/** * checks the validity of input parameters, fills $page['errors'] and * $page['infos'] and send an email with confirmation link * * @return bool (true if email was sent, false otherwise) */ function process_password_request() { global $page, $conf; if (empty($_POST['username_or_email'])) { $page['errors'][] = l10n('Invalid username or email'); return false; } $user_id = get_userid_by_email($_POST['username_or_email']); if (!is_numeric($user_id)) { $user_id = get_userid($_POST['username_or_email']); } if (!is_numeric($user_id)) { $page['errors'][] = l10n('Invalid username or email'); return false; } $userdata = getuserdata($user_id, false); // password request is not possible for guest/generic users $status = $userdata['status']; if (is_a_guest($status) or is_generic($status)) { $page['errors'][] = l10n('Password reset is not allowed for this user'); return false; } if (empty($userdata['email'])) { $page['errors'][] = l10n('User "%s" has no email address, password reset is not possible', $userdata['username']); return false; } $activation_key = generate_key(20); list($expire) = pwg_db_fetch_row(pwg_query('SELECT ADDDATE(NOW(), INTERVAL 1 HOUR)')); single_update(USER_INFOS_TABLE, array('activation_key' => pwg_password_hash($activation_key), 'activation_key_expire' => $expire), array('user_id' => $user_id)); $userdata['activation_key'] = $activation_key; set_make_full_url(); $message = l10n('Someone requested that the password be reset for the following user account:') . "\r\n\r\n"; $message .= l10n('Username "%s" on gallery %s', $userdata['username'], get_gallery_home_url()); $message .= "\r\n\r\n"; $message .= l10n('To reset your password, visit the following address:') . "\r\n"; $message .= get_gallery_home_url() . '/password.php?key=' . $activation_key . '-' . urlencode($userdata['email']); $message .= "\r\n\r\n"; $message .= l10n('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n"; unset_make_full_url(); $message = trigger_change('render_lost_password_mail_content', $message); $email_params = array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Password Reset'), 'content' => $message, 'email_format' => 'text/plain'); if (pwg_mail($userdata['email'], $email_params)) { $page['infos'][] = l10n('Check your email for the confirmation link'); return true; } else { $page['errors'][] = l10n('Error sending email'); return false; } }
/** * Fetches user data from database. * Same that getuserdata() but with additional tests for guest. * * @param int $user_id * @param boolean $user_cache * @return array */ function build_user($user_id, $use_cache = true) { global $conf; $user['id'] = $user_id; $user = array_merge($user, getuserdata($user_id, $use_cache)); if ($user['id'] == $conf['guest_id'] and $user['status'] != 'guest') { $user['status'] = 'guest'; $user['internal_status']['guest_must_be_guest'] = true; } // Check user theme if (!isset($user['theme_name'])) { $user['theme'] = get_default_theme(); } return $user; }
//check session if (isset($_GET['sessionid'])) { //echo checkalive($_GET['sessionid']); if (checkalive($_GET['sessionid'], $_GET['userid'])) { $_SESSION['sessionid'] = $_GET['sessionid']; } else { $_SESSION['sessionid'] = ""; } } $sessionid = $_SESSION['sessionid']; if ($sessionid == "") { header("Location:index.php?expired=1"); } //check userid if (isset($_GET['userid'])) { getuserdata($_GET['userid']); } //current account being modified //$account = "test test test"; function checkalive($id, $user) { $mysqli = new mysqli(DBSERVER, DBUSER, DBPWD, DB); ////set the query $query = "SELECT UNIX_TIMESTAMP(`sessions`.`sessiontimestamp`) AS `sessiontimestamp` FROM `sessions` WHERE `sessions`.`sessionmd5` = '" . $id . "' AND `sessions`.`userid` = " . $user; //echo $query; $result = $mysqli->query($query); if ($mysqli->affected_rows > 0) { $row = $result->fetch_object(); $date = $row->sessiontimestamp; } else { echo $mysqli->error;