function sendNewPass()
{
global $AppUI;
$_live_site = dPgetConfig('base_url');
$_sitename = dPgetConfig('company_name');
// ensure no malicous sql gets past
$checkusername = trim(dPgetParam($_POST, 'checkusername', ''));
$checkusername = db_escape($checkusername);
$confirmEmail = trim(dPgetParam($_POST, 'checkemail', ''));
$confirmEmail = mb_strtolower(db_escape($confirmEmail));
$q = new DBQuery();
$q->addTable('users', 'u');
$q->addQuery('u.user_id');
$q->addWhere('user_username=\'' . $checkusername . '\' AND LOWER(contact_email)=\'' . $confirmEmail . '\'');
$q->leftJoin('contacts', 'c', 'u.user_contact = c.contact_id');
if (!($user_id = $q->loadResult()) || !$checkusername || !$confirmEmail) {
$AppUI->setMsg('Invalid username or email.', UI_MSG_ERROR);
$AppUI->redirect();
}
$newpass = makePass();
$message = $AppUI->_('sendpass0', UI_OUTPUT_RAW) . ' ' . $checkusername . ' ' . $AppUI->_('sendpass1', UI_OUTPUT_RAW) . ' ' . $_live_site . ' ' . $AppUI->_('sendpass2', UI_OUTPUT_RAW) . ' ' . $newpass . ' ' . $AppUI->_('sendpass3', UI_OUTPUT_RAW);
$subject = "{$_sitename} :: " . $AppUI->_('sendpass4', UI_OUTPUT_RAW) . " - {$checkusername}";
$m = new Mail();
// create the mail
$m->From("dotProject@" . dPgetConfig('site_domain'));
$m->To($confirmEmail);
$m->Subject($subject);
$m->Body($message, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : "");
// set the body
$m->Send();
// send the mail
$newpass = md5($newpass);
$q->clear();
$q->addTable('users');
$q->addUpdate('user_password', $newpass, true);
$q->addWhere('user_id=\'' . $user_id . '\'');
$cur = $q->exec();
if (!$cur) {
die('SQL error' . $database->stderr(true));
} else {
$AppUI->setMsg('New User Password created and emailed to you');
$AppUI->redirect();
}
}
function sendNewPass()
{
global $AppUI;
$_live_site = dPgetConfig('base_url');
$_sitename = dPgetConfig('company_name');
// ensure no malicous sql gets past
$checkusername = trim(dPgetParam($_POST, 'checkusername', ''));
$checkusername = db_escape($checkusername);
$confirmEmail = trim(dPgetParam($_POST, 'checkemail', ''));
$confirmEmail = mb_strtolower(db_escape($confirmEmail));
$query = 'SELECT user_id FROM users LEFT JOIN contacts ON user_contact = contact_id' . " WHERE user_username='******' AND LOWER(contact_email)='{$confirmEmail}'";
if (!($user_id = db_loadResult($query)) || !$checkusername || !$confirmEmail) {
$AppUI->setMsg('Invalid username or email.', UI_MSG_ERROR);
$AppUI->redirect();
}
$newpass = makePass();
$message = $AppUI->_('sendpass0', UI_OUTPUT_RAW) . ' ' . $checkusername . ' ' . $AppUI->_('sendpass1', UI_OUTPUT_RAW) . ' ' . $_live_site . ' ' . $AppUI->_('sendpass2', UI_OUTPUT_RAW) . ' ' . $newpass . ' ' . $AppUI->_('sendpass3', UI_OUTPUT_RAW);
$subject = "{$_sitename} :: " . $AppUI->_('sendpass4', UI_OUTPUT_RAW) . " - {$checkusername}";
$m = new Mail();
// create the mail
$m->From("dotProject@" . dPgetConfig('site_domain'));
$m->To($confirmEmail);
$m->Subject($subject);
$m->Body($message, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : "");
// set the body
$m->Send();
// send the mail
$newpass = md5($newpass);
$sql = "UPDATE users SET user_password='******' WHERE user_id='{$user_id}'";
$cur = db_exec($sql);
if (!$cur) {
die('SQL error' . $database->stderr(true));
} else {
$AppUI->setMsg('New User Password created and emailed to you');
$AppUI->redirect();
}
}
function sendNewPass()
{
global $AppUI;
$_live_site = w2PgetConfig('base_url');
$_sitename = w2PgetConfig('company_name');
// ensure no malicous sql gets past
$checkusername = trim(w2PgetParam($_POST, 'checkusername', ''));
$checkusername = db_escape($checkusername);
$confirmEmail = trim(w2PgetParam($_POST, 'checkemail', ''));
$confirmEmail = strtolower(db_escape($confirmEmail));
$q = new w2p_Database_Query();
$q->addTable('users');
$q->addJoin('contacts', 'con', 'user_contact = contact_id', 'inner');
$q->addQuery('user_id');
$q->addWhere('user_username = \'' . $checkusername . '\'');
/* Begin Hack */
/*
* This is a particularly annoying hack but I don't know of a better
* way to resolve #457. In v2.0, there was a refactoring to allow for
* muliple contact methods which resulted in the contact_email being
* removed from the contacts table. If the user is upgrading from
* v1.x and they try to log in before applying the database, crash.
