/**
* checks the validity of input parameters, fills $page['errors'] and
* $page['infos'] and send an email with confirmation link
*
* @return bool (true if email was sent, false otherwise)
*/
function process_password_request()
{
global $page, $conf;
if (empty($_POST['username_or_email'])) {
$page['errors'][] = l10n('Invalid username or email');
return false;
}
$user_id = get_userid_by_email($_POST['username_or_email']);
if (!is_numeric($user_id)) {
$user_id = get_userid($_POST['username_or_email']);
}
if (!is_numeric($user_id)) {
$page['errors'][] = l10n('Invalid username or email');
return false;
}
$userdata = getuserdata($user_id, false);
// password request is not possible for guest/generic users
$status = $userdata['status'];
if (is_a_guest($status) or is_generic($status)) {
$page['errors'][] = l10n('Password reset is not allowed for this user');
return false;
}
if (empty($userdata['email'])) {
$page['errors'][] = l10n('User "%s" has no email address, password reset is not possible', $userdata['username']);
return false;
}
$activation_key = generate_key(20);
list($expire) = pwg_db_fetch_row(pwg_query('SELECT ADDDATE(NOW(), INTERVAL 1 HOUR)'));
single_update(USER_INFOS_TABLE, array('activation_key' => pwg_password_hash($activation_key), 'activation_key_expire' => $expire), array('user_id' => $user_id));
$userdata['activation_key'] = $activation_key;
set_make_full_url();
$message = l10n('Someone requested that the password be reset for the following user account:') . "\r\n\r\n";
$message .= l10n('Username "%s" on gallery %s', $userdata['username'], get_gallery_home_url());
$message .= "\r\n\r\n";
$message .= l10n('To reset your password, visit the following address:') . "\r\n";
$message .= get_gallery_home_url() . '/password.php?key=' . $activation_key . '-' . urlencode($userdata['email']);
$message .= "\r\n\r\n";
$message .= l10n('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n";
unset_make_full_url();
$message = trigger_change('render_lost_password_mail_content', $message);
$email_params = array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Password Reset'), 'content' => $message, 'email_format' => 'text/plain');
if (pwg_mail($userdata['email'], $email_params)) {
$page['infos'][] = l10n('Check your email for the confirmation link');
return true;
} else {
$page['errors'][] = l10n('Error sending email');
return false;
}
}
function update_user_by_email($details, $user)
{
$uid = get_userid_by_email($details['email']);
$hash = $user->hash_pass($details['password']);
$sql = "UPDATE users SET username = '******'username'] . "', realname = '" . $details['realname'] . "',\n password = '******', activated = '1', reg_date = '" . time() . "' \n WHERE user_id = {$uid} LIMIT 1";
$result = mysql_query($sql);
if ($result) {
$groups = get_groups($uid);
return $groups;
}
return false;
}
FluxBB_Deluser($_GET['id'], true);
Audit_PWG_FluxBB();
} else {
if (isset($_GET['action']) and $_GET['action'] == 'add2pwg' and isset($_GET['id']) and isset($_GET['username']) and isset($_GET['email'])) {
$emails_to_create = array();
$emails_rejected = array();
$emails_already_exist = array();
$emails_created = array();
$emails_on_error = array();
$email = trim($_GET['email']);
$username = $_GET['username'];
$fluxbb_id = $_GET['id'];
// this test requires PHP 5.2+
if (filter_var($email, FILTER_VALIDATE_EMAIL) !== false) {
$emails_to_check[] = $email;
if (!get_userid_by_email($email)) {
$emails_to_create[] = $email;
} else {
$emails_existing[] = $email;
}
} elseif (!empty($email)) {
$emails_rejected[] = $email;
}
// find a password
$password = generate_key(8);
$Piwigo_Adduser_Errors = Synch_Piwigo_Adduser($fluxbb_id, $username, $password, $email);
if (!empty($Piwigo_Adduser_Errors)) {
$emails_on_error[] = $email;
} else {
$emails_created[] = $email;
}
}
$token_age = time() - $_SESSION['token_time'];
// force to resubmit after 5 minutes
if ($token_age > 300) {
$errorString[] = "Timout value exceeded, resubmit<br />";
}
for ($i = 1; $i < $membersize + 1; $i++) {
$uid = false;
// first check email for existing user
if (!is_rfc3696_valid_email_address($_POST["invite-email-{$i}"]) && !empty($_POST["invite-email-{$i}"])) {
$errorString[] = "Not a valid email address for number {$i}<br />";
}
if (email_exists($_POST["invite-email-{$i}"]) && !empty($_POST["invite-email-{$i}"])) {
// $errorString .= "<b>Error:</b> Email address already in use for number $i<br />";
// user is already registered, take that user_id by storing it in temp array
$uid = get_userid_by_email($_POST["invite-email-{$i}"]);
$existing_users[$uid] = $_POST["invite-email-{$i}"];
}
// ignore empty field sets
if (empty($_POST["invite-name-{$i}"]) && !empty($_POST["invite-email-{$i}"]) && !$uid) {
$errorString[] = "Name is mandatory, but only email given for number {$i}<br />";
} elseif (!empty($_POST["invite-name-{$i}"])) {
if (!is_valid_real_name($_POST["invite-name-{$i}"])) {
$errorString[] = "Invalid name for number {$i}<br />";
} elseif (realname_exists($_POST["invite-name-{$i}"])) {
$errorString[] = "Name exists for number {$i} (try adding by email)<br />";
}
}
}
if (!empty($errorString)) {
$add_form = true;
$showloginform = true;
}
break;
case "register":
//Code Here
$showregisterform = true;
break;
case "lostpass":
//Code Here
$showlostpassform = true;
break;
case "processlostpassemail":
//Code Here
if (email_exists($_POST['email'], true)) {
// email found reset
$uid = get_userid_by_email($_POST['email']);
$profile = get_user_profile($uid);
$newpass = reset_pass($_POST['email'], $user);
if ($newpass != false) {
// send email
$subject = "Going Dutch password reset";
$link = '<a href="' . LOGIN_URL . '">login</a>';
$body = "Someone (most likely you) has requested a password reset for the Going Dutch account with this email address. <br />";
$body .= "Please reset your password on the profile page after logging in. You can now {$link} with this username and password: <br />";
$body .= "Username: {$profile['username']}<br />";
$body .= "Password: {$newpass}<br />";
$from = '*****@*****.**';
$from_name = 'Going Dutch';
smtpmailer($_POST['email'], $from, $from_name, $subject, $body, $replyto = '', $sendas = 'to');
$registercomplete[] = "A new password has been emailed to {$_POST['email']}";
$registercomplete[] .= "Click <a href=\"http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "\">here</a> to login";