1 |
1420
|
Luisehahne
|
<?php
|
2 |
|
|
/**
|
3 |
|
|
*
|
4 |
|
|
* @category frontend
|
5 |
|
|
* @package account
|
6 |
|
|
* @author WebsiteBaker Project
|
7 |
1719
|
Luisehahne
|
* @copyright 2009-2012, WebsiteBaker Org. e.V.
|
8 |
1420
|
Luisehahne
|
* @link http://www.websitebaker2.org/
|
9 |
|
|
* @license http://www.gnu.org/licenses/gpl.html
|
10 |
|
|
* @platform WebsiteBaker 2.8.x
|
11 |
|
|
* @requirements PHP 5.2.2 and higher
|
12 |
|
|
* @version $Id$
|
13 |
|
|
* @filesource $HeadURL$
|
14 |
|
|
* @lastmodified $Date$
|
15 |
|
|
*
|
16 |
|
|
*/
|
17 |
|
|
|
18 |
1719
|
Luisehahne
|
/* -------------------------------------------------------- */
|
19 |
|
|
// Must include code to stop this file being accessed directly
|
20 |
|
|
if(defined('WB_PATH') == false)
|
21 |
|
|
{
|
22 |
|
|
// Stop this file being access directly
|
23 |
|
|
die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
|
24 |
|
|
}
|
25 |
|
|
/* -------------------------------------------------------- */
|
26 |
1420
|
Luisehahne
|
// Check if the user has already submitted the form, otherwise show it
|
27 |
1599
|
Luisehahne
|
$message = $MESSAGE['FORGOT_PASS_NO_DATA'];
|
28 |
|
|
$errMsg ='';
|
29 |
1728
|
Luisehahne
|
|
30 |
1719
|
Luisehahne
|
$redirect_url = (isset($redirect_url) && ($redirect_url!='') ? $redirect_url : $_SESSION['HTTP_REFERER'] );
|
31 |
1742
|
Luisehahne
|
$redirect = (isset($redirect_url) && ($redirect_url!='') ? '?redirect='.$redirect_url : '' );
|
32 |
1728
|
Luisehahne
|
|
33 |
|
|
//print '<pre style="text-align: left;"><strong>function '.__FUNCTION__.'( '.''.' );</strong> basename: '.basename(__FILE__).' line: '.__LINE__.' -> <br />';
|
34 |
|
|
//print_r( $redirect_url ); print '</pre>';
|
35 |
|
|
|
36 |
1557
|
Luisehahne
|
if(isset($_POST['email']) && $_POST['email'] != "" )
|
37 |
1551
|
Luisehahne
|
{
|
38 |
1420
|
Luisehahne
|
$email = strip_tags($_POST['email']);
|
39 |
1599
|
Luisehahne
|
if($admin->validate_email($email) == false)
|
40 |
|
|
{
|
41 |
|
|
$errMsg = $MESSAGE['USERS_INVALID_EMAIL'];
|
42 |
|
|
$email = '';
|
43 |
|
|
} else {
|
44 |
1551
|
Luisehahne
|
// Check if the email exists in the database
|
45 |
|
|
$sql = 'SELECT `user_id`,`username`,`display_name`,`email`,`last_reset`,`password` '.
|
46 |
|
|
'FROM `'.TABLE_PREFIX.'users` '.
|
47 |
|
|
'WHERE `email`=\''.$wb->add_slashes($_POST['email']).'\'';
|
48 |
|
|
if(($results = $database->query($sql)))
|
49 |
|
|
{
|
50 |
|
|
if(($results_array = $results->fetchRow()))
|
51 |
|
|
{ // Get the id, username, email, and last_reset from the above db query
|
52 |
1420
|
Luisehahne
|
// Check if the password has been reset in the last 2 hours
|
53 |
1551
|
Luisehahne
|
if( (time() - (int)$results_array['last_reset']) < (2 * 3600) ) {
|
54 |
1420
|
Luisehahne
|
// Tell the user that their password cannot be reset more than once per hour
|
55 |
1599
|
Luisehahne
|
$errMsg = $MESSAGE['FORGOT_PASS_ALREADY_RESET'];
|
56 |
1551
|
Luisehahne
|
} else {
|
57 |
|
|
require_once(WB_PATH.'/framework/PasswordHash.php');
|
58 |
|
|
$pwh = new PasswordHash(0, true);
|
59 |
|
|
$old_pass = $results_array['password'];
|
60 |
1420
|
Luisehahne
|
// Generate a random password then update the database with it
|
61 |
1551
|
Luisehahne
|
$new_pass = $pwh->NewPassword();
|
62 |
|
|
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '.
|
63 |
|
|
'SET `password`=\''.$pwh->HashPassword($new_pass, true).'\', '.
|
64 |
|
|
'`last_reset`='.time().' '.
|
65 |
|
|
'WHERE `user_id`='.(int)$results_array['user_id'];
|
66 |
|
|
unset($pwh); // destroy $pwh-Object
|
67 |
|
|
if($database->query($sql))
|
68 |
|
|
{ // Setup email to send
|
69 |
|
|
$mail_to = $email;
|
70 |
|
|
$mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO'];
|
71 |
1420
|
Luisehahne
|
// Replace placeholders from language variable with values
|
72 |
1551
|
Luisehahne
|
$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
|
73 |
|
|
$replace = array($results_array['display_name'], WEBSITE_TITLE, $results_array['username'], $new_pass);
|
74 |
|
|
$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_FORGOT']);
|
75 |
1420
|
Luisehahne
|
// Try sending the email
|
76 |
1551
|
Luisehahne
|
if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) {
|
77 |
|
|
$message = $MESSAGE['FORGOT_PASS_PASSWORD_RESET'];
|
78 |
|
|
$display_form = false;
|
79 |
|
|
}else { // snd mail failed, rollback
|
80 |
|
|
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '.
