/branches/2.8.x/wb/account/forgot_form.php - WB 2.08.x - Tracking

wb-archiv283/branches/2.8.x/wb/account/forgot_form.php @ 1792

       <?php
       /**
+       *
        * @category        frontend
        * @package         account
        * @author          WebsiteBaker Project
        * @copyright       2009-2012, WebsiteBaker Org. e.V.
        * @link			http://www.websitebaker2.org/
        * @license         http://www.gnu.org/licenses/gpl.html
        * @platform        WebsiteBaker 2.8.x
        * @requirements    PHP 5.2.2 and higher
        * @version         $Id: forgot_form.php 1792 2012-10-24 00:43:00Z Luisehahne $
        * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/account/forgot_form.php $
        * @lastmodified    $Date: 2012-10-24 02:43:00 +0200 (Wed, 24 Oct 2012) $
+       *
        */
       /* -------------------------------------------------------- */
       // Must include code to stop this file being accessed directly
       if(defined('WB_PATH') == false)
+      {
       	// Stop this file being access directly
       		die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
+      }
       /* -------------------------------------------------------- */
       // Check if the user has already submitted the form, otherwise show it
       $message = $MESSAGE['FORGOT_PASS_NO_DATA'];
       $errMsg ='';
       $redirect_url = (isset($redirect_url) && ($redirect_url!='')  ? $redirect_url : $_SESSION['HTTP_REFERER'] );
       $redirect = (isset($redirect_url) && ($redirect_url!='')  ? '?redirect='.$redirect_url : '' );
       //print '<pre style="text-align: left;"><strong>function '.__FUNCTION__.'( '.''.' );</strong>  basename: '.basename(__FILE__).'  line: '.__LINE__.' -> <br />';
       //print_r( $redirect_url ); print '</pre>';
       if(isset($_POST['email']) && $_POST['email'] != "" )
+      {
       	$email = strip_tags($_POST['email']);
       	if($admin->validate_email($email) == false)
+          {
       		$errMsg = $MESSAGE['USERS_INVALID_EMAIL'];
       		$email = '';
       	} else {
       // Check if the email exists in the database
       	$sql  = 'SELECT `user_id`,`username`,`display_name`,`email`,`last_reset`,`password` '.
       	        'FROM `'.TABLE_PREFIX.'users` '.
       	        'WHERE `email`=\''.$wb->add_slashes($_POST['email']).'\'';
       	if(($results = $database->query($sql)))
+      	{
       		if(($results_array = $results->fetchRow()))
       		{ // Get the id, username, email, and last_reset from the above db query
       		// Check if the password has been reset in the last 2 hours
       			if( (time() - (int)$results_array['last_reset']) < (2 * 3600) ) {
       			// Tell the user that their password cannot be reset more than once per hour
       				$errMsg = $MESSAGE['FORGOT_PASS_ALREADY_RESET'];
       			} else {
       				require_once(WB_PATH.'/framework/PasswordHash.php');
       				$pwh = new PasswordHash(0, true);
       				$old_pass = $results_array['password'];
       			// Generate a random password then update the database with it
       				$new_pass = $pwh->NewPassword();
       				$sql = 'UPDATE `'.TABLE_PREFIX.'users` '.
       				       'SET `password`=\''.$pwh->HashPassword($new_pass, true).'\', '.
       				           '`last_reset`='.time().' '.
       				       'WHERE `user_id`='.(int)$results_array['user_id'];
       				unset($pwh); // destroy $pwh-Object
       				if($database->query($sql))
       				{ // Setup email to send
       					$mail_to = $email;
       					$mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO'];
       				// Replace placeholders from language variable with values
