<?php
require_once dirname(dirname(dirname(__FILE__))) . '/config.php';
require_once dirname(dirname(dirname(__FILE__))) . '/User.php';
if (array_key_exists('recover', $_POST)) {
$users = User::getUsersByEmailOrUsername(mb_convert_encoding($_POST['emailorusername'], 'UTF-8'));
$subject = UserConfig::$passwordRecoveryEmailSubject;
$headers = 'From: ' . UserConfig::$supportEmailFrom . "\r\n" . 'Reply-To: ' . UserConfig::$supportEmailReplyTo . "\r\n" . 'X-Mailer: ' . UserConfig::$supportEmailXMailer;
if (!is_null(UserConfig::$onRenderTemporaryPasswordEmail)) {
$baseurl = UserConfig::$USERSROOTFULLURL . '/login.php';
foreach ($users as $user) {
$temppass = $user->generateTemporaryPassword();
$tempass_enc = urlencode($temppass);
$username = $user->getUsername();
$name_enc = urlencode($username);
$email = $user->getEmail();
$message = '';
eval('$message=' . UserConfig::$onRenderTemporaryPasswordEmail . '($baseurl, $username, $temppass);');
mail($email, $subject, $message, $headers);
}
// We always report "sent" to avoid information disclosure
// e.g. letting hackers know which usernames and emails are available
header('Location: ' . UserConfig::$USERSROOTURL . '/modules/usernamepass/forgotpassword.php?status=sent');
exit;
} else {
throw new Exception('Can\'t render temporary password email, check if UserConfig::$onRenderTemporaryPasswordEmail is set');
}
}
require_once UserConfig::$header;
?>
<style>
public function processEditUser($user, $data)
{
$errors = array();
$has_username = !is_null($user->getUsername());
// don't change password if username was already set and no password fields are edited
$changepass = false;
// Force password setup when user sets username for the first time
if (!$has_username) {
$changepass = true;
} else {
if (array_key_exists('currentpass', $data) && array_key_exists('pass', $data) && array_key_exists('repeatpass', $data) && ($data['currentpass'] != '' || $data['pass'] != '' || $data['repeatpass'] != '')) {
$changepass = true;
if (!$user->checkPass($data['currentpass'])) {
$errors['currentpass'][] = 'You entered wrong current password';
}
}
}
if ($changepass) {
// both passwords must be passed and non-empty
if (array_key_exists('pass', $data) && array_key_exists('repeatpass', $data) && ($data['pass'] != '' || $data['repeatpass'] != '')) {
if (strlen($data['pass']) < 6) {
$errors['pass'][] = 'Passwords must be at least 6 characters long';
}
if ($data['pass'] !== $data['repeatpass']) {
$errors['repeatpass'][] = 'Passwords don\'t match';
}
} else {
if ($has_username) {
$errors['pass'][] = 'You must specify new password';
} else {
$errors['pass'][] = 'You must set password when setting username and email';
}
}
}
// only validate username if user didn't specify it yet
if (!$has_username) {
if (array_key_exists('username', $data)) {
$username = strtolower(trim(mb_convert_encoding($data['username'], 'UTF-8')));
if (strlen($username) < 2) {
$errors['username'][] = 'Username must be at least 2 characters long';
}
if (strlen($username) > 25) {
$errors['username'][] = 'Username must be no more then 25 characters long';
}
if (preg_match('/^[a-z][a-z0-9.]*[a-z0-9]$/', $username) !== 1) {
$errors['username'][] = "Username must start with the letter and contain only latin letters, digits or '.' symbols";
}
} else {
$errors['username'][] = "No username passed";
}
}
if (array_key_exists('name', $data)) {
$name = trim(mb_convert_encoding($data['name'], 'UTF-8'));
if ($name == '') {
$errors['name'][] = "Name can't be empty";
}
} else {
$errors['name'][] = 'No name specified';
}
if (array_key_exists('email', $data)) {
$email = trim(mb_convert_encoding($data['email'], 'UTF-8'));
if (filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
$errors['email'][] = 'Invalid email address';
}
} else {
$errors['email'][] = 'No email specified';
}
if (!$has_username) {
$existing_users = User::getUsersByEmailOrUsername($username);
if (!array_key_exists('username', $errors) && (count($existing_users) > 0 && !$existing_users[0]->isTheSameAs($user))) {
$errors['username'][] = "This username is already used, please pick another one";
}
}
$existing_users = User::getUsersByEmailOrUsername($email);
if (!array_key_exists('email', $errors) && (count($existing_users) > 0 && !$existing_users[0]->isTheSameAs($user))) {
$errors['email'][] = "This email is already used by another user, please enter another email address.";
}
if (count($errors) > 0) {
throw new InputValidationException('Validation failed', 0, $errors);
}
if ($changepass) {
$user->setPass($data['pass']);
if ($has_username) {
$user->recordActivity(USERBASE_ACTIVITY_UPDATEPASS);
}
}
if (!$has_username) {
$user->setUsername($username);
$user->recordActivity(USERBASE_ACTIVITY_ADDED_UPASS);
}
$user->setName($name);
$user->setEmail($email);
$user->save();
$user->recordActivity(USERBASE_ACTIVITY_UPDATEUSERINFO);
return true;
}