|
81 |
|
|
'SET `password`=\''.$old_pass.'\' '.
|
82 |
|
|
'WHERE `user_id`='.(int)$results_array['user_id'];
|
83 |
|
|
$database->query($sql);
|
84 |
1599
|
Luisehahne
|
$errMsg = $MESSAGE['FORGOT_PASS_CANNOT_EMAIL'];
|
85 |
1551
|
Luisehahne
|
}
|
86 |
|
|
}else { // Error updating database
|
87 |
1599
|
Luisehahne
|
$errMsg = $MESSAGE['RECORD_MODIFIED_FAILED'];
|
88 |
1551
|
Luisehahne
|
if(DEBUG) {
|
89 |
|
|
$message .= '<br />'.$database->get_error();
|
90 |
|
|
$message .= '<br />'.$sql;
|
91 |
|
|
}
|
92 |
1420
|
Luisehahne
|
}
|
93 |
|
|
}
|
94 |
1551
|
Luisehahne
|
}else { // no record found - Email doesn't exist, so tell the user
|
95 |
1599
|
Luisehahne
|
$errMsg = $MESSAGE['FORGOT_PASS_EMAIL_NOT_FOUND'];
|
96 |
1420
|
Luisehahne
|
}
|
97 |
1551
|
Luisehahne
|
} else { // Query failed
|
98 |
1599
|
Luisehahne
|
$errMsg = 'SystemError:: Database query failed!';
|
99 |
1551
|
Luisehahne
|
if(DEBUG) {
|
100 |
1599
|
Luisehahne
|
$errMsg .= '<br />'.$database->get_error();
|
101 |
|
|
$errMsg .= '<br />'.$sql;
|
102 |
1551
|
Luisehahne
|
}
|
103 |
1420
|
Luisehahne
|
}
|
104 |
1599
|
Luisehahne
|
}
|
105 |
1420
|
Luisehahne
|
} else {
|
106 |
|
|
$email = '';
|
107 |
|
|
}
|
108 |
|
|
|
109 |
1599
|
Luisehahne
|
if( ($errMsg=='') && ($message != '')) {
|
110 |
|
|
// $message = $MESSAGE['FORGOT_PASS_NO_DATA'];
|
111 |
|
|
$message_color = '000000';
|
112 |
1551
|
Luisehahne
|
} else {
|
113 |
1599
|
Luisehahne
|
$message = $errMsg;
|
114 |
|
|
$message_color = 'ff0000';
|
115 |
1420
|
Luisehahne
|
}
|
116 |
1719
|
Luisehahne
|
|
117 |
|
|
// set template file and assign module and template block
|
118 |
|
|
$oTpl = new Template(dirname(__FILE__).'/htt','keep');
|
119 |
|
|
$oTpl->set_file('page', 'forgot.htt');
|
120 |
|
|
$oTpl->debug = false; // false, true
|
121 |
|
|
$oTpl->set_block('page', 'main_block', 'main');
|
122 |
|
|
|
123 |
|
|
$oTpl->set_block('main_block', 'message_block', 'message');
|
124 |
|
|
$oTpl->set_block('message', '');
|
125 |
|
|
if(!isset($display_form) OR $display_form != false) {}
|
126 |
|
|
// generell vars
|
127 |
|
|
$oTpl->set_var(array(
|
128 |
|
|
'FTAN' => $wb->getFTAN(),
|
129 |
|
|
'ACTION_URL' => WB_URL.'/account/forgot.php',
|
130 |
1742
|
Luisehahne
|
'LOGIN_URL' => WB_URL.'/account/login.php'.$redirect,
|
131 |
1719
|
Luisehahne
|
'REDIRECT_URL' => $redirect_url,
|
132 |
1728
|
Luisehahne
|
'URL' => $redirect_url,
|
133 |
1719
|
Luisehahne
|
'WB_URL' => WB_URL,
|
134 |
|
|
'THEME_URL' => THEME_URL,
|
135 |
1742
|
Luisehahne
|
'TEMPLATE_URL' => TEMPLATE_DIR,
|
136 |
1719
|
Luisehahne
|
'HTTP_REFERER' => $_SESSION['HTTP_REFERER'],
|
137 |
|
|
'MESSAGE_VALUE' => '',
|
138 |
|
|
'ERROR_VALUE' => '',
|
139 |
|
|
'THISAPP_MESSAGE_VALUE' => $message,
|
140 |
|
|
'TEXT_USERNAME' => $TEXT['USERNAME'],
|
141 |
|
|
'TEXT_EMAIL' => $TEXT['EMAIL'],
|
142 |
|
|
// 'USER_FIELDNAME' => $username_fieldname,
|
143 |
1742
|
Luisehahne
|
'TEXT_SEND_DETAILS' => $TEXT['NEW_PASSWORD'],
|
144 |
1719
|
Luisehahne
|
'TEXT_NEED_TO_LOGIN' => $TEXT['NEED_TO_LOGIN'],
|
145 |
|
|
'MENU_FORGOT' => $MENU['FORGOT'],
|
146 |
|
|
'TEXT_RESET' => $TEXT['RESET'],
|
147 |
|
|
'TEXT_CANCEL' => $TEXT['CANCEL'],
|
148 |
|
|
)
|
149 |
|
|
);
|
150 |
|
|
|
151 |
|
|
//$oTpl->parse('message', 'message_block', true);
|
152 |
|
|
$oTpl->parse('main', 'main_block', false);
|
153 |
|
|
$output = $oTpl->finish($oTpl->parse('output', 'page'));
|
154 |
|
|
unset($oTpl);
|
155 |
|
|
print $output;
|