3 UserCake Version: 2.0.2
\r
7 require_once("models/config.php");
\r
8 if (!securePage($_SERVER['PHP_SELF'])){die();}
\r
10 //User has confirmed they want their password changed
\r
11 if(!empty($_GET["confirm"]))
\r
13 $token = trim($_GET["confirm"]);
\r
15 if($token == "" || !validateActivationToken($token,TRUE))
\r
17 $errors[] = lang("FORGOTPASS_INVALID_TOKEN");
\r
21 $rand_pass = getUniqueCode(15); //Get unique code
\r
22 $secure_pass = generateHash($rand_pass); //Generate random hash
\r
23 $userdetails = fetchUserDetails(NULL,$token); //Fetchs user details
\r
24 $mail = new userCakeMail();
\r
26 //Setup our custom hooks
\r
28 "searchStrs" => array("#GENERATED-PASS#","#USERNAME#"),
\r
29 "subjectStrs" => array($rand_pass,$userdetails["display_name"])
\r
32 if(!$mail->newTemplateMsg("your-lost-password.txt",$hooks))
\r
34 $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
\r
38 if(!$mail->sendMail($userdetails["email"],"Your new password"))
\r
40 $errors[] = lang("MAIL_ERROR");
\r
44 if(!updatePasswordFromToken($secure_pass,$token))
\r
46 $errors[] = lang("SQL_ERROR");
\r
50 if(!flagLostPasswordRequest($userdetails["user_name"],0))
\r
52 $errors[] = lang("SQL_ERROR");
\r
55 $successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL");
\r
63 //User has denied this request
\r
64 if(!empty($_GET["deny"]))
\r
66 $token = trim($_GET["deny"]);
\r
68 if($token == "" || !validateActivationToken($token,TRUE))
\r
70 $errors[] = lang("FORGOTPASS_INVALID_TOKEN");
\r
75 $userdetails = fetchUserDetails(NULL,$token);
\r
77 if(!flagLostPasswordRequest($userdetails["user_name"],0))
\r
79 $errors[] = lang("SQL_ERROR");
\r
82 $successes[] = lang("FORGOTPASS_REQUEST_CANNED");
\r
90 $email = $_POST["email"];
\r
91 $username = sanitize($_POST["username"]);
\r
93 //Perform some validation
\r
94 //Feel free to edit / change as required
\r
96 if(trim($email) == "")
\r
98 $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
\r
100 //Check to ensure email is in the correct format / in the db
\r
101 else if(!isValidEmail($email) || !emailExists($email))
\r
103 $errors[] = lang("ACCOUNT_INVALID_EMAIL");
\r
106 if(trim($username) == "")
\r
108 $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
\r
110 else if(!usernameExists($username))
\r
112 $errors[] = lang("ACCOUNT_INVALID_USERNAME");
\r
115 if(count($errors) == 0)
\r
118 //Check that the username / email are associated to the same account
\r
119 if(!emailUsernameLinked($email,$username))
\r
121 $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
\r
125 //Check if the user has any outstanding lost password requests
\r
126 $userdetails = fetchUserDetails($username);
\r
127 if($userdetails["lost_password_request"] == 1)
\r
129 $errors[] = lang("FORGOTPASS_REQUEST_EXISTS");
\r
133 //Email the user asking to confirm this change password request
\r
134 //We can use the template builder here
\r
136 //We use the activation token again for the url key it gets regenerated everytime it's used.
\r
138 $mail = new userCakeMail();
\r
139 $confirm_url = lang("CONFIRM")."\n".$websiteUrl."forgot-password.php?confirm=".$userdetails["activation_token"];
\r
140 $deny_url = lang("DENY")."\n".$websiteUrl."forgot-password.php?deny=".$userdetails["activation_token"];
\r
142 //Setup our custom hooks
\r
144 "searchStrs" => array("#CONFIRM-URL#","#DENY-URL#","#USERNAME#"),
\r
145 "subjectStrs" => array($confirm_url,$deny_url,$userdetails["user_name"])
\r
148 if(!$mail->newTemplateMsg("lost-password-request.txt",$hooks))
\r
150 $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
\r
154 if(!$mail->sendMail($userdetails["email"],"Lost password request"))
\r
156 $errors[] = lang("MAIL_ERROR");
\r
160 //Update the DB to show this account has an outstanding request
\r
161 if(!flagLostPasswordRequest($userdetails["user_name"],1))
\r
163 $errors[] = lang("SQL_ERROR");
\r
167 $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS");
\r
176 require_once("models/header.php");
\r
180 <div id='top'><div id='logo'></div></div>
\r
183 <h2>Forgot Password</h2>
\r
184 <div id='left-nav'>";
\r
186 include("left-nav.php");
\r
192 echo resultBlock($errors,$successes);
\r
196 <form name='newLostPass' action='".$_SERVER['PHP_SELF']."' method='post'>
\r
198 <label>Username:</label>
\r
199 <input type='text' name='username' />
\r
202 <label>Email:</label>
\r
203 <input type='text' name='email' />
\r
206 <label> </label>
\r
207 <input type='submit' value='Submit' class='submit' />
\r
212 <div id='bottom'></div>
\r