function sendNewPass() { global $AppUI; $_live_site = dPgetConfig('base_url'); $_sitename = dPgetConfig('company_name'); // ensure no malicous sql gets past $checkusername = trim(dPgetParam($_POST, 'checkusername', '')); $checkusername = db_escape($checkusername); $confirmEmail = trim(dPgetParam($_POST, 'checkemail', '')); $confirmEmail = mb_strtolower(db_escape($confirmEmail)); $q = new DBQuery(); $q->addTable('users', 'u'); $q->addQuery('u.user_id'); $q->addWhere('user_username=\'' . $checkusername . '\' AND LOWER(contact_email)=\'' . $confirmEmail . '\''); $q->leftJoin('contacts', 'c', 'u.user_contact = c.contact_id'); if (!($user_id = $q->loadResult()) || !$checkusername || !$confirmEmail) { $AppUI->setMsg('Invalid username or email.', UI_MSG_ERROR); $AppUI->redirect(); } $newpass = makePass(); $message = $AppUI->_('sendpass0', UI_OUTPUT_RAW) . ' ' . $checkusername . ' ' . $AppUI->_('sendpass1', UI_OUTPUT_RAW) . ' ' . $_live_site . ' ' . $AppUI->_('sendpass2', UI_OUTPUT_RAW) . ' ' . $newpass . ' ' . $AppUI->_('sendpass3', UI_OUTPUT_RAW); $subject = "{$_sitename} :: " . $AppUI->_('sendpass4', UI_OUTPUT_RAW) . " - {$checkusername}"; $m = new Mail(); // create the mail $m->From("dotProject@" . dPgetConfig('site_domain')); $m->To($confirmEmail); $m->Subject($subject); $m->Body($message, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : ""); // set the body $m->Send(); // send the mail $newpass = md5($newpass); $q->clear(); $q->addTable('users'); $q->addUpdate('user_password', $newpass, true); $q->addWhere('user_id=\'' . $user_id . '\''); $cur = $q->exec(); if (!$cur) { die('SQL error' . $database->stderr(true)); } else { $AppUI->setMsg('New User Password created and emailed to you'); $AppUI->redirect(); } }
function sendNewPass() { global $AppUI; $_live_site = dPgetConfig('base_url'); $_sitename = dPgetConfig('company_name'); // ensure no malicous sql gets past $checkusername = trim(dPgetParam($_POST, 'checkusername', '')); $checkusername = db_escape($checkusername); $confirmEmail = trim(dPgetParam($_POST, 'checkemail', '')); $confirmEmail = mb_strtolower(db_escape($confirmEmail)); $query = 'SELECT user_id FROM users LEFT JOIN contacts ON user_contact = contact_id' . " WHERE user_username='******' AND LOWER(contact_email)='{$confirmEmail}'"; if (!($user_id = db_loadResult($query)) || !$checkusername || !$confirmEmail) { $AppUI->setMsg('Invalid username or email.', UI_MSG_ERROR); $AppUI->redirect(); } $newpass = makePass(); $message = $AppUI->_('sendpass0', UI_OUTPUT_RAW) . ' ' . $checkusername . ' ' . $AppUI->_('sendpass1', UI_OUTPUT_RAW) . ' ' . $_live_site . ' ' . $AppUI->_('sendpass2', UI_OUTPUT_RAW) . ' ' . $newpass . ' ' . $AppUI->_('sendpass3', UI_OUTPUT_RAW); $subject = "{$_sitename} :: " . $AppUI->_('sendpass4', UI_OUTPUT_RAW) . " - {$checkusername}"; $m = new Mail(); // create the mail $m->From("dotProject@" . dPgetConfig('site_domain')); $m->To($confirmEmail); $m->Subject($subject); $m->Body($message, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : ""); // set the body $m->Send(); // send the mail $newpass = md5($newpass); $sql = "UPDATE users SET user_password='******' WHERE user_id='{$user_id}'"; $cur = db_exec($sql); if (!$cur) { die('SQL error' . $database->stderr(true)); } else { $AppUI->setMsg('New User Password created and emailed to you'); $AppUI->redirect(); } }
