testing/MCTXWeb/public_html/users/forgot-password.php

   1 <?php\r
   2 /*\r
   3 UserCake Version: 2.0.2\r
   4 http://usercake.com\r
   5 */\r
   6 \r
   7 require_once("models/config.php");\r
   8 if (!securePage($_SERVER['PHP_SELF'])){die();}\r
   9 \r
  10 //User has confirmed they want their password changed \r
  11 if(!empty($_GET["confirm"]))\r
  12 {\r
  13         $token = trim($_GET["confirm"]);\r
  14         \r
  15         if($token == "" || !validateActivationToken($token,TRUE))\r
  16         {\r
  17                 $errors[] = lang("FORGOTPASS_INVALID_TOKEN");\r
  18         }\r
  19         else\r
  20         {\r
  21                 $rand_pass = getUniqueCode(15); //Get unique code\r
  22                 $secure_pass = generateHash($rand_pass); //Generate random hash\r
  23                 $userdetails = fetchUserDetails(NULL,$token); //Fetchs user details\r
  24                 $mail = new userCakeMail();             \r
  25                 \r
  26                 //Setup our custom hooks\r
  27                 $hooks = array(\r
  28                         "searchStrs" => array("#GENERATED-PASS#","#USERNAME#"),\r
  29                         "subjectStrs" => array($rand_pass,$userdetails["display_name"])\r
  30                         );\r
  31                 \r
  32                 if(!$mail->newTemplateMsg("your-lost-password.txt",$hooks))\r
  33                 {\r
  34                         $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");\r
  35                 }\r
  36                 else\r
  37                 {       \r
  38                         if(!$mail->sendMail($userdetails["email"],"Your new password"))\r
  39                         {\r
  40                                 $errors[] = lang("MAIL_ERROR");\r
  41                         }\r
  42                         else\r
  43                         {\r
  44                                 if(!updatePasswordFromToken($secure_pass,$token))\r
  45                                 {\r
  46                                         $errors[] = lang("SQL_ERROR");\r
  47                                 }\r
  48                                 else\r
  49                                 {       \r
  50                                         if(!flagLostPasswordRequest($userdetails["user_name"],0))\r
  51                                         {\r
  52                                                 $errors[] = lang("SQL_ERROR");\r
  53                                         }\r
  54                                         else {\r
  55                                                 $successes[]  = lang("FORGOTPASS_NEW_PASS_EMAIL");\r
  56                                         }\r
  57                                 }\r
  58                         }\r
  59                 }\r
  60         }\r
  61 }\r
  62 \r
  63 //User has denied this request\r
  64 if(!empty($_GET["deny"]))\r
  65 {\r
  66         $token = trim($_GET["deny"]);\r
  67         \r
  68         if($token == "" || !validateActivationToken($token,TRUE))\r
  69         {\r
  70                 $errors[] = lang("FORGOTPASS_INVALID_TOKEN");\r
  71         }\r
  72         else\r
  73         {\r
  74                 \r
  75                 $userdetails = fetchUserDetails(NULL,$token);\r
  76                 \r
  77                 if(!flagLostPasswordRequest($userdetails["user_name"],0))\r
  78                 {\r
  79                         $errors[] = lang("SQL_ERROR");\r
  80                 }\r
  81                 else {\r
  82                         $successes[] = lang("FORGOTPASS_REQUEST_CANNED");\r
  83                 }\r
  84         }\r
  85 }\r
  86 \r
  87 //Forms posted\r
  88 if(!empty($_POST))\r
  89 {\r
  90         $email = $_POST["email"];\r
  91         $username = sanitize($_POST["username"]);\r
  92         \r
  93         //Perform some validation\r
  94         //Feel free to edit / change as required\r
  95         \r
  96         if(trim($email) == "")\r
  97         {\r
  98                 $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");\r
  99         }\r
 100         //Check to ensure email is in the correct format / in the db\r
 101         else if(!isValidEmail($email) || !emailExists($email))\r
 102         {\r
 103                 $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
 104         }\r
 105         \r
 106         if(trim($username) == "")\r
 107         {\r
 108                 $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
 109         }\r
 110         else if(!usernameExists($username))\r
 111         {\r
 112                 $errors[] = lang("ACCOUNT_INVALID_USERNAME");\r
 113         }\r
 114         \r
 115         if(count($errors) == 0)\r
