function reset_author_pass($name) { $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); $new_pass = doSlash(generate_password(6)); $rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($name) . "'"); if ($rs) { if (send_new_password($new_pass, $email, $name)) { return gTxt('password_sent_to') . ' ' . $email; } else { return gTxt('could_not_mail') . ' ' . $email; } } else { return gTxt('could_not_update_author') . ' ' . htmlspecialchars($name); } }
function reset_author_pass($name) { $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); $new_pass = generate_password(PASSWORD_LENGTH); $hash = doSlash(txp_hash_password($new_pass)); $rs = safe_update('txp_users', "pass = '******'", "name = '" . doSlash($name) . "'"); if ($rs) { if (send_new_password($new_pass, $email, $name)) { return gTxt('password_sent_to') . ' ' . $email; } else { return gTxt('could_not_mail') . ' ' . $email; } } else { return gTxt('could_not_update_author') . ' ' . txpspecialchars($name); } }
function change_pass() { global $txp_user; $message = ''; $themail = fetch('email', 'txp_users', 'name', $txp_user); if (!empty($_POST["new_pass"])) { $NewPass = $_POST["new_pass"]; $rs = safe_update("txp_users", "pass = password(lower('{$NewPass}'))", "name='{$txp_user}'"); if ($rs) { $message .= gTxt('password_changed'); if ($_POST['mailpassword'] == 1) { send_new_password($NewPass, $themail); $message .= sp . gTxt('and_mailed_to') . sp . $themail; } $message .= "."; } else { echo comment(mysql_error()); } admin($message); } }
function change_pass() { global $txp_user; extract(doSlash(psa(array('new_pass', 'mail_password')))); if (empty($new_pass)) { admin(gTxt('password_required')); return; } $rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($txp_user) . "'"); if ($rs) { $message = gTxt('password_changed'); if ($mail_password) { $email = fetch('email', 'txp_users', 'name', $txp_user); send_new_password($new_pass, $email, $txp_user); $message .= sp . gTxt('and_mailed_to') . sp . $email; } else { echo comment(mysql_error()); } $message .= '.'; admin($message); } }
/** * Processes multi-edit actions. * * Accessing requires 'admin.edit' privileges. */ function admin_multi_edit() { global $txp_user; require_privs('admin.edit'); $selected = ps('selected'); $method = ps('edit_method'); $changed = array(); $msg = ''; if (!$selected or !is_array($selected)) { return author_list(); } $names = safe_column('name', 'txp_users', "name IN (" . join(',', quote_list($selected)) . ") AND name != '" . doSlash($txp_user) . "'"); if (!$names) { return author_list(); } switch ($method) { case 'delete': $assign_assets = ps('assign_assets'); if (!$assign_assets) { $msg = array('must_reassign_assets', E_ERROR); } elseif (in_array($assign_assets, $names)) { $msg = array('cannot_assign_assets_to_deletee', E_ERROR); } elseif (remove_user($names, $assign_assets)) { $changed = $names; callback_event('authors_deleted', '', 0, $changed); $msg = 'author_deleted'; } break; case 'changeprivilege': if (change_user_group($names, ps('privs'))) { $changed = $names; $msg = 'author_updated'; } break; case 'resetpassword': foreach ($names as $name) { $passwd = generate_password(PASSWORD_LENGTH); if (change_user_password($name, $passwd)) { $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); if (send_new_password($passwd, $email, $name)) { $changed[] = $name; $msg = 'author_updated'; } else { return author_list(array(gTxt('could_not_mail') . ' ' . txpspecialchars($name), E_ERROR)); } } } break; } if ($changed) { return author_list(gTxt($msg, array('{name}' => txpspecialchars(join(', ', $changed))))); } author_list($msg); }
