$nickname = "";
}
if (!isset($email)) {
$email = "";
}
echo "<tr BGCOLOR=\"{$farbe_tabelle_kopf}\"><td>" . $t['pwneu2'] . "</td><td><input name=\"nickname\" width=50 value=\"{$nickname}\"></td></tr>\n" . "<tr BGCOLOR=\"{$farbe_tabelle_kopf}\"><td>" . $t['pwneu3'] . "</td><td><input name=\"email\" width=50 value=\"{$email}\"></td></tr>\n";
}
echo "<input type=hidden name=\"http_host\" value=\"{$http_host}\">\n" . "<input type=hidden name=\"aktion\" value=\"passwort_neu\">\n" . "<tr BGCOLOR=\"{$farbe_tabelle_kopf}\"><td colspan=2><input type=submit value=\"Absenden\"></td></tr>\n" . "</form></table>";
} else {
if ($richtig && $u_id) {
$query = "SELECT u_adminemail, u_nick FROM user WHERE u_id = '{$u_id}' AND u_level = 'U' LIMIT 2";
$result = mysql_query($query);
if ($result && mysql_numrows($result) == 1) {
unset($f);
$a = mysql_fetch_array($result);
$pwdneu = genpassword(8);
$f['u_passwort'] = $pwdneu;
$f['u_id'] = $u_id;
$text = str_replace("%passwort%", $f['u_passwort'], $t['pwneu15']);
$text = str_replace("%nickname%", $a['u_nick'], $text);
$ok = mail($a['u_adminemail'], $t['pwneu14'], $text, "From: {$webmaster} ({$chat})");
if ($ok) {
echo $t['pwneu12'];
schreibe_db("user", $f, $f['u_id'], "u_id");
} else {
echo $t['pwneu13'];
}
}
}
}
zeige_fuss();
/**
* send_remindpass
*
* sends an e-mail to the user with new generated password or
* if errors occurred then saves errors to the $site->fdat['form_error'] array.
* Requires: GET/POST parameter "op2" must be "send", is step 2 after #remind password# form
*
* @package CMS
*
* usage: include_once($class_path."login_html.inc.php");
* send_remindpass(array("site" => $this));
*/
function send_remindpass() {
$args = func_get_arg(0);
$site = &$args['site']; # pointer to site instance
# check if feature is allowed:
if(!$site->CONF['allow_forgot_password']){ return; }
#########################
# STEP 2 => SEND E-MAIL
if($site->fdat['op2'] == 'send') {
##### emaili formaadi kontroll
if (!preg_match("/^[\w\-\&\.\d]+\@[\w\-\&\.\d]+$/", $site->fdat['email'])) {
$op2_status = "error";
$site->fdat['form_error']['email'] = $site->sys_sona(array(sona => "wrong email format", tyyp=>"kasutaja"));
}
#### if no errors
if ($op2_status != "error") {
###### check if user exists
$sql = $site->db->prepare("SELECT user_id, firstname,lastname,username,email,is_readonly FROM users WHERE email LIKE ? ", $site->fdat['email']);
# print $sql;
$sth = new SQL($sql);
$site->debug->msg($sth->debug->get_msgs());
$user = $sth->fetch();
# printr($user);
# exit;
##### exactly 1 user found => OK
if ($sth->rows == 1 && $user['is_readonly']!=1) {
# data sanity: if account info exists => OK
if($user['username']){
######## always GENERATE NEW PASSWORD
$new_pass = genpassword(8); # length 8 char
# then encrypt password
$enc_new_pass = crypt($new_pass, Chr(rand(65,91)).Chr(rand(65,91)));
########## CHANGE password
$sql = $site->db->prepare("UPDATE users SET password=? WHERE user_id=? ", $enc_new_pass, $user['user_id']);
# print $sql;
$sth = new SQL($sql);
########## SEND email
$header = "<br>";
$footer = "<br>____________________________________<br>
".$site->CONF["site_name"]."<br>
".(empty($_SERVER['HTTPS']) ? 'http://' : 'https://').$site->CONF["hostname"].$site->CONF["wwwroot"]."/";
/*
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=".$site->encoding."\r\n";
$headers .= "From: ".$site->CONF["from_email"]."\r\n";
*/
$message .= "
".$site->sys_sona(array(sona => "Name", tyyp=>"Admin")).": ".$user['firstname']." ".$user['lastname']."<br>
