1
|
<?php
|
2
|
/**
|
3
|
*
|
4
|
* @category frontend
|
5
|
* @package account
|
6
|
* @author WebsiteBaker Project
|
7
|
* @copyright 2009-2012, WebsiteBaker Org. e.V.
|
8
|
* @link http://www.websitebaker2.org/
|
9
|
* @license http://www.gnu.org/licenses/gpl.html
|
10
|
* @platform WebsiteBaker 2.8.x
|
11
|
* @requirements PHP 5.2.2 and higher
|
12
|
* @version $Id: forgot_form.php 1742 2012-09-07 00:50:09Z Luisehahne $
|
13
|
* @filesource $HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/account/forgot_form.php $
|
14
|
* @lastmodified $Date: 2012-09-07 02:50:09 +0200 (Fri, 07 Sep 2012) $
|
15
|
*
|
16
|
*/
|
17
|
|
18
|
/* -------------------------------------------------------- */
|
19
|
// Must include code to stop this file being accessed directly
|
20
|
if(defined('WB_PATH') == false)
|
21
|
{
|
22
|
// Stop this file being access directly
|
23
|
die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
|
24
|
}
|
25
|
/* -------------------------------------------------------- */
|
26
|
// Check if the user has already submitted the form, otherwise show it
|
27
|
$message = $MESSAGE['FORGOT_PASS_NO_DATA'];
|
28
|
$errMsg ='';
|
29
|
|
30
|
$redirect_url = (isset($redirect_url) && ($redirect_url!='') ? $redirect_url : $_SESSION['HTTP_REFERER'] );
|
31
|
$redirect = (isset($redirect_url) && ($redirect_url!='') ? '?redirect='.$redirect_url : '' );
|
32
|
|
33
|
//print '<pre style="text-align: left;"><strong>function '.__FUNCTION__.'( '.''.' );</strong> basename: '.basename(__FILE__).' line: '.__LINE__.' -> <br />';
|
34
|
//print_r( $redirect_url ); print '</pre>';
|
35
|
|
36
|
if(isset($_POST['email']) && $_POST['email'] != "" )
|
37
|
{
|
38
|
$email = strip_tags($_POST['email']);
|
39
|
if($admin->validate_email($email) == false)
|
40
|
{
|
41
|
$errMsg = $MESSAGE['USERS_INVALID_EMAIL'];
|
42
|
$email = '';
|
43
|
} else {
|
44
|
// Check if the email exists in the database
|
45
|
$sql = 'SELECT `user_id`,`username`,`display_name`,`email`,`last_reset`,`password` '.
|
46
|
'FROM `'.TABLE_PREFIX.'users` '.
|
47
|
'WHERE `email`=\''.$wb->add_slashes($_POST['email']).'\'';
|
48
|
if(($results = $database->query($sql)))
|
49
|
{
|
50
|
if(($results_array = $results->fetchRow()))
|
51
|
{ // Get the id, username, email, and last_reset from the above db query
|
52
|
// Check if the password has been reset in the last 2 hours
|
53
|
if( (time() - (int)$results_array['last_reset']) < (2 * 3600) ) {
|
54
|
// Tell the user that their password cannot be reset more than once per hour
|
55
|
$errMsg = $MESSAGE['FORGOT_PASS_ALREADY_RESET'];
|
56
|
} else {
|
57
|
require_once(WB_PATH.'/framework/PasswordHash.php');
|
58
|
$pwh = new PasswordHash(0, true);
|
59
|
$old_pass = $results_array['password'];
|
60
|
// Generate a random password then update the database with it
|
61
|
$new_pass = $pwh->NewPassword();
|
62
|
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '.
|
63
|
'SET `password`=\''.$pwh->HashPassword($new_pass, true).'\', '.
|
64
|
'`last_reset`='.time().' '.
|
65
|
'WHERE `user_id`='.(int)$results_array['user_id'];
|
66
|
unset($pwh); // destroy $pwh-Object
|
67
|
if($database->query($sql))
|
68
|
{ // Setup email to send
|
69
|
$mail_to = $email;
|
70
|
$mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO'];
|
71
|
// Replace placeholders from language variable with values
|
72
|
$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
|
73
|
$replace = array($results_array['display_name'], WEBSITE_TITLE, $results_array['username'], $new_pass);
|
74
|
$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_FORGOT']);
|
75
|
// Try sending the email
|
76
|
if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) {
|
77
|
$message = $MESSAGE['FORGOT_PASS_PASSWORD_RESET'];
|
78
|
$display_form = false;
|
79
|
}else { // snd mail failed, rollback
|
80
|
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '.
