/** * Add to the newsletter, in the simplest way. * * @param EMAIL The email address of the subscriber * @param integer The interest level * @range 1 4 * @param ?LANGUAGE_NAME The language (NULL: users) * @param boolean Whether to require a confirmation mail * @param ?AUTO_LINK The newsletter to join (NULL: the first) * @param string Subscribers forename * @param string Subscribers surname * @return string Newsletter password */ function basic_newsletter_join($email, $interest_level = 4, $lang = NULL, $get_confirm_mail = false, $newsletter_id = NULL, $forename = '', $surname = '') { if (is_null($lang)) { $lang = user_lang(); } if (is_null($newsletter_id)) { $newsletter_id = db_get_first_id(); } $password = get_rand_password(); $code_confirm = $get_confirm_mail ? mt_rand(1, 9999999) : 0; $test = $GLOBALS['SITE_DB']->query_value_null_ok('newsletter_subscribe', 'the_level', array('newsletter_id' => $newsletter_id, 'email' => $email)); if ($test === 0) { $GLOBALS['SITE_DB']->query_delete('newsletter_subscribe', array('newsletter_id' => $newsletter_id, 'email' => $email), '', 1); $test = NULL; } if (is_null($test)) { require_lang('newsletter'); $test = $GLOBALS['SITE_DB']->query_value_null_ok('newsletter', 'email', array('email' => $email)); if (is_null($test)) { $salt = produce_salt(); $GLOBALS['SITE_DB']->query_insert('newsletter', array('n_forename' => $forename, 'n_surname' => $surname, 'join_time' => time(), 'email' => $email, 'code_confirm' => $code_confirm, 'pass_salt' => $salt, 'the_password' => md5($password . $salt), 'language' => $lang), false, true); // race condition if ($get_confirm_mail) { $_url = build_url(array('page' => 'newsletter', 'type' => 'confirm', 'email' => $email, 'confirm' => $code_confirm), get_module_zone('newsletter')); $url = $_url->evaluate(); $message = do_lang('NEWSLETTER_SIGNUP_TEXT', comcode_escape($url), comcode_escape($password), array($forename, $surname, $email, get_site_name()), $lang); require_code('mail'); mail_wrap(do_lang('NEWSLETTER_SIGNUP', NULL, NULL, NULL, $lang), $message, array($email)); } } else { $GLOBALS['SITE_DB']->query_update('newsletter', array('join_time' => time()), array('email' => $email), '', 1); $password = ''; } $GLOBALS['SITE_DB']->query_insert('newsletter_subscribe', array('newsletter_id' => $newsletter_id, 'the_level' => $interest_level, 'email' => $email), false, true); // race condition return $password; } return do_lang('NA'); }
/** * The UI and actualisation for: accepting code if it is correct (and not ''), and setting password to something random, emailing it * * @return tempcode The UI */ function step3() { $title = get_page_title('RESET_PASSWORD'); $code = get_param('code', ''); if ($code == '') { require_code('form_templates'); $fields = new ocp_tempcode(); $fields->attach(form_input_username(do_lang_tempcode('USERNAME'), '', 'username', NULL, true)); $fields->attach(form_input_integer(do_lang_tempcode('CODE'), '', 'code', NULL, true)); $submit_name = do_lang_tempcode('PROCEED'); return do_template('FORM_SCREEN', array('_GUID' => '6e4db5c6f3c75faa999251339533d22a', 'TITLE' => $title, 'GET' => true, 'SKIP_VALIDATION' => true, 'HIDDEN' => '', 'URL' => get_self_url(false, false, NULL, false, true), 'FIELDS' => $fields, 'TEXT' => do_lang_tempcode('MISSING_CONFIRM_CODE'), 'SUBMIT_NAME' => $submit_name)); } $username = get_param('username', NULL); if (!is_null($username)) { $username = trim($username); $member = $GLOBALS['FORUM_DRIVER']->get_member_from_username($username); if (is_null($member)) { warn_exit(do_lang_tempcode('PASSWORD_RESET_ERROR_2')); } } else { $member = get_param_integer('member'); } $correct_code = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member, 'm_password_change_code'); if ($correct_code == '') { $_reset_url = build_url(array('page' => '_SELF', 'username' => $GLOBALS['FORUM_DRIVER']->get_username($member)), '_SELF'); $reset_url = $_reset_url->evaluate(); warn_exit(do_lang_tempcode('PASSWORD_ALREADY_RESET', escape_html($reset_url), get_site_name())); } if ($code != $correct_code) { $test = $GLOBALS['SITE_DB']->query_value_null_ok('adminlogs', 'date_and_time', array('the_type' => 'RESET_PASSWORD', 'param_a' => strval($member), 'param_b' => $code)); if (!is_null($test)) { warn_exit(do_lang_tempcode('INCORRECT_PASSWORD_RESET_CODE')); } log_hack_attack_and_exit('HACK_ATTACK_PASSWORD_CHANGE'); } $email = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member, 'm_email_address'); $new_password = get_rand_password(); // Send password in mail $_login_url = build_url(array('page' => 'login', 'username' => $GLOBALS['FORUM_DRIVER']->get_username($member)), get_module_zone('login'), NULL, false, false, true); $login_url = $_login_url->evaluate(); $message = do_lang('MAIL_NEW_PASSWORD', comcode_escape($new_password), $login_url, get_site_name()); require_code('mail'); mail_wrap(do_lang('RESET_PASSWORD'), $message, array($email), $GLOBALS['FORUM_DRIVER']->get_username($member), '', '', 3, NULL, false, NULL, false, false, false, 'MAIL', true); if (get_value('no_password_hashing') === '1') { $password_compatibility_scheme = 'plain'; $new = $new_password; } else { $password_compatibility_scheme = ''; $salt = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member, 'm_pass_salt'); $new = md5($salt . md5($new_password)); } unset($_GET['code']); $GLOBALS['FORUM_DB']->query_update('f_members', array('m_validated_email_confirm_code' => '', 'm_password_compat_scheme' => $password_compatibility_scheme, 'm_password_change_code' => '', 'm_pass_hash_salted' => $new), array('id' => $member), '', 1); return inform_screen($title, do_lang_tempcode('NEW_PASSWORD_MAILED', escape_html($email))); }
/** * The actualiser for resetting newsletter password. * * @return tempcode The UI */ function newsletter_password_reset() { $title = get_page_title(escape_html(get_option('newsletter_title')), false); $email = trim(get_param('email')); $lang = $GLOBALS['SITE_DB']->query_value('newsletter', 'language', array('email' => $email)); $salt = $GLOBALS['SITE_DB']->query_value('newsletter', 'pass_salt', array('email' => $email)); $new_password = get_rand_password(); $GLOBALS['SITE_DB']->query_update('newsletter', array('the_password' => md5($new_password . $salt)), array('email' => $email), '', 1); $message = do_lang('NEWSLETTER_PASSWORD_CHANGE', comcode_escape(get_ip_address()), comcode_escape($new_password), NULL, $lang); require_code('mail'); mail_wrap(get_option('newsletter_title'), $message, array($email), $GLOBALS['FORUM_DRIVER']->get_username(get_member())); breadcrumb_set_self(do_lang_tempcode('NEWSLETTER_PASSWORD_BEEN_RESET')); breadcrumb_set_parents(array(array('_SELF:_SELF:misc', get_option('newsletter_title')))); return inform_screen($title, protect_from_escaping(do_lang('NEWSLETTER_PASSWORD_BEEN_RESET', NULL, NULL, NULL, $lang))); }