<?php require_once dirname(dirname(dirname(__FILE__))) . '/config.php'; require_once dirname(dirname(dirname(__FILE__))) . '/User.php'; if (array_key_exists('recover', $_POST)) { $users = User::getUsersByEmailOrUsername(mb_convert_encoding($_POST['emailorusername'], 'UTF-8')); $subject = UserConfig::$passwordRecoveryEmailSubject; $headers = 'From: ' . UserConfig::$supportEmailFrom . "\r\n" . 'Reply-To: ' . UserConfig::$supportEmailReplyTo . "\r\n" . 'X-Mailer: ' . UserConfig::$supportEmailXMailer; if (!is_null(UserConfig::$onRenderTemporaryPasswordEmail)) { $baseurl = UserConfig::$USERSROOTFULLURL . '/login.php'; foreach ($users as $user) { $temppass = $user->generateTemporaryPassword(); $tempass_enc = urlencode($temppass); $username = $user->getUsername(); $name_enc = urlencode($username); $email = $user->getEmail(); $message = ''; eval('$message=' . UserConfig::$onRenderTemporaryPasswordEmail . '($baseurl, $username, $temppass);'); mail($email, $subject, $message, $headers); } // We always report "sent" to avoid information disclosure // e.g. letting hackers know which usernames and emails are available header('Location: ' . UserConfig::$USERSROOTURL . '/modules/usernamepass/forgotpassword.php?status=sent'); exit; } else { throw new Exception('Can\'t render temporary password email, check if UserConfig::$onRenderTemporaryPasswordEmail is set'); } } require_once UserConfig::$header; ?> <style>
public function processEditUser($user, $data) { $errors = array(); $has_username = !is_null($user->getUsername()); // don't change password if username was already set and no password fields are edited $changepass = false; // Force password setup when user sets username for the first time if (!$has_username) { $changepass = true; } else { if (array_key_exists('currentpass', $data) && array_key_exists('pass', $data) && array_key_exists('repeatpass', $data) && ($data['currentpass'] != '' || $data['pass'] != '' || $data['repeatpass'] != '')) { $changepass = true; if (!$user->checkPass($data['currentpass'])) { $errors['currentpass'][] = 'You entered wrong current password'; } } } if ($changepass) { // both passwords must be passed and non-empty if (array_key_exists('pass', $data) && array_key_exists('repeatpass', $data) && ($data['pass'] != '' || $data['repeatpass'] != '')) { if (strlen($data['pass']) < 6) { $errors['pass'][] = 'Passwords must be at least 6 characters long'; } if ($data['pass'] !== $data['repeatpass']) { $errors['repeatpass'][] = 'Passwords don\'t match'; } } else { if ($has_username) { $errors['pass'][] = 'You must specify new password'; } else { $errors['pass'][] = 'You must set password when setting username and email'; } } } // only validate username if user didn't specify it yet if (!$has_username) { if (array_key_exists('username', $data)) { $username = strtolower(trim(mb_convert_encoding($data['username'], 'UTF-8'))); if (strlen($username) < 2) { $errors['username'][] = 'Username must be at least 2 characters long'; } if (strlen($username) > 25) { $errors['username'][] = 'Username must be no more then 25 characters long'; } if (preg_match('/^[a-z][a-z0-9.]*[a-z0-9]$/', $username) !== 1) { $errors['username'][] = "Username must start with the letter and contain only latin letters, digits or '.' symbols"; } } else { $errors['username'][] = "No username passed"; } } if (array_key_exists('name', $data)) { $name = trim(mb_convert_encoding($data['name'], 'UTF-8')); if ($name == '') { $errors['name'][] = "Name can't be empty"; } } else { $errors['name'][] = 'No name specified'; } if (array_key_exists('email', $data)) { $email = trim(mb_convert_encoding($data['email'], 'UTF-8')); if (filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) { $errors['email'][] = 'Invalid email address'; } } else { $errors['email'][] = 'No email specified'; } if (!$has_username) { $existing_users = User::getUsersByEmailOrUsername($username); if (!array_key_exists('username', $errors) && (count($existing_users) > 0 && !$existing_users[0]->isTheSameAs($user))) { $errors['username'][] = "This username is already used, please pick another one"; } } $existing_users = User::getUsersByEmailOrUsername($email); if (!array_key_exists('email', $errors) && (count($existing_users) > 0 && !$existing_users[0]->isTheSameAs($user))) { $errors['email'][] = "This email is already used by another user, please enter another email address."; } if (count($errors) > 0) { throw new InputValidationException('Validation failed', 0, $errors); } if ($changepass) { $user->setPass($data['pass']); if ($has_username) { $user->recordActivity(USERBASE_ACTIVITY_UPDATEPASS); } } if (!$has_username) { $user->setUsername($username); $user->recordActivity(USERBASE_ACTIVITY_ADDED_UPASS); } $user->setName($name); $user->setEmail($email); $user->save(); $user->recordActivity(USERBASE_ACTIVITY_UPDATEUSERINFO); return true; }