function admin_multi_edit() { global $txp_user; require_privs('admin.edit'); $selected = ps('selected'); $method = ps('edit_method'); $changed = array(); if (!$selected or !is_array($selected)) { return admin(); } $names = safe_column('name', 'txp_users', "name IN ('" . join("','", doSlash($selected)) . "') AND name != '" . doSlash($txp_user) . "'"); if (!$names) { return admin(); } switch ($method) { case 'delete': if (safe_delete('txp_users', "name IN ('" . join("','", doSlash($names)) . "')")) { $changed = $names; $msg = 'author_deleted'; } break; case 'changeprivilege': global $levels; $privilege = ps('privs'); if (!isset($levels[$privilege])) { return admin(); } if (safe_update('txp_users', 'privs = ' . intval($privilege), "name IN ('" . join("','", doSlash($names)) . "')")) { $changed = $names; $msg = 'author_updated'; } break; case 'resetpassword': $failed = array(); foreach ($names as $name) { $passwd = generate_password(6); if (safe_update('txp_users', "pass = password(lower('" . doSlash($passwd) . "'))", "name = '" . doSlash($name) . "'")) { } $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); if (send_new_password($passwd, $email, $name)) { $changed[] = $name; $msg = 'author_updated'; } else { return admin(gTxt('could_not_mail') . ' ' . htmlspecialchars($name)); } } break; } if ($changed) { return admin(gTxt($msg, array('{name}' => htmlspecialchars(join(', ', $changed))))); } admin(); }
function author_change_pass() { $name = ps('name'); $themail = safe_field("email", "txp_users", "name='" . doSlash($name) . "'"); $NewPass = generate_password(6); $rs = safe_update("txp_users", "pass=password(lower('{$NewPass}'))", "`name`='" . doSlash($name) . "'"); if ($rs) { if (send_new_password($NewPass, $themail, $name)) { admin(gTxt('password_sent_to') . ' ' . $themail); } else { admin(gTxt('could_not_mail') . ' ' . $themail); } } else { admin(gTxt('could_not_update_author') . ' ' . $name); } }
function admin_multi_edit() { global $txp_user; require_privs('admin.edit'); $selected = ps('selected'); $method = ps('edit_method'); $changed = array(); if (!$selected or !is_array($selected)) { return author_list(); } $names = safe_column('name', 'txp_users', "name IN ('" . join("','", doSlash($selected)) . "') AND name != '" . doSlash($txp_user) . "'"); if (!$names) { return author_list(); } switch ($method) { case 'delete': $assign_assets = ps('assign_assets'); if ($assign_assets === '') { $msg = array('must_reassign_assets', E_ERROR); } elseif (in_array($assign_assets, $names)) { $msg = array('cannot_assign_assets_to_deletee', E_ERROR); } elseif (safe_delete('txp_users', "name IN ('" . join("','", doSlash($names)) . "')")) { $changed = $names; $assign_assets = doSlash($assign_assets); $names = join("','", doSlash($names)); // delete private prefs safe_delete('txp_prefs', "user_name IN ('{$names}')"); // assign dangling assets to their new owner $reassign = array('textpattern' => 'AuthorID', 'txp_file' => 'author', 'txp_image' => 'author', 'txp_link' => 'author'); foreach ($reassign as $table => $col) { safe_update($table, "{$col}='{$assign_assets}'", "{$col} IN ('{$names}')"); } callback_event('authors_deleted', '', 0, $changed); $msg = 'author_deleted'; } break; case 'changeprivilege': global $levels; $privilege = ps('privs'); if (!isset($levels[$privilege])) { return author_list(); } if (safe_update('txp_users', 'privs = ' . intval($privilege), "name IN ('" . join("','", doSlash($names)) . "')")) { $changed = $names; $msg = 'author_updated'; } break; case 'resetpassword': $failed = array(); foreach ($names as $name) { $passwd = generate_password(PASSWORD_LENGTH); $hash = doSlash(txp_hash_password($passwd)); if (safe_update('txp_users', "pass = '******'", "name = '" . doSlash($name) . "'")) { $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); if (send_new_password($passwd, $email, $name)) { $changed[] = $name; $msg = 'author_updated'; } else { return author_list(array(gTxt('could_not_mail') . ' ' . txpspecialchars($name), E_ERROR)); } } } break; } if ($changed) { return author_list(gTxt($msg, array('{name}' => txpspecialchars(join(', ', $changed))))); } author_list($msg); }