".$site->sys_sona(array(sona => "Username", tyyp=>"Admin")).": ".$user['username']."<br>
".$site->sys_sona(array(sona => "Password", tyyp=>"Admin")).": ".$new_pass."<br>
";
$message .= '<br>'.$site->sys_sona(array(sona => "forgotten password: mail body", tyyp=>"kasutaja")).'<br>';
global $class_path;
include_once($class_path.'mail.class.php');
$mail = new email(array(
'subject' => $site->sys_sona(array('sona' => 'unustatud parool: subject', 'tyyp' => 'kasutaja')),
'message' => strip_tags($header.$message.$footer),
'html' => $header.$message.$footer,
'charset' => $site->encoding,
));
$send_status = $mail->send_mail(array(
'to' => $user['email'],
'from' => $site->CONF['from_email'],
));
//$send_status = mail ($user['email'],$site->sys_sona(array(sona => "unustatud parool: subject", tyyp=>"kasutaja")), $header.$message.$footer, $headers);
######## MAIL OK
if ($send_status) {
new Log(array(
'action' => 'send',
'component' => 'Users',
'message' => "Password reminder: e-mail sent to '".$user['email']."'.",
));
$op2_status = "ok";
}
######## MAIL ERROR
else {
new Log(array(
'action' => 'send',
'component' => 'Users',
'type' => 'ERROR',
'message' => "Password reminder error: can't send e-mail to '".$user['email']."'.",
));
$op2_status = "error";
$site->fdat['form_error']['email'] = $site->sys_sona(array(sona => "viga", tyyp=>"kujundus"));
}
} # if account info exists
# if no username found => error
else {
new Log(array(
'action' => 'send',
'component' => 'Users',
'type' => 'ERROR',
'message' => "Password reminder error: user with e-mail '".$site->fdat['email']."' doesn't have username.",
));
$op2_status = "error";
$site->fdat['form_error']['email'] = $site->sys_sona(array(sona => "email not found", tyyp=>"kasutaja"));
}
} # exactly 1 user found
else {
# 0) the User is flagged is_readonly => write log message
if($user['is_readonly']==1){
new Log(array(
'action' => 'send',
'component' => 'Users',
'type' => 'ERROR',
'message' => "Password reminder error: the email '".$site->fdat['email']."' belongs to a is_readonly flagged user, so no password was sent.",
));
}else{
# 1) if more than 1 users found => write log message
if($sth->rows > 1) {
new Log(array(
'action' => 'send',
'component' => 'Users',
'type' => 'ERROR',
'message' => "Password reminder error: more than 1 user found with e-mail '".$site->fdat['email']."'.",
));
}
# 2) if no users found => write log message and give error message
else {
new Log(array(
'action' => 'send',
'component' => 'Users',
'type' => 'ERROR',
'message' => "Password reminder error: no user found with e-mail '".$site->fdat['email']."'.",
));
}
}
$op2_status = "error";
$site->fdat['form_error']['email'] = $site->sys_sona(array(sona => "email not found", tyyp=>"kasutaja"));
} # how many users found
} # email is ok
} # op2
# / STEP 2 => SEND
#########################
return $site->fdat['form_error'];
}
if ($rs === false) {
echo "<tr>\n<td colspan='9'>Data not added - a database error occured while saving your data</td>\n<tr>";
} else {
if ($rs->RecordCount() > 0) {
echo "<tr>\n<td colspan='9'>Data not added - UserID-Expression already exists</td>\n<tr>";
} else {
if ($userid == 'public') {
echo "<tr>\n<td colspan='9'>Data not added - you cannot use 'public' as UserID</td>\n<tr>";
} else {
$sql = "INSERT INTO " . $db_prefix . "user_auth VALUES(" . $db->qstr($userid) . "," . $db->qstr($authtype) . "," . $db->qstr($admin) . "," . $db->qstr($editor) . "," . $db->qstr($addimages) . "," . $db->qstr($usegroups) . "," . $db->qstr($editgroups) . "," . $db->qstr($active) . ")";
