testing/MCTXWeb/public_html/users/forgot-password.php

   1 <?php\r
   2 /*\r
   3 UserCake Version: 2.0.2\r
   4 http://usercake.com\r
   5 */\r
   6 \r
   7 require_once("models/config.php");\r
   8 if (!securePage($_SERVER['PHP_SELF'])){die();}\r
   9 if (isUserLoggedIn()){header("Location: index.php"); die();}\r
  10 \r
  11 //User has confirmed they want their password changed \r
  12 if(!empty($_GET["confirm"]))\r
  13 {\r
  14         $token = trim($_GET["confirm"]);\r
  15         \r
  16         if($token == "" || !validateActivationToken($token,TRUE))\r
  17         {\r
  18                 $errors[] = lang("FORGOTPASS_INVALID_TOKEN");\r
  19         }\r
  20         else\r
  21         {\r
  22                 $rand_pass = getUniqueCode(15); //Get unique code\r
  23                 $secure_pass = generateHash($rand_pass); //Generate random hash\r
  24                 $userdetails = fetchUserDetails(NULL,$token); //Fetchs user details\r
  25                 $mail = new userCakeMail();             \r
  26                 \r
  27                 //Setup our custom hooks\r
  28                 $hooks = array(\r
  29                         "searchStrs" => array("#GENERATED-PASS#","#USERNAME#"),\r
  30                         "subjectStrs" => array($rand_pass,$userdetails["display_name"])\r
  31                         );\r
  32                 \r
  33                 if(!$mail->newTemplateMsg("your-lost-password.txt",$hooks))\r
  34                 {\r
  35                         $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");\r
  36                 }\r
  37                 else\r
  38                 {       \r
  39                         if(!$mail->sendMail($userdetails["email"],"Your new password"))\r
  40                         {\r
  41                                 $errors[] = lang("MAIL_ERROR");\r
  42                         }\r
  43                         else\r
  44                         {\r
  45                                 if(!updatePasswordFromToken($secure_pass,$token))\r
  46                                 {\r
  47                                         $errors[] = lang("SQL_ERROR");\r
  48                                 }\r
  49                                 else\r
  50                                 {       \r
  51                                         if(!flagLostPasswordRequest($userdetails["user_name"],0))\r
  52                                         {\r
  53                                                 $errors[] = lang("SQL_ERROR");\r
  54                                         }\r
  55                                         else {\r
  56                                                 $successes[]  = lang("FORGOTPASS_NEW_PASS_EMAIL");\r
  57                                         }\r
  58                                 }\r
  59                         }\r
  60                 }\r
  61         }\r
  62 }\r
  63 \r
  64 //User has denied this request\r
  65 if(!empty($_GET["deny"]))\r
  66 {\r
  67         $token = trim($_GET["deny"]);\r
  68         \r
  69         if($token == "" || !validateActivationToken($token,TRUE))\r
  70         {\r
  71                 $errors[] = lang("FORGOTPASS_INVALID_TOKEN");\r
  72         }\r
  73         else\r
  74         {\r
  75                 \r
  76                 $userdetails = fetchUserDetails(NULL,$token);\r
  77                 \r
  78                 if(!flagLostPasswordRequest($userdetails["user_name"],0))\r
  79                 {\r
  80                         $errors[] = lang("SQL_ERROR");\r
  81                 }\r
  82                 else {\r
  83                         $successes[] = lang("FORGOTPASS_REQUEST_CANNED");\r
  84                 }\r
  85         }\r
  86 }\r
  87 \r
  88 //Forms posted\r
  89 if(!empty($_POST))\r
  90 {\r
  91         $email = $_POST["email"];\r
  92         $username = sanitize($_POST["username"]);\r
  93         \r
  94         //Perform some validation\r
  95         //Feel free to edit / change as required\r
  96         \r
  97         if(trim($email) == "")\r
  98         {\r
  99                 $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");\r
 100         }\r
 101         //Check to ensure email is in the correct format / in the db\r
 102         else if(!isValidEmail($email) || !emailExists($email))\r
 103         {\r
 104                 $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
 105         }\r
 106         \r
 107         if(trim($username) == "")\r
 108         {\r
 109                 $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
 110         }\r
 111         else if(!usernameExists($username))\r
 112         {\r
 113                 $errors[] = lang("ACCOUNT_INVALID_USERNAME");\r
