$errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email) || !emailExists($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } } if (trim($username) == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } else { if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_INVALID_USERNAME"); } } if (count($errors) == 0) { //Check that the username / email are associated to the same account if (!emailUsernameLinked($email, $username)) { $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); } else { //Check if the user has any outstanding lost password requests $userdetails = fetchUserDetails($username); if ($userdetails["lost_password_request"] == 1) { $errors[] = lang("FORGOTPASS_REQUEST_EXISTS"); } else { //Email the user asking to confirm this change password request //We can use the template builder here //We use the activation token again for the url key it gets regenerated everytime it's used. $mail = new userCakeMail(); $confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"]; $deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"]; //Setup our custom hooks $hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"]));
function updateLastActivationRequest($new_activation_token, $user_name, $email) { // Check that email, user_name exist and are linked if (!(emailExists($email) && usernameExists($user_name) && emailUsernameLinked($email, $user_name))) { addAlert("danger", "Invalid email/username specified."); return false; } try { global $db_table_prefix; $db = pdoConnect(); $sqlVars = array(); $query = "UPDATE " . $db_table_prefix . "users\n SET activation_token = :token,\n last_activation_request = :time,\n lost_password_timestamp = :time_password\n WHERE email = :email\n AND\n user_name = :user_name"; $stmt = $db->prepare($query); $sqlVars['token'] = $new_activation_token; $sqlVars['time'] = time(); $sqlVars['time_password'] = time(); $sqlVars['email'] = $email; $sqlVars['user_name'] = $user_name; if (!$stmt->execute($sqlVars)) { // Error: column does not exist return false; } return true; } catch (PDOException $e) { addAlert("danger", "Oops, looks like our database encountered an error."); error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage()); return false; } catch (ErrorException $e) { addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs."); return false; } catch (RuntimeException $e) { addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs."); error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage()); return false; } }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Forms posted if (!empty($_POST) && $emailActivation) { $email = $_POST["email"]; $username = $_POST["username"]; //Perform some validation //Feel free to edit / change as required if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email) || !emailExists($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } } if (trim($username) == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } else { if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_INVALID_USERNAME"); } } if (count($errors) == 0) { //Check that the username / email are associated to the same account if (!emailUsernameLinked($email, $username)) { $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); } else { $userdetails = fetchUserDetails($username); //See if the user's account is activation if ($userdetails["active"] == 1) { $errors[] = lang("ACCOUNT_ALREADY_ACTIVE"); } else { if ($resend_activation_threshold == 0) { $hours_diff = 0; } else { $last_request = $userdetails["last_activation_request"]; $hours_diff = round((time() - $last_request) / (3600 * $resend_activation_threshold), 0); } if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) { $errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold)); } else { //For security create a new activation url; $new_activation_token = generateActivationToken(); if (!updateLastActivationRequest($new_activation_token, $username, $email)) { $errors[] = lang("SQL_ERROR"); } else { $mail = new userCakeMail(); $activation_url = $websiteUrl . "activate-account.php?token=" . $new_activation_token; //Setup our custom hooks $hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["display_name"])); if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Activate your " . $websiteName . " Account")) { $errors[] = lang("MAIL_ERROR"); } else { //Success, user details have been updated in the db now mail this information out. $successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT"); } } } } } } } } //Prevent the user visiting the logged in page if he/she is already logged in if (isUserLoggedIn()) { header("Location: " . str_replace('index.php/', '', site_url('account'))); die; } $this->load->view('resend_activation'); }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //User has confirmed they want their password changed if (!empty($_GET["confirm"])) { $token = trim($_GET["confirm"]); if ($token == "" || !validateActivationToken($token, TRUE)) { $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); } else { $rand_pass = getUniqueCode(15); //Get unique code $secure_pass = generateHash($rand_pass); //Generate random hash $userdetails = fetchUserDetails(NULL, $token); //Fetchs user details $mail = new userCakeMail(); //Setup our custom hooks $hooks = array("searchStrs" => array("#GENERATED-PASS#", "#USERNAME#"), "subjectStrs" => array($rand_pass, $userdetails["display_name"])); if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/your-lost-password.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Your new password")) { $errors[] = lang("MAIL_ERROR"); } else { if (!updatePasswordFromToken($secure_pass, $token)) { $errors[] = lang("SQL_ERROR"); } else { if (!flagLostPasswordRequest($userdetails["user_name"], 0)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL"); } } } } } } //User has denied this request if (!empty($_GET["deny"])) { $token = trim($_GET["deny"]); if ($token == "" || !validateActivationToken($token, TRUE)) { $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); } else { $userdetails = fetchUserDetails(NULL, $token); if (!flagLostPasswordRequest($userdetails["user_name"], 0)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_CANNED"); } } } //Forms posted if (!empty($_POST)) { $email = $_POST["email"]; $username = sanitize($_POST["username"]); //Perform some validation //Feel free to edit / change as required if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email) || !emailExists($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } } if (trim($username) == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } else { if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_INVALID_USERNAME"); } } if (count($errors) == 0) { //Check that the username / email are associated to the same account if (!emailUsernameLinked($email, $username)) { $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); } else { //Check if the user has any outstanding lost password requests $userdetails = fetchUserDetails($username); if ($userdetails["lost_password_request"] == 1) { $errors[] = lang("FORGOTPASS_REQUEST_EXISTS"); } else { //Email the user asking to confirm this change password request //We can use the template builder here //We use the activation token again for the url key it gets regenerated everytime it's used. $mail = new userCakeMail(); $confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"]; $deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"]; //Setup our custom hooks $hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"])); if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/lost-password-request.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Lost password request")) { $errors[] = lang("MAIL_ERROR"); } else { //Update the DB to show this account has an outstanding request if (!flagLostPasswordRequest($userdetails["user_name"], 1)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS"); } } } } } } } $this->load->view('forgot_password'); }