$rs = $db->Execute($sql);
if ($rs === false) {
echo "<tr>\n<td colspan='9'>Data not added - a database error occured while saving your data</td>\n<tr>";
}
if ($authtype == 'static') {
$randompassword = genpassword(8);
$pwd_hash = md5($randompassword);
$sql = "INSERT INTO " . $db_prefix . "user_passwd VALUES(" . $db->qstr($userid) . "," . $db->qstr($pwd_hash) . ")";
$rs = $db->Execute($sql);
if ($rs === false) {
echo "<tr>\n<td colspan='9'>Data not added - a database error occured while setting the new password</td>\n<tr>";
}
echo "<tr>\n<td colspan='9'>A new static user has been created with the password '" . $randompassword . "'. You can change it with the link in the list.</td>\n<tr>";
}
}
}
}
}
}
}
if ($action == "delete" && $userid > -1) {
// echo "Logout complete.\n";
debug("Logout complete.\n");
$logged_in = false;
break;
case 'newform':
// Someone clicked "Create a new account", so ask them for an email address.
// Reqtype in the form is set to 'newsubmit'.
luser_newform();
exit;
break;
case 'newsubmit':
// $reqtype == 'newsubmit'...
// We got an email address to create an account for - create the account
// and tell the user to check his email.
$user = sanitizeInput($_REQUEST['luser']);
if (!luser_create($user, genpassword())) {
echo "Error: Unable to create user account.\n";
exit;
}
luser_checkyourmail();
exit;
break;
default:
// Unrecognized reqtype.
echo "Error: Unrecognized request type (" . $reqtype . ")\n<br>\n";
luser_loginfailed();
exit;
}
// echo "Reqtype: $reqtype\n<br>\n";
// echo "Luser: $user\n<br>\n";
// echo "Pass: $pass\n<br>\n";
echo 'You do not have the permission to access this script.';
exit;
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
</head>
<body>
<?php
if (!isset($_GET['genpassword'])) {
listuser();
} else {
if (!isset($_SESSION['genkey']) || !isset($_GET['genpassword']) || $_SESSION['genkey'] != $_GET['genpassword']) {
echo 'cannot refress on this page<br>';
listuser();
} else {
unset($_SESSION['genkey']);
genpassword();
}
}
?>
<br><br><b>Back to <a href="../main.php">main.</a></b>
</body>
</html>
$errormessage = 'Passwords do not match or are below the minimum required length.';
}
} else {
$errormessage = 'Username already exists. Please try another.';
}
}
if ($function == 'Reset Password') {
## Get their email address and username
$email = mysql_real_escape_string($email);
$query = "SELECT emailaddress, username, id FROM users WHERE emailaddress='{$email}'";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
$db = mysql_fetch_object($result);
## If we found a match
if ($db->id) {
## Generate a random password
$newpass = genpassword(8);
## Set it in the database
$newpass = mysql_real_escape_string($newpass);
$query = "UPDATE users SET userpass=PASSWORD('{$newpass}') WHERE id='{$db->id}'";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
## Email it to the user
$from = "TheGamesDB <{$mail_username}>";
$host = $mail_server;
$to = $db->username . '<' . $db->emailaddress . '>';
$subject = "Your account information";
$message = "This is an automated message.\n\nYour GamesDB password has been reset.\n\nHere is your new login information:\nusername: {$db->username}\npassword: {$newpass}\n\nIf you have any questions, please let us know.\n\nTheGamesDB Crew\n";
$headers = 'From: ' . $from;
mail($to, $subject, wordwrap($message, 70), $headers);
$message = 'Login information has been sent.';
} else {
$errormessage = 'That address cannot be found.';
function gensalt($length)
{
return genpassword($length);
}
