$output = webLoginAlert("Error while loading user account. Please contact the Site Administrator");
}
return;
}
# process password reminder
if ($isPWDReminder == 1) {
$email = $_POST['txtwebemail'];
$webpwdreminder_message = $modx->config['webpwdreminder_message'];
$emailsubject = $modx->config['emailsubject'];
$emailsender = $modx->config['emailsender'];
$site_name = $modx->config['site_name'];
// lookup account
$ds = $modx->db->select('wu.*, wua.fullname', $modx->getFullTableName('web_users') . " AS wu INNER JOIN " . $modx->getFullTableName('web_user_attributes') . " AS wua ON wua.internalkey=wu.id", "wua.email='" . $modx->db->escape($email) . "'");
if ($row = $modx->db->getRow($ds)) {
$newpwd = webLoginGeneratePassword(8);
$newpwdkey = webLoginGeneratePassword(8);
// activation key
//save new password
$modx->db->update(array('cachepwd' => "{$newpwd}|{$newpwdkey}"), $modx->getFullTableName('web_users'), "id='{$row['id']}'");
// built activation url
$xhtmlUrlSetting = $modx->config['xhtml_urls'];
$modx->config['xhtml_urls'] = false;
if ($_SERVER['SERVER_PORT'] != '80') {
$url = $modx->config['server_protocol'] . '://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . $modx->makeURL($modx->documentIdentifier, '', "webloginmode=actp&wli=" . $row['id'] . "&wlk=" . $newpwdkey);
} else {
$url = $modx->config['server_protocol'] . '://' . $_SERVER['SERVER_NAME'] . $modx->makeURL($modx->documentIdentifier, '', "webloginmode=actp&wli=" . $row['id'] . "&wlk=" . $newpwdkey);
}
$modx->config['xhtml_urls'] = $xhtmlUrlSetting;
// replace placeholders and send email
$message = str_replace("[+uid+]", $row['username'], $webpwdreminder_message);
$message = str_replace("[+pwd+]", $newpwd, $message);
if (isset($_POST['password'])) {
// verify password
if ($_POST['password'] != $_POST['confirmpassword']) {
$output = webLoginAlert("Password typed is mismatched") . $tpl;
return;
}
// check password
if (strlen($password) < 6) {
$output = webLoginAlert("Password is too short!") . $tpl;
return;
} elseif ($password == "") {
$output = webLoginAlert("You didn't specify a password for this user!") . $tpl;
return;
}
} else {
$password = webLoginGeneratePassword();
}
// verify form code
if ($useCaptcha && $_SESSION['veriword'] != $formcode) {
$output = webLoginAlert("Incorrect form code. Please enter the correct code displayed by the image.") . $tpl;
return;
}
// create the user account
$sql = "INSERT INTO " . $modx->getFullTableName("web_users") . " (username, password) \n VALUES('" . $username . "', md5('" . $password . "'));";
$rs = $modx->db->query($sql);
if (!$rs) {
$output = webLoginAlert("An error occured while attempting to save the user.") . $tpl;
return;
}
// now get the id
$key = $modx->db->getInsertId();
$output = webLoginAlert("Password typed is mismatched", 1) . $tpl;
return;
}
// generate a new password for this user
if ($specifiedpassword != "" && $passwordgenmethod == "spec") {
if (strlen($specifiedpassword) < 6) {
$output = webLoginAlert("Password is too short!") . $tpl;
return;
} else {
$newpassword = $specifiedpassword;
}
} elseif ($specifiedpassword == "" && $passwordgenmethod == "spec") {
$output = webLoginAlert("You didn't specify a password for this user!") . $tpl;
return;
} elseif ($passwordgenmethod == 'g') {
$newpassword = webLoginGeneratePassword(8);
} else {
$output = webLoginAlert("No password generation method specified!") . $tpl;
return;
}
// handle notification
if ($passwordnotifymethod == 'e') {
$rt = webLoginSendNewPassword($ds["email"], $ds["username"], $newpassword, $ds["fullname"]);
if ($rt !== true) {
// an error occured
$output = $rt . $tpl;
return;
} else {
$newpassmsg = "A copy of the new password was sent to your email address.";
}
} else {
