,`display_name`,`email`,`last_reset`,`password` '. |
|
| 27 |
'FROM `'.TABLE_PREFIX.'users` '. |
|
| 28 |
'WHERE `email`=\''.$wb->add_slashes($_POST['email']).'\''; |
|
| 29 |
if(($results = $database->query($sql))) |
|
| 30 |
{
|
|
| 31 |
if(($results_array = $results->fetchRow())) |
|
| 32 |
{ // Get the id, username, email, and last_reset from the above db query
|
|
| 33 |
// Check if the password has been reset in the last 2 hours |
|
| 34 |
if( (time() - (int)$results_array['last_reset']) < (2 * 3600) ) {
|
|
| 35 |
// Tell the user that their password cannot be reset more than once per hour |
|
| 36 |
$message = $MESSAGE['FORGOT_PASS']['ALREADY_RESET']; |
|
| 37 |
} else {
|
|
| 38 |
require_once(WB_PATH.'/framework/PasswordHash.php'); |
|
| 39 |
$pwh = new PasswordHash(0, true); |
|
| 40 |
$old_pass = $results_array['password']; |
|
| 41 |
// Generate a random password then update the database with it |
|
| 42 |
$new_pass = $pwh->NewPassword(); |
|
| 43 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '. |
|
| 44 |
'SET `password`=\''.$pwh->HashPassword($new_pass, true).'\', '. |
|
| 45 |
'`last_reset`='.time().' '. |
|
| 46 |
'WHERE `user_id`='.(int)$results_array['user_id']; |
|
| 47 |
unset($pwh); // destroy $pwh-Object |
|
| 48 |
if($database->query($sql)) |
|
| 49 |
{ // Setup email to send
|
|
| 50 |
$mail_to = $email; |
|
| 51 |
$mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO']; |
|
| 52 |
// Replace placeholders from language variable with values |
|
| 53 |
$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
|
|
| 54 |
$replace = array($results_array['display_name'], WEBSITE_TITLE, $results_array['username'], $new_pass); |
|
| 55 |
$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_FORGOT']); |
|
| 56 |
// Try sending the email |
|
| 57 |
if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) {
|
|
| 58 |
$message = $MESSAGE['FORGOT_PASS_PASSWORD_RESET']; |
|
| 59 |
$display_form = false; |
|
| 60 |
}else { // snd mail failed, rollback
|
|
| 61 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '. |
|
| 62 |
'SET `password`=\''.$old_pass.'\' '. |
|
| 63 |
'WHERE `user_id`='.(int)$results_array['user_id']; |
|
| 64 |
$database->query($sql); |
|
| 65 |
$message = $MESSAGE['FORGOT_PASS_CANNOT_EMAIL']; |
|
| 66 |
} |
|
| 67 |
}else { // Error updating database
|
|
| 68 |
$message = $MESSAGE['RECORD_MODIFIED_FAILED']; |
|
| 69 |
if(DEBUG) {
|
|
| 70 |
$message .= '<br />'.$database->get_error(); |
|
| 71 |
$message .= '<br />'.$sql; |
|
| 72 |
} |
|
| 73 |
} |
|
| 74 |
} |
|
| 75 |
}else { // no record found - Email doesn't exist, so tell the user
|
|
| 76 |
$message = $MESSAGE['FORGOT_PASS_EMAIL_NOT_FOUND']; |
|
| 77 |
} |
|
| 78 |
} else { // Query failed
|
|
| 79 |
$message = 'SystemError:: Database query failed!'; |
|
| 80 |
if(DEBUG) {
|
|
| 81 |
$message .= '<br />'.$database->get_error(); |
|
| 82 |
$message .= '<br />'.$sql; |
|
| 83 |
} |
|
| 21 |
|
|
| 22 |
$username_fieldname = 'username'; |
|
| 23 |
$password_fieldname = 'password'; |
|
| 24 |
|
|
| 25 |
if(defined('SMART_LOGIN') AND SMART_LOGIN == 'enabled') {
|
|
| 26 |
// Generate username field name |
|
| 27 |
$username_fieldname = 'username_'; |
|
| 28 |
$password_fieldname = 'password_'; |
|
| 29 |
|
|
| 30 |
$temp = array_merge(range('a','z'), range(0,9));
|
|
| 31 |
shuffle($temp); |
|
| 32 |
for($i=0;$i<=7;$i++) {
|
|
| 33 |
$username_fieldname .= $temp[$i]; |
|
| 34 |
$password_fieldname .= $temp[$i]; |
|
| 84 | 35 |
} |
| 85 |
} else {
|
|
| 86 |
$email = ''; |
|
| 87 | 36 |
} |
| 88 | 37 |
|
| 89 |
if(isset($message) && $message != '') {
|
|
| 90 |
$message_color = 'FF0000'; |
|
| 91 |
} else {
|
|
| 92 |
$message = $MESSAGE['FORGOT_PASS_NO_DATA']; |
|
| 93 |
$message_color = '000000'; |
|
| 94 |
} |
|
| 95 |
|
|
| 96 |
$_SESSION['PAGE_LINK'] = get_page_link( $_SESSION['PAGE_ID'] ); |
|
| 97 |
$_SESSION['HTTP_REFERER'] = page_link($_SESSION['PAGE_LINK']); |
|
| 98 |
|
|
| 38 |
$page_id = !empty($_SESSION['PAGE_ID']) ? $_SESSION['PAGE_ID'] : 0; |
|
| 39 |
$_SESSION['PAGE_LINK'] = get_page_link( $page_id ); |
|
| 40 |
if(!file_exists($_SESSION['PAGE_LINK'])) {$_SESSION['PAGE_LINK'] = WB_URL.'/'; }
