function reset_author_pass($name)
{
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
$new_pass = doSlash(generate_password(6));
$rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($name) . "'");
if ($rs) {
if (send_new_password($new_pass, $email, $name)) {
return gTxt('password_sent_to') . ' ' . $email;
} else {
return gTxt('could_not_mail') . ' ' . $email;
}
} else {
return gTxt('could_not_update_author') . ' ' . htmlspecialchars($name);
}
}
function reset_author_pass($name)
{
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
$new_pass = generate_password(PASSWORD_LENGTH);
$hash = doSlash(txp_hash_password($new_pass));
$rs = safe_update('txp_users', "pass = '******'", "name = '" . doSlash($name) . "'");
if ($rs) {
if (send_new_password($new_pass, $email, $name)) {
return gTxt('password_sent_to') . ' ' . $email;
} else {
return gTxt('could_not_mail') . ' ' . $email;
}
} else {
return gTxt('could_not_update_author') . ' ' . txpspecialchars($name);
}
}
function change_pass()
{
global $txp_user;
$message = '';
$themail = fetch('email', 'txp_users', 'name', $txp_user);
if (!empty($_POST["new_pass"])) {
$NewPass = $_POST["new_pass"];
$rs = safe_update("txp_users", "pass = password(lower('{$NewPass}'))", "name='{$txp_user}'");
if ($rs) {
$message .= gTxt('password_changed');
if ($_POST['mailpassword'] == 1) {
send_new_password($NewPass, $themail);
$message .= sp . gTxt('and_mailed_to') . sp . $themail;
}
$message .= ".";
} else {
echo comment(mysql_error());
}
admin($message);
}
}
function change_pass()
{
global $txp_user;
extract(doSlash(psa(array('new_pass', 'mail_password'))));
if (empty($new_pass)) {
admin(gTxt('password_required'));
return;
}
$rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($txp_user) . "'");
if ($rs) {
$message = gTxt('password_changed');
if ($mail_password) {
$email = fetch('email', 'txp_users', 'name', $txp_user);
send_new_password($new_pass, $email, $txp_user);
$message .= sp . gTxt('and_mailed_to') . sp . $email;
} else {
echo comment(mysql_error());
}
$message .= '.';
admin($message);
}
}
/**
* Processes multi-edit actions.
*
* Accessing requires 'admin.edit' privileges.
*/
function admin_multi_edit()
{
global $txp_user;
require_privs('admin.edit');
$selected = ps('selected');
$method = ps('edit_method');
$changed = array();
$msg = '';
if (!$selected or !is_array($selected)) {
return author_list();
}
$names = safe_column('name', 'txp_users', "name IN (" . join(',', quote_list($selected)) . ") AND name != '" . doSlash($txp_user) . "'");
if (!$names) {
return author_list();
}
switch ($method) {
case 'delete':
$assign_assets = ps('assign_assets');
if (!$assign_assets) {
$msg = array('must_reassign_assets', E_ERROR);
} elseif (in_array($assign_assets, $names)) {
$msg = array('cannot_assign_assets_to_deletee', E_ERROR);
} elseif (remove_user($names, $assign_assets)) {
$changed = $names;
callback_event('authors_deleted', '', 0, $changed);
$msg = 'author_deleted';
}
break;
case 'changeprivilege':
if (change_user_group($names, ps('privs'))) {
$changed = $names;
$msg = 'author_updated';
}
break;
case 'resetpassword':
foreach ($names as $name) {
$passwd = generate_password(PASSWORD_LENGTH);
if (change_user_password($name, $passwd)) {
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
if (send_new_password($passwd, $email, $name)) {
$changed[] = $name;
$msg = 'author_updated';
} else {
return author_list(array(gTxt('could_not_mail') . ' ' . txpspecialchars($name), E_ERROR));
}
}
}
break;
}
if ($changed) {
return author_list(gTxt($msg, array('{name}' => txpspecialchars(join(', ', $changed)))));
}
author_list($msg);
}
function admin_multi_edit()
{
global $txp_user;
require_privs('admin.edit');
$selected = ps('selected');
$method = ps('edit_method');
$changed = array();
if (!$selected or !is_array($selected)) {
return admin();
}
$names = safe_column('name', 'txp_users', "name IN ('" . join("','", doSlash($selected)) . "') AND name != '" . doSlash($txp_user) . "'");