function sendNewPass() { global $AppUI; $_live_site = w2PgetConfig('base_url'); $_sitename = w2PgetConfig('company_name'); // ensure no malicous sql gets past $checkusername = trim(w2PgetParam($_POST, 'checkusername', '')); $checkusername = db_escape($checkusername); $confirmEmail = trim(w2PgetParam($_POST, 'checkemail', '')); $confirmEmail = strtolower(db_escape($confirmEmail)); $q = new w2p_Database_Query(); $q->addTable('users'); $q->addJoin('contacts', 'con', 'user_contact = contact_id', 'inner'); $q->addQuery('user_id'); $q->addWhere('user_username = \'' . $checkusername . '\''); /* Begin Hack */ /* * This is a particularly annoying hack but I don't know of a better * way to resolve #457. In v2.0, there was a refactoring to allow for * muliple contact methods which resulted in the contact_email being * removed from the contacts table. If the user is upgrading from * v1.x and they try to log in before applying the database, crash. * Info: http://bugs.web2project.net/view.php?id=457 */ $qTest = new w2p_Database_Query(); $qTest->addTable('w2pversion'); $qTest->addQuery('max(db_version)'); $dbVersion = $qTest->loadResult(); if ($dbVersion >= 21 && $dbVersion < 26) { $q->leftJoin('contacts_methods', 'cm', 'cm.contact_id = con.contact_id'); $q->addWhere("cm.method_value = '{$confirmEmail}'"); } else { $q->addWhere("LOWER(contact_email) = '{$confirmEmail}'"); } /* End Hack */ if (!($user_id = $q->loadResult()) || !$checkusername || !$confirmEmail) { $AppUI->setMsg('Invalid username or email.', UI_MSG_ERROR); $AppUI->redirect(); } $newpass = makePass(); $message = $AppUI->_('sendpass0', UI_OUTPUT_RAW) . ' ' . $checkusername . ' ' . $AppUI->_('sendpass1', UI_OUTPUT_RAW) . ' ' . $_live_site . ' ' . $AppUI->_('sendpass2', UI_OUTPUT_RAW) . ' ' . $newpass . ' ' . $AppUI->_('sendpass3', UI_OUTPUT_RAW); $subject = $_sitename . ' :: ' . $AppUI->_('sendpass4', UI_OUTPUT_RAW) . ' - ' . $checkusername; $m = new w2p_Utilities_Mail(); // create the mail $m->To($confirmEmail); $m->Subject($subject); $m->Body($message, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : ''); // set the body $m->Send(); // send the mail $newpass = md5($newpass); $q->addTable('users'); $q->addUpdate('user_password', $newpass); $q->addWhere('user_id=' . $user_id); $cur = $q->exec(); if (!$cur) { die('SQL error' . $database->stderr(true)); } else { $AppUI->setMsg('New User Password created and emailed to you'); $AppUI->redirect(); } }
function sendPass($mail, $name) { $fp = fopen($mail, 'w'); if ($fp) { $pass = makePass(6); fwrite($fp, "{$name}님, 임시 비밀번호는 {$pass}입니다."); fclose($fp); return $pass; } return ''; }
function add_client() { global $prefix, $db, $banners, $admin_file, $ad_admin_menu; include "header.php"; GraphicAdmin(); OpenTable(); echo "{$ad_admin_menu}"; CloseTable(); echo "<br>"; OpenTable(); $cl_pass = makePass(); echo "<center><font class=\"title\"><b>" . _ADDCLIENT . "</b></font></center><br><br>\r\n\t\t\t<table border=\"0\"><tr><td>\r\n\t\t\t<form action=\"" . $admin_file . ".php?op=BannerAddClient\" method=\"post\">\r\n\t\t\t" . _CLIENTNAME . ":</td><td><input type=\"text\" name=\"name\" size=\"30\" maxlength=\"60\"></td></tr>\r\n\t\t\t<tr><td>" . _CONTACTNAME . ":</td><td><input type=\"text\" name=\"contact\" size=\"30\" maxlength=\"60\"></td></tr>\r\n\t\t\t<tr><td>" . _CONTACTEMAIL . ":</td><td><input type=\"text\" name=\"email\" size=\"30\" maxlength=\"60\"></td></tr>\r\n\t\t\t<tr><td>" . _CLIENTLOGIN . ":</td><td><input type=\"text\" name=\"login\" size=\"12\" maxlength=\"10\"></td></tr>\r\n\t\t\t<tr><td>" . _CLIENTPASSWD . ":</td><td><input type=\"text\" name=\"passwd\" size=\"12\" maxlength=\"10\" value=\"{$cl_pass}\"></td></tr>\r\n\t\t\t<tr><td>" . _EXTRAINFO . ":</td><td><textarea name=\"extrainfo\" cols=\"70\" rows=\"15\"></textarea></td></tr>\r\n\t\t\t<tr><td> </td><td><input type=\"hidden\" name=\"op\" value=\"BannerAddClient\">\r\n\t\t\t<input type=\"submit\" value=\"" . _ADDCLIENT2 . "\">\r\n\t\t\t</form></td></tr></table>"; CloseTable(); include "footer.php"; }