 114         }\r
 115         \r
 116         if(count($errors) == 0)\r
 117         {\r
 118                 \r
 119                 //Check that the username / email are associated to the same account\r
 120                 if(!emailUsernameLinked($email,$username))\r
 121                 {\r
 122                         $errors[] =  lang("ACCOUNT_USER_OR_EMAIL_INVALID");\r
 123                 }\r
 124                 else\r
 125                 {\r
 126                         //Check if the user has any outstanding lost password requests\r
 127                         $userdetails = fetchUserDetails($username);\r
 128                         if($userdetails["lost_password_request"] == 1)\r
 129                         {\r
 130                                 $errors[] = lang("FORGOTPASS_REQUEST_EXISTS");\r
 131                         }\r
 132                         else\r
 133                         {\r
 134                                 //Email the user asking to confirm this change password request\r
 135                                 //We can use the template builder here\r
 136                                 \r
 137                                 //We use the activation token again for the url key it gets regenerated everytime it's used.\r
 138                                 \r
 139                                 $mail = new userCakeMail();\r
 140                                 $confirm_url = lang("CONFIRM")."\n".$websiteUrl."forgot-password.php?confirm=".$userdetails["activation_token"];\r
 141                                 $deny_url = lang("DENY")."\n".$websiteUrl."forgot-password.php?deny=".$userdetails["activation_token"];\r
 142                                 \r
 143                                 //Setup our custom hooks\r
 144                                 $hooks = array(\r
 145                                         "searchStrs" => array("#CONFIRM-URL#","#DENY-URL#","#USERNAME#"),\r
 146                                         "subjectStrs" => array($confirm_url,$deny_url,$userdetails["user_name"])\r
 147                                         );\r
 148                                 \r
 149                                 if(!$mail->newTemplateMsg("lost-password-request.txt",$hooks))\r
 150                                 {\r
 151                                         $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");\r
 152                                 }\r
 153                                 else\r
 154                                 {\r
 155                                         if(!$mail->sendMail($userdetails["email"],"Lost password request"))\r
 156                                         {\r
 157                                                 $errors[] = lang("MAIL_ERROR");\r
 158                                         }\r
 159                                         else\r
 160                                         {\r
 161                                                 //Update the DB to show this account has an outstanding request\r
 162                                                 if(!flagLostPasswordRequest($userdetails["user_name"],1))\r
 163                                                 {\r
 164                                                         $errors[] = lang("SQL_ERROR");\r
 165                                                 }\r
 166                                                 else {\r
 167                                                         \r
 168                                                         $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS");\r
 169                                                 }\r
 170                                         }\r
 171                                 }\r
 172                         }\r
 173                 }\r
 174         }\r
 175 }\r
 176 \r
 177 require_once("models/header.php");\r
 178 startPage();\r
 179 \r
 180 //echo notificationBlock($errors,$successes);\r
 181 \r
 182 echo "\r
 183 <div id='login-container'>\r
 184 <div class='widget'><div class='title centre'>Forgot password</div>";\r
 185 \r
 186 echo "\r
 187 <div id='regbox'>\r
 188 <form name='newLostPass' action='".$_SERVER['PHP_SELF']."' method='post'>\r
 189 <p>\r
 190 <label>Username:</label>\r
 191 <input type='text' name='username' />\r
 192 </p>\r
 193 <p>    \r
 194 <label>Email:</label>\r
 195 <input type='text' name='email' />\r
 196 </p>\r
 197 <p>\r
 198 <label>&nbsp;</label>\r
 199 <input type='submit' value='Submit' class='submit' />\r
 200 </p>";\r
 201 echo resultBlock($errors,$successes);\r
 202 \r
 203 echo "\r
 204 </form>\r
 205 </div>\r
 206 </div>\r
 207 </div>";\r
 208 \r
 209 finishPage();\r
 210 \r
 211 ?>\r