if (!$names) {
return admin();
}
switch ($method) {
case 'delete':
if (safe_delete('txp_users', "name IN ('" . join("','", doSlash($names)) . "')")) {
$changed = $names;
$msg = 'author_deleted';
}
break;
case 'changeprivilege':
global $levels;
$privilege = ps('privs');
if (!isset($levels[$privilege])) {
return admin();
}
if (safe_update('txp_users', 'privs = ' . intval($privilege), "name IN ('" . join("','", doSlash($names)) . "')")) {
$changed = $names;
$msg = 'author_updated';
}
break;
case 'resetpassword':
$failed = array();
foreach ($names as $name) {
$passwd = generate_password(6);
if (safe_update('txp_users', "pass = password(lower('" . doSlash($passwd) . "'))", "name = '" . doSlash($name) . "'")) {
}
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
if (send_new_password($passwd, $email, $name)) {
$changed[] = $name;
$msg = 'author_updated';
} else {
return admin(gTxt('could_not_mail') . ' ' . htmlspecialchars($name));
}
}
break;
}
if ($changed) {
return admin(gTxt($msg, array('{name}' => htmlspecialchars(join(', ', $changed)))));
}
admin();
}
function author_change_pass()
{
$name = ps('name');
$themail = safe_field("email", "txp_users", "name='" . doSlash($name) . "'");
$NewPass = generate_password(6);
$rs = safe_update("txp_users", "pass=password(lower('{$NewPass}'))", "`name`='" . doSlash($name) . "'");
if ($rs) {
if (send_new_password($NewPass, $themail, $name)) {
admin(gTxt('password_sent_to') . ' ' . $themail);
} else {
admin(gTxt('could_not_mail') . ' ' . $themail);
}
} else {
admin(gTxt('could_not_update_author') . ' ' . $name);
}
}
function admin_multi_edit()
{
global $txp_user;
require_privs('admin.edit');
$selected = ps('selected');
$method = ps('edit_method');
$changed = array();
if (!$selected or !is_array($selected)) {
return author_list();
}
$names = safe_column('name', 'txp_users', "name IN ('" . join("','", doSlash($selected)) . "') AND name != '" . doSlash($txp_user) . "'");
if (!$names) {
return author_list();
}
switch ($method) {
case 'delete':
$assign_assets = ps('assign_assets');
if ($assign_assets === '') {
$msg = array('must_reassign_assets', E_ERROR);
} elseif (in_array($assign_assets, $names)) {
$msg = array('cannot_assign_assets_to_deletee', E_ERROR);
} elseif (safe_delete('txp_users', "name IN ('" . join("','", doSlash($names)) . "')")) {
$changed = $names;
$assign_assets = doSlash($assign_assets);
$names = join("','", doSlash($names));
// delete private prefs
safe_delete('txp_prefs', "user_name IN ('{$names}')");
// assign dangling assets to their new owner
$reassign = array('textpattern' => 'AuthorID', 'txp_file' => 'author', 'txp_image' => 'author', 'txp_link' => 'author');
foreach ($reassign as $table => $col) {
safe_update($table, "{$col}='{$assign_assets}'", "{$col} IN ('{$names}')");
}
callback_event('authors_deleted', '', 0, $changed);
$msg = 'author_deleted';
}
break;
case 'changeprivilege':
global $levels;
$privilege = ps('privs');
if (!isset($levels[$privilege])) {
return author_list();
}
if (safe_update('txp_users', 'privs = ' . intval($privilege), "name IN ('" . join("','", doSlash($names)) . "')")) {
$changed = $names;
$msg = 'author_updated';
}
break;
case 'resetpassword':
$failed = array();
foreach ($names as $name) {
$passwd = generate_password(PASSWORD_LENGTH);
$hash = doSlash(txp_hash_password($passwd));
if (safe_update('txp_users', "pass = '******'", "name = '" . doSlash($name) . "'")) {
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
if (send_new_password($passwd, $email, $name)) {
$changed[] = $name;
$msg = 'author_updated';
} else {
return author_list(array(gTxt('could_not_mail') . ' ' . txpspecialchars($name), E_ERROR));
}
}
}
break;
}
if ($changed) {
return author_list(gTxt($msg, array('{name}' => txpspecialchars(join(', ', $changed)))));
}
author_list($msg);
}
/**
* Resets the given user's password and emails it.