* Info: http://bugs.web2project.net/view.php?id=457
*/
$qTest = new w2p_Database_Query();
$qTest->addTable('w2pversion');
$qTest->addQuery('max(db_version)');
$dbVersion = $qTest->loadResult();
if ($dbVersion >= 21 && $dbVersion < 26) {
$q->leftJoin('contacts_methods', 'cm', 'cm.contact_id = con.contact_id');
$q->addWhere("cm.method_value = '{$confirmEmail}'");
} else {
$q->addWhere("LOWER(contact_email) = '{$confirmEmail}'");
}
/* End Hack */
if (!($user_id = $q->loadResult()) || !$checkusername || !$confirmEmail) {
$AppUI->setMsg('Invalid username or email.', UI_MSG_ERROR);
$AppUI->redirect();
}
$newpass = makePass();
$message = $AppUI->_('sendpass0', UI_OUTPUT_RAW) . ' ' . $checkusername . ' ' . $AppUI->_('sendpass1', UI_OUTPUT_RAW) . ' ' . $_live_site . ' ' . $AppUI->_('sendpass2', UI_OUTPUT_RAW) . ' ' . $newpass . ' ' . $AppUI->_('sendpass3', UI_OUTPUT_RAW);
$subject = $_sitename . ' :: ' . $AppUI->_('sendpass4', UI_OUTPUT_RAW) . ' - ' . $checkusername;
$m = new w2p_Utilities_Mail();
// create the mail
$m->To($confirmEmail);
$m->Subject($subject);
$m->Body($message, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : '');
// set the body
$m->Send();
// send the mail
$newpass = md5($newpass);
$q->addTable('users');
$q->addUpdate('user_password', $newpass);
$q->addWhere('user_id=' . $user_id);
$cur = $q->exec();
if (!$cur) {
die('SQL error' . $database->stderr(true));
} else {
$AppUI->setMsg('New User Password created and emailed to you');
$AppUI->redirect();
}
}
function sendPass($mail, $name)
{
$fp = fopen($mail, 'w');
if ($fp) {
$pass = makePass(6);
fwrite($fp, "{$name}님, 임시 비밀번호는 {$pass}입니다.");
fclose($fp);
return $pass;
}
return '';
}
function add_client()
{
global $prefix, $db, $banners, $admin_file, $ad_admin_menu;
include "header.php";
GraphicAdmin();
OpenTable();
echo "{$ad_admin_menu}";
CloseTable();
echo "<br>";
OpenTable();
$cl_pass = makePass();
echo "<center><font class=\"title\"><b>" . _ADDCLIENT . "</b></font></center><br><br>\r\n\t\t\t<table border=\"0\"><tr><td>\r\n\t\t\t<form action=\"" . $admin_file . ".php?op=BannerAddClient\" method=\"post\">\r\n\t\t\t" . _CLIENTNAME . ":</td><td><input type=\"text\" name=\"name\" size=\"30\" maxlength=\"60\"></td></tr>\r\n\t\t\t<tr><td>" . _CONTACTNAME . ":</td><td><input type=\"text\" name=\"contact\" size=\"30\" maxlength=\"60\"></td></tr>\r\n\t\t\t<tr><td>" . _CONTACTEMAIL . ":</td><td><input type=\"text\" name=\"email\" size=\"30\" maxlength=\"60\"></td></tr>\r\n\t\t\t<tr><td>" . _CLIENTLOGIN . ":</td><td><input type=\"text\" name=\"login\" size=\"12\" maxlength=\"10\"></td></tr>\r\n\t\t\t<tr><td>" . _CLIENTPASSWD . ":</td><td><input type=\"text\" name=\"passwd\" size=\"12\" maxlength=\"10\" value=\"{$cl_pass}\"></td></tr>\r\n\t\t\t<tr><td>" . _EXTRAINFO . ":</td><td><textarea name=\"extrainfo\" cols=\"70\" rows=\"15\"></textarea></td></tr>\r\n\t\t\t<tr><td> </td><td><input type=\"hidden\" name=\"op\" value=\"BannerAddClient\">\r\n\t\t\t<input type=\"submit\" value=\"" . _ADDCLIENT2 . "\">\r\n\t\t\t</form></td></tr></table>";
CloseTable();
include "footer.php";
}
