function get() { if (x($_GET, 'verify')) { $verify = $_GET['verify']; $r = q("SELECT * FROM account WHERE account_reset = '%s' LIMIT 1", dbesc($verify)); if (!$r) { notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL); goaway(z_root()); return; } $aid = $r[0]['account_id']; $email = $r[0]['account_email']; $new_password = autoname(6) . mt_rand(100, 9999); $salt = random_string(32); $password_encoded = hash('whirlpool', $salt . $new_password); $r = q("UPDATE account SET account_salt = '%s', account_password = '******', account_reset = '', account_flags = (account_flags & ~%d) where account_id = %d", dbesc($salt), dbesc($password_encoded), intval(ACCOUNT_UNVERIFIED), intval($aid)); if ($r) { $tpl = get_markup_template('pwdreset.tpl'); $o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . z_root() . '/login">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => z_root())); info("Your password has been reset." . EOL); $email_tpl = get_intltext_template("passchanged_eml.tpl"); $message = replace_macros($email_tpl, array('$sitename' => \App::$config['sitename'], '$siteurl' => z_root(), '$username' => sprintf(t('Site Member (%s)'), $email), '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid)); $res = z_mail(['toEmail' => $email, 'messageSubject' => sprintf(t('Your password has changed at %s'), get_config('system', 'sitename')), 'textVersion' => $message]); return $o; } } else { $tpl = get_markup_template('lostpass.tpl'); $o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Email Address'), '$submit' => t('Reset'))); return $o; } }
function post() { if (!local_channel()) { notice(t('Permission denied.') . EOL); return; } check_form_security_token_redirectOnErr('/', 'send_invite'); $max_invites = intval(get_config('system', 'max_invites')); if (!$max_invites) { $max_invites = 50; } $current_invites = intval(get_pconfig(local_channel(), 'system', 'sent_invites')); if ($current_invites > $max_invites) { notice(t('Total invitation limit exceeded.') . EOL); return; } $recips = x($_POST, 'recipients') ? explode("\n", $_POST['recipients']) : array(); $message = x($_POST, 'message') ? notags(trim($_POST['message'])) : ''; $total = 0; if (get_config('system', 'invitation_only')) { $invonly = true; $x = get_pconfig(local_channel(), 'system', 'invites_remaining'); if (!$x && !is_site_admin()) { return; } } foreach ($recips as $recip) { $recip = trim($recip); if (!$recip) { continue; } if (!valid_email($recip)) { notice(sprintf(t('%s : Not a valid email address.'), $recip) . EOL); continue; } else { $nmessage = $message; } $account = \App::get_account(); $res = z_mail(['toEmail' => $recip, 'fromName' => ' ', 'fromEmail' => $account['account_email'], 'messageSubject' => t('Please join us on $Projectname'), 'textVersion' => $nmessage]); if ($res) { $total++; $current_invites++; set_pconfig(local_channel(), 'system', 'sent_invites', $current_invites); if ($current_invites > $max_invites) { notice(t('Invitation limit exceeded. Please contact your site administrator.') . EOL); return; } } else { notice(sprintf(t('%s : Message delivery failed.'), $recip) . EOL); } } notice(sprintf(tt("%d message sent.", "%d messages sent.", $total), $total) . EOL); return; }
/** * @brief Allows a user registration. * * @param string $hash * @return array|boolean */ function account_allow($hash) { $ret = array('success' => false); $register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1", dbesc($hash)); if (!$register) { return $ret; } $account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1", intval($register[0]['uid'])); if (!$account) { return $ret; } $r = q("DELETE FROM register WHERE hash = '%s'", dbesc($register[0]['hash'])); $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED), intval($register[0]['uid'])); $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid'])); push_lang($register[0]['lang']); $email_tpl = get_intltext_template("register_open_eml.tpl"); $email_msg = replace_macros($email_tpl, array('$sitename' => get_config('system', 'sitename'), '$siteurl' => z_root(), '$username' => $account[0]['account_email'], '$email' => $account[0]['account_email'], '$password' => '', '$uid' => $account[0]['account_id'])); $res = z_mail(['toEmail' => $account[0]['account_email'], 'messageSubject' => sprintf(t('Registration details for %s'), get_config('system', 'sitename')), 'textVersion' => $email_msg]); pop_lang(); if (get_config('system', 'auto_channel_create') || get_config('system', 'server_role') === 'basic') { auto_channel_create($register[0]['uid']); } if ($res) { info(t('Account approved.') . EOL); return true; } }