Revision 1551
Added by Dietmar over 12 years ago
login_form.php | ||
---|---|---|
4 | 4 |
* @category frontend |
5 | 5 |
* @package account |
6 | 6 |
* @author WebsiteBaker Project |
7 |
* @copyright 2004-2009, Ryan Djurovich |
|
7 | 8 |
* @copyright 2009-2011, Website Baker Org. e.V. |
8 | 9 |
* @link http://www.websitebaker2.org/ |
9 | 10 |
* @license http://www.gnu.org/licenses/gpl.html |
... | ... | |
17 | 18 |
|
18 | 19 |
// Must include code to stop this file being access directly |
19 | 20 |
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); } |
20 |
// Check if the user has already submitted the form, otherwise show it |
|
21 |
if(isset($_POST['email']) && $_POST['email'] != "" && |
|
22 |
preg_match("/([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}/i", $_POST['email'])) |
|
23 |
{ |
|
24 |
$email = strip_tags($_POST['email']); |
|
25 |
// Check if the email exists in the database |
|
26 |
$sql = 'SELECT `user_id`,`username`,`display_name`,`email`,`last_reset`,`password` '. |
|
27 |
'FROM `'.TABLE_PREFIX.'users` '. |
|
28 |
'WHERE `email`=\''.$wb->add_slashes($_POST['email']).'\''; |
|
29 |
if(($results = $database->query($sql))) |
|
30 |
{ |
|
31 |
if(($results_array = $results->fetchRow())) |
|
32 |
{ // Get the id, username, email, and last_reset from the above db query |
|
33 |
// Check if the password has been reset in the last 2 hours |
|
34 |
if( (time() - (int)$results_array['last_reset']) < (2 * 3600) ) { |
|
35 |
// Tell the user that their password cannot be reset more than once per hour |
|
36 |
$message = $MESSAGE['FORGOT_PASS']['ALREADY_RESET']; |
|
37 |
} else { |
|
38 |
require_once(WB_PATH.'/framework/PasswordHash.php'); |
|
39 |
$pwh = new PasswordHash(0, true); |
|
40 |
$old_pass = $results_array['password']; |
|
41 |
// Generate a random password then update the database with it |
|
42 |
$new_pass = $pwh->NewPassword(); |
|
43 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '. |
|
44 |
'SET `password`=\''.$pwh->HashPassword($new_pass, true).'\', '. |
|
45 |
'`last_reset`='.time().' '. |
|
46 |
'WHERE `user_id`='.(int)$results_array['user_id']; |
|
47 |
unset($pwh); // destroy $pwh-Object |
|
48 |
if($database->query($sql)) |
|
49 |
{ // Setup email to send |
|
50 |
$mail_to = $email; |
|
51 |
$mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO']; |
|
52 |
// Replace placeholders from language variable with values |
|
53 |
$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}'); |
|
54 |
$replace = array($results_array['display_name'], WEBSITE_TITLE, $results_array['username'], $new_pass); |
|
55 |
$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_FORGOT']); |
|
56 |
// Try sending the email |
|
57 |
if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) { |
|
58 |
$message = $MESSAGE['FORGOT_PASS_PASSWORD_RESET']; |
|
59 |
$display_form = false; |
|
60 |
}else { // snd mail failed, rollback |
|
61 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '. |
|
62 |
