/branches/2.8.x/wb/account/forgot_form.php - Annotate - WB 2.08.x - Tracking

wb-archiv283/branches/2.8.x/wb/account/forgot_form.php @ 1773

-            Luisehahne
+<?php
 /**
+ *
  * @category        frontend
  * @package         account
  * @author          WebsiteBaker Project
-            Luisehahne
+ * @copyright       2009-2012, WebsiteBaker Org. e.V.
-            Luisehahne
+ * @link			http://www.websitebaker2.org/
  * @license         http://www.gnu.org/licenses/gpl.html
  * @platform        WebsiteBaker 2.8.x
  * @requirements    PHP 5.2.2 and higher
  * @version         $Id$
  * @filesource		$HeadURL$
  * @lastmodified    $Date$
+ *
  */
-            Luisehahne
+/* -------------------------------------------------------- */
 // Must include code to stop this file being accessed directly
 if(defined('WB_PATH') == false)
+{
 	// Stop this file being access directly
 		die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
+}
 /* -------------------------------------------------------- */
-            Luisehahne
+// Check if the user has already submitted the form, otherwise show it
-            Luisehahne
+$message = $MESSAGE['FORGOT_PASS_NO_DATA'];
 $errMsg ='';
             Luisehahne
-            Luisehahne
+$redirect_url = (isset($redirect_url) && ($redirect_url!='')  ? $redirect_url : $_SESSION['HTTP_REFERER'] );
-            Luisehahne
+$redirect = (isset($redirect_url) && ($redirect_url!='')  ? '?redirect='.$redirect_url : '' );
             Luisehahne
 //print '<pre style="text-align: left;"><strong>function '.__FUNCTION__.'( '.''.' );</strong>  basename: '.basename(__FILE__).'  line: '.__LINE__.' -> <br />';
 //print_r( $redirect_url ); print '</pre>';
-            Luisehahne
+if(isset($_POST['email']) && $_POST['email'] != "" )
             Luisehahne
-            Luisehahne
+	$email = strip_tags($_POST['email']);
-            Luisehahne
+	if($admin->validate_email($email) == false)
+    {
 		$errMsg = $MESSAGE['USERS_INVALID_EMAIL'];
 		$email = '';
 	} else {
-            Luisehahne
+// Check if the email exists in the database
 	$sql  = 'SELECT `user_id`,`username`,`display_name`,`email`,`last_reset`,`password` '.
 	        'FROM `'.TABLE_PREFIX.'users` '.
 	        'WHERE `email`=\''.$wb->add_slashes($_POST['email']).'\'';
 	if(($results = $database->query($sql)))
+	{
 		if(($results_array = $results->fetchRow()))
 		{ // Get the id, username, email, and last_reset from the above db query
-            Luisehahne
+		// Check if the password has been reset in the last 2 hours
-            Luisehahne
+			if( (time() - (int)$results_array['last_reset']) < (2 * 3600) ) {
-            Luisehahne
+			// Tell the user that their password cannot be reset more than once per hour
-            Luisehahne
+				$errMsg = $MESSAGE['FORGOT_PASS_ALREADY_RESET'];
-            Luisehahne
+			} else {
 				require_once(WB_PATH.'/framework/PasswordHash.php');
 				$pwh = new PasswordHash(0, true);
 				$old_pass = $results_array['password'];
-            Luisehahne
+			// Generate a random password then update the database with it
-            Luisehahne
+				$new_pass = $pwh->NewPassword();
 				$sql = 'UPDATE `'.TABLE_PREFIX.'users` '.
 				       'SET `password`=\''.$pwh->HashPassword($new_pass, true).'\', '.
 				           '`last_reset`='.time().' '.
 				       'WHERE `user_id`='.(int)$results_array['user_id'];
 				unset($pwh); // destroy $pwh-Object
 				if($database->query($sql))
 				{ // Setup email to send
 					$mail_to = $email;
 					$mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO'];
-            Luisehahne
+				// Replace placeholders from language variable with values
