Beispiel #1
0
function forgotten_password()
{
    if (!isset($_REQUEST["Benutzername"]) || !isset($_REQUEST["EMail"]) || $_REQUEST["Benutzername"] == 'guest' || empty($_REQUEST["Benutzername"]) || empty($_REQUEST["EMail"]) || !(bool) trim($_REQUEST["Benutzername"]) || !(bool) trim($_REQUEST["EMail"])) {
        return -1;
    }
    if (!USE_PHP_MAILING) {
        return -4;
    }
    $administration = new administration();
    define("USER_NAME", trim($_REQUEST["Benutzername"]));
    define("USER_EMAIL", trim($_REQUEST["EMail"]));
    if (!$administration->getUserIdByUserName(USER_NAME) || USER_EMAIL != $administration->getEmailByUserId($administration->getUserIdByUserName(USER_NAME))) {
        return -2;
    }
    $new_password = $administration->getRandomPassword();
    $sql_update = "UPDATE mb_user SET mb_user_password = \$1, mb_user_digest = \$3 WHERE mb_user_id = \$2";
    $v = array(md5($new_password), $administration->getUserIdByUserName(USER_NAME), md5(USER_NAME . ";" . USER_EMAIL . ":" . REALM . ":" . $new_password));
    $t = array("s", "i");
    if (!db_prep_query($sql_update, $v, $t)) {
        return -3;
    }
    $email_subject = "New GeoPortal.rlp Password";
    $email_body = sprintf("Your new GeoPortal.rlp password is: %s", $new_password);
    if (!$administration->sendEmail(NULL, NULL, USER_EMAIL, USER_NAME, $email_subject, $email_body, $error_msg)) {
        return -4;
    }
    return 1;
}
Beispiel #2
0
     if ($_POST["username"] && $_POST["email"]) {
         $id = $admin->getUserIdByUserName($_POST["username"]);
         $mailAddressMatch = $admin->getEmailByUserId($id) == $_POST["email"] && $_POST["email"] != '';
         $user_id = $id;
         if ($user_id && $mailAddressMatch) {
             $upd = true;
         } else {
             echo "Either your username could not be found or you have registered another or no mail address.<br><br>";
         }
     } else {
         echo "Please fill in your username and mail address.<br><br>";
     }
 }
 /*handle INSERT and DELETE************************************************************************************/
 if ($upd) {
     $sql_password = $admin->getRandomPassword();
     $mailToAddr = $admin->getEmailByUserId($user_id);
     $mailToName = $admin->getUsernameByUserId($user_id);
     if (!$mailToAddr) {
         echo "<script language='javascript'>";
         echo "alert('You didn\\'t enter an email address when registering with Mapbender. Unfortunately there is no way to send you a new password.');";
         echo "window.back();";
         echo "</script>";
     } elseif ($user_id) {
         if ($admin->sendEmail("", "", $mailToAddr, $mailToName, "Your new Mapbender password", "login:    "******"\npassword: "******"UPDATE mb_user SET mb_user_password = \$1";
             $sql_update .= " WHERE mb_user_id = \$2";
             #echo $sql_update;
             $v = array(md5($sql_password), $user_id);
             $t = array('s', 'i');