 116         {\r
 117                 \r
 118                 //Check that the username / email are associated to the same account\r
 119                 if(!emailUsernameLinked($email,$username))\r
 120                 {\r
 121                         $errors[] =  lang("ACCOUNT_USER_OR_EMAIL_INVALID");\r
 122                 }\r
 123                 else\r
 124                 {\r
 125                         //Check if the user has any outstanding lost password requests\r
 126                         $userdetails = fetchUserDetails($username);\r
 127                         if($userdetails["lost_password_request"] == 1)\r
 128                         {\r
 129                                 $errors[] = lang("FORGOTPASS_REQUEST_EXISTS");\r
 130                         }\r
 131                         else\r
 132                         {\r
 133                                 //Email the user asking to confirm this change password request\r
 134                                 //We can use the template builder here\r
 135                                 \r
 136                                 //We use the activation token again for the url key it gets regenerated everytime it's used.\r
 137                                 \r
 138                                 $mail = new userCakeMail();\r
 139                                 $confirm_url = lang("CONFIRM")."\n".$websiteUrl."forgot-password.php?confirm=".$userdetails["activation_token"];\r
 140                                 $deny_url = lang("DENY")."\n".$websiteUrl."forgot-password.php?deny=".$userdetails["activation_token"];\r
 141                                 \r
 142                                 //Setup our custom hooks\r
 143                                 $hooks = array(\r
 144                                         "searchStrs" => array("#CONFIRM-URL#","#DENY-URL#","#USERNAME#"),\r
 145                                         "subjectStrs" => array($confirm_url,$deny_url,$userdetails["user_name"])\r
 146                                         );\r
 147                                 \r
 148                                 if(!$mail->newTemplateMsg("lost-password-request.txt",$hooks))\r
 149                                 {\r
 150                                         $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");\r
 151                                 }\r
 152                                 else\r
 153                                 {\r
 154                                         if(!$mail->sendMail($userdetails["email"],"Lost password request"))\r
 155                                         {\r
 156                                                 $errors[] = lang("MAIL_ERROR");\r
 157                                         }\r
 158                                         else\r
 159                                         {\r
 160                                                 //Update the DB to show this account has an outstanding request\r
 161                                                 if(!flagLostPasswordRequest($userdetails["user_name"],1))\r
 162                                                 {\r
 163                                                         $errors[] = lang("SQL_ERROR");\r
 164                                                 }\r
 165                                                 else {\r
 166                                                         \r
 167                                                         $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS");\r
 168                                                 }\r
 169                                         }\r
 170                                 }\r
 171                         }\r
 172                 }\r
 173         }\r
 174 }\r
 175 \r
 176 require_once("models/header.php");\r
 177 echo "\r
 178 <body>\r
 179 <div id='wrapper'>\r
 180 <div id='top'><div id='logo'></div></div>\r
 181 <div id='content'>\r
 182 <h1>UserCake</h1>\r
 183 <h2>Forgot Password</h2>\r
 184 <div id='left-nav'>";\r
 185 \r
 186 include("left-nav.php");\r
 187 \r
 188 echo "\r
 189 </div>\r
 190 <div id='main'>";\r
 191 \r
 192 echo resultBlock($errors,$successes);\r
 193 \r
 194 echo "\r
 195 <div id='regbox'>\r
 196 <form name='newLostPass' action='".$_SERVER['PHP_SELF']."' method='post'>\r
 197 <p>\r
 198 <label>Username:</label>\r
 199 <input type='text' name='username' />\r
 200 </p>\r
 201 <p>    \r
 202 <label>Email:</label>\r
 203 <input type='text' name='email' />\r
 204 </p>\r
 205 <p>\r
 206 <label>&nbsp;</label>\r
 207 <input type='submit' value='Submit' class='submit' />\r
 208 </p>\r
 209 </form>\r
 210 </div>\r
 211 </div>\r
 212 <div id='bottom'></div>\r
 213 </div>\r
 214 </body>\r
 215 </html>";\r
 216 \r
 217 ?>\r