|
|
| 41 |
$_SESSION['HTTP_REFERER'] = $_SESSION['PAGE_LINK']; |
|
| 42 |
$thisApp->redirect_url = (isset($thisApp->redirect_url) ? $thisApp->redirect_url : $_SESSION['PAGE_LINK']) |
|
| 99 | 43 |
?> |
| 100 | 44 |
<div style="margin: 1em auto;"> |
| 101 | 45 |
<button type="button" value="cancel" onClick="javascript: window.location = '<?php print $_SESSION['HTTP_REFERER'] ?>';"><?php print $TEXT['CANCEL'] ?></button> |
| 102 | 46 |
</div> |
| 103 |
<h1 style="text-align: center;"><?php echo $MENU['FORGOT']; ?></h1> |
|
| 104 |
<form name="forgot_pass" action="<?php echo WB_URL.'/account/forgot.php'; ?>" method="post"> |
|
| 105 |
<input type="hidden" name="url" value="{URL}" />
|
|
| 106 |
<table cellpadding="5" cellspacing="0" border="0" align="center" width="500"> |
|
| 107 |
<tr> |
|
| 108 |
<td height="40" align="center" style="color: #<?php echo $message_color; ?>;" colspan="2"> |
|
| 109 |
<?php echo $message; ?> |
|
| 110 |
</td> |
|
| 111 |
</tr> |
|
| 112 |
<?php if(!isset($display_form) OR $display_form != false) { ?>
|
|
| 113 |
<tr> |
|
| 114 |
<td height="10" colspan="2"></td> |
|
| 115 |
</tr> |
|
| 116 |
<tr> |
|
| 117 |
<td width="165" height="30" align="right"><?php echo $TEXT['EMAIL']; ?>:</td> |
|
| 118 |
<td><input type="text" maxlength="255" name="email" value="<?php echo $email; ?>" style="width: 180px;" /></td> |
|
| 119 |
<td><input type="submit" name="submit" value="<?php echo $TEXT['SEND_DETAILS']; ?>" style="width: 180px; font-size: 10px; color: #003366; border: 1px solid #336699; background-color: #DDDDDD; padding: 3px; text-transform: uppercase;" /></td> |
|
| 120 |
</tr> |
|
| 47 |
<h1> Login</h1> |
|
| 48 |
<?php echo $thisApp->message; ?> |
|
| 49 |
<br /> |
|
| 50 |
<br /> |
|
| 51 |
|
|
| 52 |
<form class="login-box" action="<?php echo WB_URL.'/account/login.php'; ?>" method="post"> |
|
| 53 |
<input type="hidden" name="username_fieldname" value="<?php echo $username_fieldname; ?>" /> |
|
| 54 |
<input type="hidden" name="password_fieldname" value="<?php echo $password_fieldname; ?>" /> |
|
| 55 |
<input type="hidden" name="redirect" value="<?php echo $thisApp->redirect_url;?>" /> |
|
| 56 |
|
|
| 57 |
<table cellpadding="5" cellspacing="0" border="0" width="90%"> |
|
| 58 |
<tr> |
|
| 59 |
<td style="width:100px"><?php echo $TEXT['USERNAME']; ?>:</td> |
|
| 60 |
<td class="value_input"> |
|
| 61 |
<input type="text" name="<?php echo $username_fieldname; ?>" maxlength="30" style="width:220px;"/> |
|
| 62 |
<script type="text/javascript"> |
|
| 63 |
// document.login.<?php echo $username_fieldname; ?>.focus(); |
|
| 64 |
var ref= document.getElementById("<?php echo $username_fieldname; ?>");
|
|
| 65 |
if (ref) ref.focus(); |
|
| 66 |
</script> |
|
| 67 |
</td> |
|
| 68 |
</tr> |
|
| 69 |
<tr> |
|
| 70 |
<td style="width:100px"><?php echo $TEXT['PASSWORD']; ?>:</td> |
|
| 71 |
<td class="value_input"> |
|
| 72 |
<input type="password" name="<?php echo $password_fieldname; ?>" maxlength="30" style="width:220px;"/> |
|
| 73 |
</td> |
|
| 74 |
</tr> |
|
| 75 |
<?php if($username_fieldname != 'username') { ?>
|
|
| 76 |
<tr> |
|
| 77 |
<td> </td> |
|
| 78 |
<td> |
|
| 79 |
<input type="checkbox" name="remember" id="remember" value="true"/> |
|
| 80 |
<label for="remember"><?php echo $TEXT['REMEMBER_ME']; ?></label> |
|
| 81 |
</td> |
|
| 82 |
</tr> |
|
| 121 | 83 |
<?php } ?> |
| 122 |
</table> |
|
| 123 |
</form> |
|
| 84 |
<tr> |
|
| 85 |
<td> </td> |
|
| 86 |
<td> |
|
| 87 |
<input type="submit" name="submit" value="<?php echo $TEXT['LOGIN']; ?>" /> |
|
| 88 |
<input type="reset" name="reset" value="<?php echo $TEXT['RESET']; ?>" /> |
|
| 89 |
</td> |
|
| 90 |
</tr> |
|
| 91 |
</table> |
|
| 92 |
|
|
| 93 |
</form> |
|
| 94 |
|
|
| 95 |
<br /> |
|
| 96 |
|
|
| 97 |
<a href="<?php echo WB_URL; ?>/account/forgot.php"><?php echo $TEXT['FORGOTTEN_DETAILS']; ?></a> |
|
Also available in: Unified diff
+ add languages vars in languages files
+ add upload error mesages moduleinstall
+ add index.php if not exists in function createFolderProtectFile
! corrected changed coding between login_form and forgot_form