Exemple #1
0
                $errors[] = lang("FORGOTPASS_REQUEST_EXISTS");
            } else {
                //Email the user asking to confirm this change password request
                //We can use the template builder here
                //We use the activation token again for the url key it gets regenerated everytime it's used.
                $mail = new userCakeMail();
                $confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"];
                $deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"];
                //Setup our custom hooks
                $hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"]));
                if (!$mail->newTemplateMsg("lost-password-request.txt", $hooks)) {
                    $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
                } else {
                    if (!$mail->sendMail($userdetails["email"], "Lost password request")) {
                        $errors[] = lang("MAIL_ERROR");
                    } else {
                        //Update the DB to show this account has an outstanding request
                        flagLostPasswordRequest($username, 1);
                        $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS");
                    }
                }
            }
        }
    }
}
require_once "models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake</h1>\r\n<h2>Forgot Password</h2>\r\n<div id='left-nav'>";
include "left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<div id='regbox'>\r\n<form name='newLostPass' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<p>\r\n<label>Username:</label>\r\n<input type='text' name='username' />\r\n</p>\r\n<p>    \r\n<label>Email:</label>\r\n<input type='text' name='email' />\r\n</p>\r\n<p>\r\n<label>&nbsp;</label>\r\n<input type='submit' value='Submit' class='submit' />\r\n</p>\r\n</form>\r\n</div>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
                //Email the user asking to confirm this change password request
                //We can use the template builder here
                //We use the activation token again for the url key it gets regenerated everytime it's used.
                $mail = new userCakeMail();
                $confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"];
                $deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"];
                //Setup our custom hooks
                $hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"]));
                if (!$mail->newTemplateMsg("lost-password-request.txt", $hooks)) {
                    $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
                } else {
                    if (!$mail->sendMail($userdetails["email"], "Lost password request")) {
                        $errors[] = lang("MAIL_ERROR");
                    } else {
                        //Update the DB to show this account has an outstanding request
                        if (!flagLostPasswordRequest($userdetails["user_name"], 1)) {
                            $errors[] = lang("SQL_ERROR");
                        } else {
                            $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS");
                        }
                    }
                }
            }
        }
    }
}
require_once "models/admin_head.php";
echo "\n<body>\n<div id='wrapper'>\n<div id='top'><div id='logo'></div></div>\n<div id='content'>\n<h1>UserCake</h1>\n<h2>Forgot Password</h2>\n<div id='left-nav'>";
include "left-nav.php";
echo "\n</div>\n<div id='main'>";
echo resultBlock($errors, $successes);
 public function index()
 {
     /*
     UserCake (Via CupCake) Version: 2.0.2
     http://usercake.com
     */
     global $baseURL;
     $baseURL = getcwd();
     require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
     if (!securePage($_SERVER['PHP_SELF'])) {
         die;
     }
     //User has confirmed they want their password changed
     if (!empty($_GET["confirm"])) {
         $token = trim($_GET["confirm"]);
         if ($token == "" || !validateActivationToken($token, TRUE)) {
             $errors[] = lang("FORGOTPASS_INVALID_TOKEN");
         } else {
             $rand_pass = getUniqueCode(15);
             //Get unique code
             $secure_pass = generateHash($rand_pass);
             //Generate random hash
             $userdetails = fetchUserDetails(NULL, $token);
             //Fetchs user details
             $mail = new userCakeMail();
             //Setup our custom hooks
             $hooks = array("searchStrs" => array("#GENERATED-PASS#", "#USERNAME#"), "subjectStrs" => array($rand_pass, $userdetails["display_name"]));
             if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/your-lost-password.txt", $hooks)) {
                 $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
             } else {
                 if (!$mail->sendMail($userdetails["email"], "Your new password")) {
                     $errors[] = lang("MAIL_ERROR");
                 } else {
                     if (!updatePasswordFromToken($secure_pass, $token)) {
                         $errors[] = lang("SQL_ERROR");
                     } else {
                         if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
                             $errors[] = lang("SQL_ERROR");
                         } else {
                             $successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL");
                         }
                     }
                 }
             }
         }
     }
     //User has denied this request
     if (!empty($_GET["deny"])) {
         $token = trim($_GET["deny"]);
         if ($token == "" || !validateActivationToken($token, TRUE)) {
             $errors[] = lang("FORGOTPASS_INVALID_TOKEN");
         } else {
             $userdetails = fetchUserDetails(NULL, $token);
             if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
                 $errors[] = lang("SQL_ERROR");
             } else {
                 $successes[] = lang("FORGOTPASS_REQUEST_CANNED");
             }
         }
     }
     //Forms posted
     if (!empty($_POST)) {
         $email = $_POST["email"];
         $username = sanitize($_POST["username"]);
         //Perform some validation
         //Feel free to edit / change as required
         if (trim($email) == "") {
             $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
         } else {
             if (!isValidEmail($email) || !emailExists($email)) {
                 $errors[] = lang("ACCOUNT_INVALID_EMAIL");
             }
         }
         if (trim($username) == "") {
             $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
         } else {
             if (!usernameExists($username)) {
                 $errors[] = lang("ACCOUNT_INVALID_USERNAME");
             }
         }
         if (count($errors) == 0) {
             //Check that the username / email are associated to the same account
             if (!emailUsernameLinked($email, $username)) {
                 $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
             } else {
                 //Check if the user has any outstanding lost password requests
                 $userdetails = fetchUserDetails($username);
                 if ($userdetails["lost_password_request"] == 1) {
                     $errors[] = lang("FORGOTPASS_REQUEST_EXISTS");
                 } else {
                     //Email the user asking to confirm this change password request
                     //We can use the template builder here
                     //We use the activation token again for the url key it gets regenerated everytime it's used.
                     $mail = new userCakeMail();
                     $confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"];
                     $deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"];
                     //Setup our custom hooks
                     $hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"]));
                     if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/lost-password-request.txt", $hooks)) {
                         $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
                     } else {
                         if (!$mail->sendMail($userdetails["email"], "Lost password request")) {
                             $errors[] = lang("MAIL_ERROR");
                         } else {
                             //Update the DB to show this account has an outstanding request
                             if (!flagLostPasswordRequest($userdetails["user_name"], 1)) {
                                 $errors[] = lang("SQL_ERROR");
                             } else {
                                 $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS");
                             }
                         }
                     }
                 }
             }
         }
     }
     $this->load->view('forgot_password');
 }