'SET `password`=\''.$old_pass.'\' '. |
|
63 |
'WHERE `user_id`='.(int)$results_array['user_id']; |
|
64 |
$database->query($sql); |
|
65 |
$message = $MESSAGE['FORGOT_PASS_CANNOT_EMAIL']; |
|
66 |
} |
|
67 |
}else { // Error updating database |
|
68 |
$message = $MESSAGE['RECORD_MODIFIED_FAILED']; |
|
69 |
if(DEBUG) { |
|
70 |
$message .= '<br />'.$database->get_error(); |
|
71 |
$message .= '<br />'.$sql; |
|
72 |
} |
|
73 |
} |
|
74 |
} |
|
75 |
}else { // no record found - Email doesn't exist, so tell the user |
|
76 |
$message = $MESSAGE['FORGOT_PASS_EMAIL_NOT_FOUND']; |
|
77 |
} |
|
78 |
} else { // Query failed |
|
79 |
$message = 'SystemError:: Database query failed!'; |
|
80 |
if(DEBUG) { |
|
81 |
$message .= '<br />'.$database->get_error(); |
|
82 |
$message .= '<br />'.$sql; |
|
83 |
} |
|
21 |
|
|
22 |
$username_fieldname = 'username'; |
|
23 |
$password_fieldname = 'password'; |
|
24 |
|
|
25 |
if(defined('SMART_LOGIN') AND SMART_LOGIN == 'enabled') { |
|
26 |
// Generate username field name |
|
27 |
$username_fieldname = 'username_'; |
|
28 |
$password_fieldname = 'password_'; |
|
29 |
|
|
30 |
$temp = array_merge(range('a','z'), range(0,9)); |
|
31 |
shuffle($temp); |
|
32 |
for($i=0;$i<=7;$i++) { |
|
33 |
$username_fieldname .= $temp[$i]; |
|
34 |
$password_fieldname .= $temp[$i]; |
|
84 | 35 |
} |
85 |
} else { |
|
86 |
$email = ''; |
|
87 | 36 |
} |
88 | 37 |
|
89 |
if(isset($message) && $message != '') { |
|
90 |
$message_color = 'FF0000'; |
|
91 |
} else { |
|
92 |
$message = $MESSAGE['FORGOT_PASS_NO_DATA']; |
|
93 |
$message_color = '000000'; |
|
94 |
} |
|
95 |
|
|
96 |
$_SESSION['PAGE_LINK'] = get_page_link( $_SESSION['PAGE_ID'] ); |
|
97 |
$_SESSION['HTTP_REFERER'] = page_link($_SESSION['PAGE_LINK']); |
|
98 |
|
|
38 |
$page_id = !empty($_SESSION['PAGE_ID']) ? $_SESSION['PAGE_ID'] : 0; |
|
39 |
$_SESSION['PAGE_LINK'] = get_page_link( $page_id ); |
|
40 |
if(!file_exists($_SESSION['PAGE_LINK'])) {$_SESSION['PAGE_LINK'] = WB_URL.'/'; } |
|
41 |
$_SESSION['HTTP_REFERER'] = $_SESSION['PAGE_LINK']; |
|
42 |
$thisApp->redirect_url = (isset($thisApp->redirect_url) ? $thisApp->redirect_url : $_SESSION['PAGE_LINK']) |
|
99 | 43 |
?> |
100 | 44 |
<div style="margin: 1em auto;"> |
101 | 45 |
<button type="button" value="cancel" onClick="javascript: window.location = '<?php print $_SESSION['HTTP_REFERER'] ?>';"><?php print $TEXT['CANCEL'] ?></button> |
102 | 46 |
</div> |
103 |
<h1 style="text-align: center;"><?php echo $MENU['FORGOT']; ?></h1> |
|
104 |
<form name="forgot_pass" action="<?php echo WB_URL.'/account/forgot.php'; ?>" method="post"> |
|
105 |
<input type="hidden" name="url" value="{URL}" /> |
|
106 |
<table cellpadding="5" cellspacing="0" border="0" align="center" width="500"> |
|
107 |
<tr> |
|
108 |
<td height="40" align="center" style="color: #<?php echo $message_color; ?>;" colspan="2"> |
|
109 |
<?php echo $message; ?> |
|
110 |
</td> |
|
111 |
</tr> |
|
112 |