-            Luisehahne
+					$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
 					$replace = array($results_array['display_name'], WEBSITE_TITLE, $results_array['username'], $new_pass);
 					$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_FORGOT']);
-            Luisehahne
+				// Try sending the email
-            Luisehahne
+					if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) {
 						$message = $MESSAGE['FORGOT_PASS_PASSWORD_RESET'];
 						$display_form = false;
 					}else { // snd mail failed, rollback
 						$sql = 'UPDATE `'.TABLE_PREFIX.'users` '.
 						       'SET `password`=\''.$old_pass.'\' '.
 						       'WHERE `user_id`='.(int)$results_array['user_id'];
 						$database->query($sql);
-            Luisehahne
+						$errMsg = $MESSAGE['FORGOT_PASS_CANNOT_EMAIL'];
             Luisehahne
 				}else { // Error updating database
-            Luisehahne
+					$errMsg = $MESSAGE['RECORD_MODIFIED_FAILED'];
-            Luisehahne
+					if(DEBUG) {
 						$message .= '<br />'.$database->get_error();
 						$message .= '<br />'.$sql;
+					}
             Luisehahne
+			}
-            Luisehahne
+		}else { // no record found - Email doesn't exist, so tell the user
-            Luisehahne
+			$errMsg = $MESSAGE['FORGOT_PASS_EMAIL_NOT_FOUND'];
             Luisehahne
-            Luisehahne
+	} else { // Query failed
-            Luisehahne
+		$errMsg = 'SystemError:: Database query failed!';
-            Luisehahne
+		if(DEBUG) {
-            Luisehahne
+			$errMsg .= '<br />'.$database->get_error();
 			$errMsg .= '<br />'.$sql;
             Luisehahne
             Luisehahne
             Luisehahne
-            Luisehahne
+} else {
 	$email = '';
+}
-            Luisehahne
+if( ($errMsg=='') && ($message != '')) {
 	// $message = $MESSAGE['FORGOT_PASS_NO_DATA'];
 	$message_color = '000000';
-            Luisehahne
+} else {
-            Luisehahne
+	$message = $errMsg;
 	$message_color = 'ff0000';
             Luisehahne
             Luisehahne
 // set template file and assign module and template block
 	$oTpl = new Template(dirname(__FILE__).'/htt','keep');
 	$oTpl->set_file('page', 'forgot.htt');
 	$oTpl->debug = false; // false, true
 	$oTpl->set_block('page', 'main_block', 'main');
 	$oTpl->set_block('main_block', 'message_block', 'message');
 	$oTpl->set_block('message', '');
 	if(!isset($display_form) OR $display_form != false) {}
 // generell vars
 	$oTpl->set_var(array(
 		'FTAN' => $wb->getFTAN(),
 		'ACTION_URL' => WB_URL.'/account/forgot.php',
-            Luisehahne
+		'LOGIN_URL' => WB_URL.'/account/login.php'.$redirect,
-            Luisehahne
+		'REDIRECT_URL' => $redirect_url,
-            Luisehahne
+		'URL' => $redirect_url,
-            Luisehahne
+		'WB_URL' => WB_URL,
 		'THEME_URL' => THEME_URL,
-            Luisehahne
+		'TEMPLATE_URL' => TEMPLATE_DIR,
-            Luisehahne
+		'HTTP_REFERER' => $_SESSION['HTTP_REFERER'],
 		'MESSAGE_VALUE' => '',
 		'ERROR_VALUE' => '',
 		'THISAPP_MESSAGE_VALUE' => $message,
 		'TEXT_USERNAME' => $TEXT['USERNAME'],
 		'TEXT_EMAIL' => $TEXT['EMAIL'],
 //		'USER_FIELDNAME' => $username_fieldname,
-            Luisehahne
+		'TEXT_SEND_DETAILS' => $TEXT['NEW_PASSWORD'],
-            Luisehahne
+		'TEXT_NEED_TO_LOGIN' => $TEXT['NEED_TO_LOGIN'],
 		'MENU_FORGOT' => $MENU['FORGOT'],
 		'TEXT_RESET' => $TEXT['RESET'],
 		'TEXT_CANCEL' => $TEXT['CANCEL'],
+		)
 	);
 	//$oTpl->parse('message', 'message_block', true);
 	$oTpl->parse('main', 'main_block', false);
 	$output = $oTpl->finish($oTpl->parse('output', 'page'));
 	unset($oTpl);
 	print $output;

Project

General

Profile

WB 2.08.x