# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
$i18n = exponent_lang_loadFile('modules/loginmodule/actions/resetpass_send.php');
if (!defined('SYS_USERS')) {
require_once BASE . 'subsystems/users.php';
}
$u = exponent_users_getUserByName($_POST['username']);
if ($u != null && $u->is_acting_admin == 0 && $u->is_admin == 0 && $u->email != '') {
if (!defined('SYS_SMTP')) {
require_once BASE . 'subsystems/smtp.php';
}
$tok = null;
$tok->uid = $u->id;
$tok->expires = time() + 2 * 3600;
$tok->token = md5(time()) . uniqid('');
$e_template = new template('loginmodule', '_email_resetconfirm', $loc);
$e_template->assign('token', $tok);
$msg = $e_template->render();
// FIXME: smtp call prototype / usage has changed.
if (!exponent_smtp_mail($u->email, $i18n['from_name'] . ' <' . $i18n['from_email'] . '@' . HOSTNAME . '>', $i18n['title'], $msg)) {
echo $i18n['smtp_error'];
} else {
$capcha_real = exponent_sessions_get('capcha_string');
if (!defined('SYS_USERS')) {
require_once BASE . 'subsystems/users.php';
}
if (!defined('SYS_SECURITY')) {
require_once BASE . 'subsystems/security.php';
}
$username_error = exponent_security_checkUsername($_POST['username']);
if ($username_error != '') {
$post = $_POST;
unset($post['username']);
$post['_formError'] = sprintf($i18n['username_failed'], $username_error);
exponent_sessions_set('last_POST', $post);
header('Location: ' . $_SERVER['HTTP_REFERER']);
} else {
if (exponent_users_getUserByName($_POST['username']) != null) {
$post = $_POST;
unset($post['username']);
$post['_formError'] = $i18n['username_taken'];
exponent_sessions_set('last_POST', $post);
header('Location: ' . $_SERVER['HTTP_REFERER']);
} else {
if ($_POST['pass1'] != $_POST['pass2']) {
$post = $_POST;
unset($post['pass1']);
unset($post['pass2']);
$post['_formError'] = $i18n['unmatched_passwords'];
exponent_sessions_set('last_POST', $post);
header('Location: ' . $_SERVER['HTTP_REFERER']);
} else {
$strength_error = exponent_security_checkPasswordStrength($_POST['username'], $_POST['pass1']);
$userinfo->clearpassword = $newpass;
break;
case "DEFPASS":
$userinfo->clearpassword = str_replace(" ", "", trim($_POST["pwordText"]));
break;
}
$userinfo->password = md5($userinfo->clearpassword);
$suffix = "";
while (exponent_users_getUserByName($userinfo->username . $suffix) != null) {
//username already exists
if (isset($_POST["update"]) == 1) {
if (in_array($userinfo->username, $usersdone)) {
$suffix = rand(100, 999);
$userinfo->changed = 1;
} else {
$tmp = exponent_users_getUserByName($userinfo->username . $suffix);
$userinfo->id = $tmp->id;
break;
}
} else {
$suffix = rand(100, 999);
$userinfo->changed = 1;
}
}
$userinfo->username = $userinfo->username . $suffix;
$userarray[] = exponent_users_saveUser($userinfo);
$usersdone[] = $userinfo->username;
} else {
$userinfo->linenum = $linenum;
$userarray[] = $userinfo;
}