/** * Resets the given user's password and emails it. * * The old password is replaced with a new random-generated one. * * Should NEVER be used as sending plaintext passwords is wrong. * Will be removed in future, in lieu of sending reset request tokens. * * @param string $name The login name * @return string A localized message string * @deprecated in 4.6.0 * @see PASSWORD_LENGTH * @see generate_password() * @example * echo reset_author_pass('username'); */ function reset_author_pass($name) { $email = safe_field("email", 'txp_users', "name = '" . doSlash($name) . "'"); $new_pass = Txp::get('\\Textpattern\\Password\\Random')->generate(PASSWORD_LENGTH); $rs = change_user_password($name, $new_pass); if ($rs) { if (send_new_password($new_pass, $email, $name)) { return gTxt('password_sent_to') . ' ' . $email; } else { return gTxt('could_not_mail') . ' ' . $email; } } else { return gTxt('could_not_update_author') . ' ' . txpspecialchars($name); } }
function mem_self_password_reset_form($atts, $thing = '') { global $mem_self, $sitename, $production_status; extract(lAtts(array('form' => '', 'form_mail' => '', 'from' => $mem_self['admin_email'], 'reply' => '', 'subject' => "[{$sitename}] " . mem_self_gTxt('password_reset_confirmation_request'), 'confirm_url' => '', 'check_name' => 1, 'check_email' => 1), $atts, false)); if (!is_callable('mail')) { return $production_status == 'live' ? mem_self_gTxt('mail_sorry') : gTxt('warn_mail_unavailable'); } if (gps('mem_self_confirm')) { sleep(3); $confirm = pack('H*', gps('mem_self_confirm')); $name = substr($confirm, 5); $nonce = safe_field('nonce', 'txp_users', "name = '" . doSlash($name) . "'"); if ($nonce and $confirm === pack('H*', substr(md5($nonce), 0, 10)) . $name) { $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); $new_pass = doSlash(generate_password(10)); $rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($name) . "'"); if ($rs) { if (send_new_password($new_pass, $email, $name)) { return mem_self_gTxt('password_sent_to', array('{email}' => $email)); } else { return mem_self_gTxt('mail_sorry'); } } else { return mem_self_gTxt('password_change_failed'); } } } if (!$check_name and !$check_email) { return mem_self_gTxt('invalid_form_tags', array('{form}' => 'mem_self_password_reset_form')); } if (!empty($form)) { $thing = fetch_form($form); unset($atts['form']); } $secrets = array('form_mail', 'from', 'reply', 'subject', 'confirm_url', 'check_name', 'check_email'); foreach ($secrets as $a) { $thing .= '<txp:mem_form_secret name="' . $a . '" value="' . ${$a} . '" />'; unset($atts[$a]); } return mem_form($atts + array('type' => 'mem_self_password_reset'), $thing); }
function author_change_pass() { require_privs('admin.edit'); $name = ps('name'); $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); $new_pass = doSlash(generate_password(6)); $rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($name) . "'"); if ($rs) { if (send_new_password($new_pass, $email, $name)) { admin(gTxt('password_sent_to') . ' ' . $email); } else { admin(gTxt('could_not_mail') . ' ' . $email); } } else { admin(gTxt('could_not_update_author') . ' ' . $name); } }
$sq = "update " . $table_prefix . "events set status_id = 4, quick_approve = NULL where quick_approve = '" . $code . "'"; $squery = mysql_query($sq); if ($squery) { $msg = $lang["event_updated"]; $event_id = mysql_result($query, 0, 0); include "includes/notify.php"; notify_group($event_id); } } else { $msg = $lang["event_not_found"]; } header("Location: index.php?msg=" . $msg); } switch ($_REQUEST["mode"]) { case $lang["send_new_password"]: send_new_password(); break; case "q": approve($_REQUEST["qa"]); break; case "logout": log_out(); break; case "Log In": check_login(); break; default: header("Location: index.php"); break; } mysql_close($link);