import_request_variables("PG"); function forgotten_password() { if (!isset($_REQUEST["Benutzername"]) || !isset($_REQUEST["EMail"]) || $_REQUEST["Benutzername"] == 'guest' || empty($_REQUEST["Benutzername"]) || empty($_REQUEST["EMail"]) || !(bool) trim($_REQUEST["Benutzername"]) || !(bool) trim($_REQUEST["EMail"])) { return -1; } if (!USE_PHP_MAILING) { return -4; } $administration = new administration(); define("USER_NAME", trim($_REQUEST["Benutzername"])); define("USER_EMAIL", trim($_REQUEST["EMail"])); if (!$administration->getUserIdByUserName(USER_NAME) || USER_EMAIL != $administration->getEmailByUserId($administration->getUserIdByUserName(USER_NAME))) { return -2; } $new_password = $administration->getRandomPassword(); $sql_update = "UPDATE mb_user SET mb_user_password = \$1, mb_user_digest = \$3 WHERE mb_user_id = \$2"; $v = array(md5($new_password), $administration->getUserIdByUserName(USER_NAME), md5(USER_NAME . ";" . USER_EMAIL . ":" . REALM . ":" . $new_password)); $t = array("s", "i"); if (!db_prep_query($sql_update, $v, $t)) { return -3; } $email_subject = "New GeoPortal.rlp Password"; $email_body = sprintf("Your new GeoPortal.rlp password is: %s", $new_password); if (!$administration->sendEmail(NULL, NULL, USER_EMAIL, USER_NAME, $email_subject, $email_body, $error_msg)) { return -4; } return 1; } $success = forgotten_password();
<?php // get user defined settings and functions include_once 'bouncer_params.php'; // start sessions if needed if (!session_id()) { session_start(); } // set target page for redirects $target_page = targetpage(); // call function for forgotten password if (isset($_POST['forgotpass']) && isset($_POST['email'])) { if (bouncer_verify_email($_POST['email']) == true) { $bouncer_message['error'] = forgotten_password($_POST['email']); $attempt_login = 0; } else { $bouncer_message['error'] = $bouncer_message['wrong_email']; $attempt_login = 0; } } // call function for changed password if (isset($_POST['changepass'])) { $bouncer_message['error'] = change_password(); $attempt_login = 0; } // if a login is attempted we automatically clear the logged_in session if (isset($_POST['email']) && isset($_POST['pass'])) { $_SESSION[WW_SESS]['logged_in'] = 0; $attempt_login = 1; } if (isset($_COOKIE['ww_c_key']) && isset($_COOKIE['ww_c_user'])) {