3 UserCake Version: 2.0.2
\r
7 require_once("models/config.php");
\r
8 if (!securePage($_SERVER['PHP_SELF'])){die();}
\r
9 if (isUserLoggedIn()){header("Location: index.php"); die();}
\r
11 //User has confirmed they want their password changed
\r
12 if(!empty($_GET["confirm"]))
\r
14 $token = trim($_GET["confirm"]);
\r
16 if($token == "" || !validateActivationToken($token,TRUE))
\r
18 $errors[] = lang("FORGOTPASS_INVALID_TOKEN");
\r
22 $rand_pass = getUniqueCode(15); //Get unique code
\r
23 $secure_pass = generateHash($rand_pass); //Generate random hash
\r
24 $userdetails = fetchUserDetails(NULL,$token); //Fetchs user details
\r
25 $mail = new userCakeMail();
\r
27 //Setup our custom hooks
\r
29 "searchStrs" => array("#GENERATED-PASS#","#USERNAME#"),
\r
30 "subjectStrs" => array($rand_pass,$userdetails["display_name"])
\r
33 if(!$mail->newTemplateMsg("your-lost-password.txt",$hooks))
\r
35 $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
\r
39 if(!$mail->sendMail($userdetails["email"],"Your new password"))
\r
41 $errors[] = lang("MAIL_ERROR");
\r
45 if(!updatePasswordFromToken($secure_pass,$token))
\r
47 $errors[] = lang("SQL_ERROR");
\r
51 if(!flagLostPasswordRequest($userdetails["user_name"],0))
\r
53 $errors[] = lang("SQL_ERROR");
\r
56 $successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL");
\r
64 //User has denied this request
\r
65 if(!empty($_GET["deny"]))
\r
67 $token = trim($_GET["deny"]);
\r
69 if($token == "" || !validateActivationToken($token,TRUE))
\r
71 $errors[] = lang("FORGOTPASS_INVALID_TOKEN");
\r
76 $userdetails = fetchUserDetails(NULL,$token);
\r
78 if(!flagLostPasswordRequest($userdetails["user_name"],0))
\r
80 $errors[] = lang("SQL_ERROR");
\r
83 $successes[] = lang("FORGOTPASS_REQUEST_CANNED");
\r
91 $email = $_POST["email"];
\r
92 $username = sanitize($_POST["username"]);
\r
94 //Perform some validation
\r
95 //Feel free to edit / change as required
\r
97 if(trim($email) == "")
\r
99 $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
\r
101 //Check to ensure email is in the correct format / in the db
\r
102 else if(!isValidEmail($email) || !emailExists($email))
\r
104 $errors[] = lang("ACCOUNT_INVALID_EMAIL");
\r
107 if(trim($username) == "")
\r
109 $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
\r
111 else if(!usernameExists($username))
\r
113 $errors[] = lang("ACCOUNT_INVALID_USERNAME");
\r
116 if(count($errors) == 0)
\r
119 //Check that the username / email are associated to the same account
\r
120 if(!emailUsernameLinked($email,$username))
\r
122 $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
\r
126 //Check if the user has any outstanding lost password requests
\r
127 $userdetails = fetchUserDetails($username);
\r
128 if($userdetails["lost_password_request"] == 1)
\r
130 $errors[] = lang("FORGOTPASS_REQUEST_EXISTS");
\r
134 //Email the user asking to confirm this change password request
\r
135 //We can use the template builder here
\r
137 //We use the activation token again for the url key it gets regenerated everytime it's used.
\r
139 $mail = new userCakeMail();
\r
140 $confirm_url = lang("CONFIRM")."\n".$websiteUrl."forgot-password.php?confirm=".$userdetails["activation_token"];
\r
141 $deny_url = lang("DENY")."\n".$websiteUrl."forgot-password.php?deny=".$userdetails["activation_token"];
\r
143 //Setup our custom hooks
\r
145 "searchStrs" => array("#CONFIRM-URL#","#DENY-URL#","#USERNAME#"),
\r
146 "subjectStrs" => array($confirm_url,$deny_url,$userdetails["user_name"])
\r
149 if(!$mail->newTemplateMsg("lost-password-request.txt",$hooks))
\r
151 $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
\r
155 if(!$mail->sendMail($userdetails["email"],"Lost password request"))
\r
157 $errors[] = lang("MAIL_ERROR");
\r
161 //Update the DB to show this account has an outstanding request
\r
162 if(!flagLostPasswordRequest($userdetails["user_name"],1))
\r
164 $errors[] = lang("SQL_ERROR");
\r
168 $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS");
\r
177 require_once("models/header.php");
\r
180 //echo notificationBlock($errors,$successes);
\r
183 <div id='login-container'>
\r
184 <div class='widget'><div class='title centre'>Forgot password</div>";
\r
188 <form name='newLostPass' action='".$_SERVER['PHP_SELF']."' method='post'>
\r
190 <label>Username:</label>
\r
191 <input type='text' name='username' />
\r
194 <label>Email:</label>
\r
195 <input type='text' name='email' />
\r
198 <label> </label>
\r
199 <input type='submit' value='Submit' class='submit' />
\r
201 echo resultBlock($errors,$successes);
\r