<?php if(!isset($display_form) OR $display_form != false) { ?> |
|
113 |
<tr> |
|
114 |
<td height="10" colspan="2"></td> |
|
115 |
</tr> |
|
116 |
<tr> |
|
117 |
<td width="165" height="30" align="right"><?php echo $TEXT['EMAIL']; ?>:</td> |
|
118 |
<td><input type="text" maxlength="255" name="email" value="<?php echo $email; ?>" style="width: 180px;" /></td> |
|
119 |
<td><input type="submit" name="submit" value="<?php echo $TEXT['SEND_DETAILS']; ?>" style="width: 180px; font-size: 10px; color: #003366; border: 1px solid #336699; background-color: #DDDDDD; padding: 3px; text-transform: uppercase;" /></td> |
|
120 |
</tr> |
|
47 |
<h1> Login</h1> |
|
48 |
<?php echo $thisApp->message; ?> |
|
49 |
<br /> |
|
50 |
<br /> |
|
51 |
|
|
52 |
<form class="login-box" action="<?php echo WB_URL.'/account/login.php'; ?>" method="post"> |
|
53 |
<input type="hidden" name="username_fieldname" value="<?php echo $username_fieldname; ?>" /> |
|
54 |
<input type="hidden" name="password_fieldname" value="<?php echo $password_fieldname; ?>" /> |
|
55 |
<input type="hidden" name="redirect" value="<?php echo $thisApp->redirect_url;?>" /> |
|
56 |
|
|
57 |
<table cellpadding="5" cellspacing="0" border="0" width="90%"> |
|
58 |
<tr> |
|
59 |
<td style="width:100px"><?php echo $TEXT['USERNAME']; ?>:</td> |
|
60 |
<td class="value_input"> |
|
61 |
<input type="text" name="<?php echo $username_fieldname; ?>" maxlength="30" style="width:220px;"/> |
|
62 |
<script type="text/javascript"> |
|
63 |
// document.login.<?php echo $username_fieldname; ?>.focus(); |
|
64 |
var ref= document.getElementById("<?php echo $username_fieldname; ?>"); |
|
65 |
if (ref) ref.focus(); |
|
66 |
</script> |
|
67 |
</td> |
|
68 |
</tr> |
|
69 |
<tr> |
|
70 |
<td style="width:100px"><?php echo $TEXT['PASSWORD']; ?>:</td> |
|
71 |
<td class="value_input"> |
|
72 |
<input type="password" name="<?php echo $password_fieldname; ?>" maxlength="30" style="width:220px;"/> |
|
73 |
</td> |
|
74 |
</tr> |
|
75 |
<?php if($username_fieldname != 'username') { ?> |
|
76 |
<tr> |
|
77 |
<td> </td> |
|
78 |
<td> |
|
79 |
<input type="checkbox" name="remember" id="remember" value="true"/> |
|
80 |
<label for="remember"><?php echo $TEXT['REMEMBER_ME']; ?></label> |
|
81 |
</td> |
|
82 |
</tr> |
|
121 | 83 |
<?php } ?> |
122 |
</table> |
|
123 |
</form> |
|
84 |
<tr> |
|
85 |
<td> </td> |
|
86 |
<td> |
|
87 |
<input type="submit" name="submit" value="<?php echo $TEXT['LOGIN']; ?>" /> |
|
88 |
<input type="reset" name="reset" value="<?php echo $TEXT['RESET']; ?>" /> |
|
89 |
</td> |
|
90 |
</tr> |
|
91 |
</table> |
|
92 |
|
|
93 |
</form> |
|
94 |
|
|
95 |
<br /> |
|
96 |
|
|
97 |
<a href="<?php echo WB_URL; ?>/account/forgot.php"><?php echo $TEXT['FORGOTTEN_DETAILS']; ?></a> |
Also available in: Unified diff
+ add languages vars in languages files
+ add upload error mesages moduleinstall
+ add index.php if not exists in function createFolderProtectFile
! corrected changed coding between login_form and forgot_form