|
81
|
'SET `password`=\''.$old_pass.'\' '.
|
82
|
'WHERE `user_id`='.(int)$results_array['user_id'];
|
83
|
$database->query($sql);
|
84
|
$errMsg = $MESSAGE['FORGOT_PASS_CANNOT_EMAIL'];
|
85
|
}
|
86
|
}else { // Error updating database
|
87
|
$errMsg = $MESSAGE['RECORD_MODIFIED_FAILED'];
|
88
|
if(DEBUG) {
|
89
|
$message .= '<br />'.$database->get_error();
|
90
|
$message .= '<br />'.$sql;
|
91
|
}
|
92
|
}
|
93
|
}
|
94
|
}else { // no record found - Email doesn't exist, so tell the user
|
95
|
$errMsg = $MESSAGE['FORGOT_PASS_EMAIL_NOT_FOUND'];
|
96
|
}
|
97
|
} else { // Query failed
|
98
|
$errMsg = 'SystemError:: Database query failed!';
|
99
|
if(DEBUG) {
|
100
|
$errMsg .= '<br />'.$database->get_error();
|
101
|
$errMsg .= '<br />'.$sql;
|
102
|
}
|
103
|
}
|
104
|
}
|
105
|
} else {
|
106
|
$email = '';
|
107
|
}
|
108
|
|
109
|
if( ($errMsg=='') && ($message != '')) {
|
110
|
// $message = $MESSAGE['FORGOT_PASS_NO_DATA'];
|
111
|
$message_color = '000000';
|
112
|
} else {
|
113
|
$message = $errMsg;
|
114
|
$message_color = 'ff0000';
|
115
|
}
|
116
|
|
117
|
// set template file and assign module and template block
|
118
|
$oTpl = new Template(dirname(__FILE__).'/htt','keep');
|
119
|
$oTpl->set_file('page', 'forgot.htt');
|
120
|
$oTpl->debug = false; // false, true
|
121
|
$oTpl->set_block('page', 'main_block', 'main');
|
122
|
|
123
|
$oTpl->set_block('main_block', 'message_block', 'message');
|
124
|
$oTpl->set_block('message', '');
|
125
|
if(!isset($display_form) OR $display_form != false) {}
|
126
|
// generell vars
|
127
|
$oTpl->set_var(array(
|
128
|
'FTAN' => $wb->getFTAN(),
|
129
|
'ACTION_URL' => WB_URL.'/account/forgot.php',
|
130
|
'LOGIN_URL' => WB_URL.'/account/login.php'.$redirect,
|
131
|
'REDIRECT_URL' => $redirect_url,
|
132
|
'URL' => $redirect_url,
|
133
|
'WB_URL' => WB_URL,
|
134
|
'THEME_URL' => THEME_URL,
|
135
|
'TEMPLATE_URL' => TEMPLATE_DIR,
|
136
|
'HTTP_REFERER' => $_SESSION['HTTP_REFERER'],
|
137
|
'MESSAGE_VALUE' => '',
|
138
|
'ERROR_VALUE' => '',
|
139
|
'THISAPP_MESSAGE_VALUE' => $message,
|
140
|
'TEXT_USERNAME' => $TEXT['USERNAME'],
|
141
|
'TEXT_EMAIL' => $TEXT['EMAIL'],
|
142
|
// 'USER_FIELDNAME' => $username_fieldname,
|
143
|
'TEXT_SEND_DETAILS' => $TEXT['NEW_PASSWORD'],
|
144
|
'TEXT_NEED_TO_LOGIN' => $TEXT['NEED_TO_LOGIN'],
|
145
|
'MENU_FORGOT' => $MENU['FORGOT'],
|
146
|
'TEXT_RESET' => $TEXT['RESET'],
|
147
|
'TEXT_CANCEL' => $TEXT['CANCEL'],
|
148
|
)
|
149
|
);
|
150
|
|
151
|
//$oTpl->parse('message', 'message_block', true);
|
152
|
$oTpl->parse('main', 'main_block', false);
|
153
|
$output = $oTpl->finish($oTpl->parse('output', 'page'));
|
154
|
unset($oTpl);
|
155
|
print $output;
|