       					$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
       					$replace = array($results_array['display_name'], WEBSITE_TITLE, $results_array['username'], $new_pass);
       					$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_FORGOT']);
       				// Try sending the email
       					if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) {
       						$message = $MESSAGE['FORGOT_PASS_PASSWORD_RESET'];
       						$display_form = false;
       					}else { // snd mail failed, rollback
       						$sql = 'UPDATE `'.TABLE_PREFIX.'users` '.
       						       'SET `password`=\''.$old_pass.'\' '.
       						       'WHERE `user_id`='.(int)$results_array['user_id'];
       						$database->query($sql);
       						$errMsg = $MESSAGE['FORGOT_PASS_CANNOT_EMAIL'];
+      					}
       				}else { // Error updating database
       					$errMsg = $MESSAGE['RECORD_MODIFIED_FAILED'];
       					if(DEBUG) {
       						$message .= '<br />'.$database->get_error();
       						$message .= '<br />'.$sql;
+      					}
+      				}
+      			}
       		}else { // no record found - Email doesn't exist, so tell the user
       			$errMsg = $MESSAGE['FORGOT_PASS_EMAIL_NOT_FOUND'];
+      		}
       	} else { // Query failed
       		$errMsg = 'SystemError:: Database query failed!';
       		if(DEBUG) {
       			$errMsg .= '<br />'.$database->get_error();
       			$errMsg .= '<br />'.$sql;
+      		}
+      	}
+      	}
       } else {
       	$email = '';
+      }
       if( ($errMsg=='') && ($message != '')) {
       	// $message = $MESSAGE['FORGOT_PASS_NO_DATA'];
       	$message_color = '000000';
       } else {
       	$message = $errMsg;
       	$message_color = 'ff0000';
+      }
       $sIncludeHeadLinkCss = '';
       if( is_readable(WB_PATH .'/account/frontend.css')) {
       	$sIncludeHeadLinkCss .= '<link href="'.WB_URL.'/account/frontend.css"';
       	$sIncludeHeadLinkCss .= ' rel="stylesheet" type="text/css" media="screen" />'."\n";
+      }
       // set template file and assign module and template block
       	$oTpl = new Template(dirname(__FILE__).'/htt','keep');
       	$oTpl->set_file('page', 'forgot.htt');
       	$oTpl->debug = false; // false, true
       	$oTpl->set_block('page', 'main_block', 'main');
       	$oTpl->set_block('main_block', 'message_block', 'message');
       	$oTpl->set_block('message', '');
       	if(!isset($display_form) OR $display_form != false) {}
       // generell vars
       	$oTpl->set_var(array(
       		'FTAN' => $wb->getFTAN(),
       		'ACTION_URL' => WB_URL.'/account/forgot.php',
       		'LOGIN_URL' => WB_URL.'/account/login.php'.$redirect,
       		'REDIRECT_URL' => $redirect_url,
       		'URL' => $redirect_url,
       		'WB_URL' => WB_URL,
       		'THEME_URL' => THEME_URL,
       		'TEMPLATE_URL' => TEMPLATE_DIR,
               'CSS_BLOCK'	=> $sIncludeHeadLinkCss,
       		'HTTP_REFERER' => $_SESSION['HTTP_REFERER'],
       		'MESSAGE_VALUE' => '',
       		'ERROR_VALUE' => '',
       		'THISAPP_MESSAGE_VALUE' => $message,
       		'TEXT_USERNAME' => $TEXT['USERNAME'],
       		'TEXT_EMAIL' => $TEXT['EMAIL'],
       //		'USER_FIELDNAME' => $username_fieldname,
       		'TEXT_SEND_DETAILS' => $TEXT['NEW_PASSWORD'],
       		'TEXT_NEED_TO_LOGIN' => $TEXT['NEED_TO_LOGIN'],
       		'MENU_FORGOT' => $MENU['FORGOT'],
       		'TEXT_RESET' => $TEXT['RESET'],
       		'TEXT_CANCEL' => $TEXT['CANCEL'],
+      		)
       	);
       	//$oTpl->parse('message', 'message_block', true);
       	$oTpl->parse('main', 'main_block', false);
       	$output = $oTpl->finish($oTpl->parse('output', 'page'));
       	unset($oTpl);
       	print $output;

(9-9/22)

Project

General

Profile

WB 2.08.x