function get()
{
if (x($_GET, 'verify')) {
$verify = $_GET['verify'];
$r = q("SELECT * FROM account WHERE account_reset = '%s' LIMIT 1", dbesc($verify));
if (!$r) {
notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL);
goaway(z_root());
return;
}
$aid = $r[0]['account_id'];
$email = $r[0]['account_email'];
$new_password = autoname(6) . mt_rand(100, 9999);
$salt = random_string(32);
$password_encoded = hash('whirlpool', $salt . $new_password);
$r = q("UPDATE account SET account_salt = '%s', account_password = '******', account_reset = '', account_flags = (account_flags & ~%d) where account_id = %d", dbesc($salt), dbesc($password_encoded), intval(ACCOUNT_UNVERIFIED), intval($aid));
if ($r) {
$tpl = get_markup_template('pwdreset.tpl');
$o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . z_root() . '/login">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => z_root()));
info("Your password has been reset." . EOL);
$email_tpl = get_intltext_template("passchanged_eml.tpl");
$message = replace_macros($email_tpl, array('$sitename' => \App::$config['sitename'], '$siteurl' => z_root(), '$username' => sprintf(t('Site Member (%s)'), $email), '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid));
$res = z_mail(['toEmail' => $email, 'messageSubject' => sprintf(t('Your password has changed at %s'), get_config('system', 'sitename')), 'textVersion' => $message]);
return $o;
}
} else {
$tpl = get_markup_template('lostpass.tpl');
$o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Email Address'), '$submit' => t('Reset')));
return $o;
}
}
function post()
{
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
check_form_security_token_redirectOnErr('/', 'send_invite');
$max_invites = intval(get_config('system', 'max_invites'));
if (!$max_invites) {
$max_invites = 50;
}
$current_invites = intval(get_pconfig(local_channel(), 'system', 'sent_invites'));
if ($current_invites > $max_invites) {
notice(t('Total invitation limit exceeded.') . EOL);
return;
}
$recips = x($_POST, 'recipients') ? explode("\n", $_POST['recipients']) : array();
$message = x($_POST, 'message') ? notags(trim($_POST['message'])) : '';
$total = 0;
if (get_config('system', 'invitation_only')) {
$invonly = true;
$x = get_pconfig(local_channel(), 'system', 'invites_remaining');
if (!$x && !is_site_admin()) {
return;
}
}
foreach ($recips as $recip) {
$recip = trim($recip);
if (!$recip) {
continue;
}
if (!valid_email($recip)) {
notice(sprintf(t('%s : Not a valid email address.'), $recip) . EOL);
continue;
} else {
$nmessage = $message;
}
$account = \App::get_account();
$res = z_mail(['toEmail' => $recip, 'fromName' => ' ', 'fromEmail' => $account['account_email'], 'messageSubject' => t('Please join us on $Projectname'), 'textVersion' => $nmessage]);
if ($res) {
$total++;
$current_invites++;
set_pconfig(local_channel(), 'system', 'sent_invites', $current_invites);
if ($current_invites > $max_invites) {
notice(t('Invitation limit exceeded. Please contact your site administrator.') . EOL);
return;
}
} else {
notice(sprintf(t('%s : Message delivery failed.'), $recip) . EOL);
}
}
notice(sprintf(tt("%d message sent.", "%d messages sent.", $total), $total) . EOL);
return;
}
/**
* @brief Allows a user registration.
*
* @param string $hash
* @return array|boolean
*/
function account_allow($hash)
{
$ret = array('success' => false);
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1", dbesc($hash));
if (!$register) {
return $ret;
}
$account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1", intval($register[0]['uid']));
if (!$account) {
return $ret;
}
$r = q("DELETE FROM register WHERE hash = '%s'", dbesc($register[0]['hash']));
$r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED), intval($register[0]['uid']));
$r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid']));
push_lang($register[0]['lang']);
$email_tpl = get_intltext_template("register_open_eml.tpl");
$email_msg = replace_macros($email_tpl, array('$sitename' => get_config('system', 'sitename'), '$siteurl' => z_root(), '$username' => $account[0]['account_email'], '$email' => $account[0]['account_email'], '$password' => '', '$uid' => $account[0]['account_id']));
$res = z_mail(['toEmail' => $account[0]['account_email'], 'messageSubject' => sprintf(t('Registration details for %s'), get_config('system', 'sitename')), 'textVersion' => $email_msg]);
pop_lang();
if (get_config('system', 'auto_channel_create') || get_config('system', 'server_role') === 'basic') {
auto_channel_create($register[0]['uid']);
}
if ($res) {
info(t('Account approved.') . EOL);
return true;
}
}