*
* The old password is replaced with a new random-generated one.
*
* Should NEVER be used as sending plaintext passwords is wrong.
* Will be removed in future, in lieu of sending reset request tokens.
*
* @param string $name The login name
* @return string A localized message string
* @deprecated in 4.6.0
* @see PASSWORD_LENGTH
* @see generate_password()
* @example
* echo reset_author_pass('username');
*/
function reset_author_pass($name)
{
$email = safe_field("email", 'txp_users', "name = '" . doSlash($name) . "'");
$new_pass = Txp::get('\\Textpattern\\Password\\Random')->generate(PASSWORD_LENGTH);
$rs = change_user_password($name, $new_pass);
if ($rs) {
if (send_new_password($new_pass, $email, $name)) {
return gTxt('password_sent_to') . ' ' . $email;
} else {
return gTxt('could_not_mail') . ' ' . $email;
}
} else {
return gTxt('could_not_update_author') . ' ' . txpspecialchars($name);
}
}
function mem_self_password_reset_form($atts, $thing = '')
{
global $mem_self, $sitename, $production_status;
extract(lAtts(array('form' => '', 'form_mail' => '', 'from' => $mem_self['admin_email'], 'reply' => '', 'subject' => "[{$sitename}] " . mem_self_gTxt('password_reset_confirmation_request'), 'confirm_url' => '', 'check_name' => 1, 'check_email' => 1), $atts, false));
if (!is_callable('mail')) {
return $production_status == 'live' ? mem_self_gTxt('mail_sorry') : gTxt('warn_mail_unavailable');
}
if (gps('mem_self_confirm')) {
sleep(3);
$confirm = pack('H*', gps('mem_self_confirm'));
$name = substr($confirm, 5);
$nonce = safe_field('nonce', 'txp_users', "name = '" . doSlash($name) . "'");
if ($nonce and $confirm === pack('H*', substr(md5($nonce), 0, 10)) . $name) {
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
$new_pass = doSlash(generate_password(10));
$rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($name) . "'");
if ($rs) {
if (send_new_password($new_pass, $email, $name)) {
return mem_self_gTxt('password_sent_to', array('{email}' => $email));
} else {
return mem_self_gTxt('mail_sorry');
}
} else {
return mem_self_gTxt('password_change_failed');
}
}
}
if (!$check_name and !$check_email) {
return mem_self_gTxt('invalid_form_tags', array('{form}' => 'mem_self_password_reset_form'));
}
if (!empty($form)) {
$thing = fetch_form($form);
unset($atts['form']);
}
$secrets = array('form_mail', 'from', 'reply', 'subject', 'confirm_url', 'check_name', 'check_email');
foreach ($secrets as $a) {
$thing .= '<txp:mem_form_secret name="' . $a . '" value="' . ${$a} . '" />';
unset($atts[$a]);
}
return mem_form($atts + array('type' => 'mem_self_password_reset'), $thing);
}
function author_change_pass()
{
require_privs('admin.edit');
$name = ps('name');
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
$new_pass = doSlash(generate_password(6));
$rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($name) . "'");
if ($rs) {
if (send_new_password($new_pass, $email, $name)) {
admin(gTxt('password_sent_to') . ' ' . $email);
} else {
admin(gTxt('could_not_mail') . ' ' . $email);
}
} else {
admin(gTxt('could_not_update_author') . ' ' . $name);
}
}
$sq = "update " . $table_prefix . "events set status_id = 4, quick_approve = NULL where quick_approve = '" . $code . "'";
$squery = mysql_query($sq);
if ($squery) {
$msg = $lang["event_updated"];
$event_id = mysql_result($query, 0, 0);
include "includes/notify.php";
notify_group($event_id);
}
} else {
$msg = $lang["event_not_found"];
}
header("Location: index.php?msg=" . $msg);
}
switch ($_REQUEST["mode"]) {
case $lang["send_new_password"]:
send_new_password();
break;
case "q":
approve($_REQUEST["qa"]);
break;
case "logout":
log_out();
break;
case "Log In":
check_login();
break;
default:
header("Location: index.php");
break;
}
mysql_close($link);
