$output = webLoginAlert("Error while loading user account. Please contact the Site Administrator"); } return; } # process password reminder if ($isPWDReminder == 1) { $email = $_POST['txtwebemail']; $webpwdreminder_message = $modx->config['webpwdreminder_message']; $emailsubject = $modx->config['emailsubject']; $emailsender = $modx->config['emailsender']; $site_name = $modx->config['site_name']; // lookup account $ds = $modx->db->select('wu.*, wua.fullname', $modx->getFullTableName('web_users') . " AS wu INNER JOIN " . $modx->getFullTableName('web_user_attributes') . " AS wua ON wua.internalkey=wu.id", "wua.email='" . $modx->db->escape($email) . "'"); if ($row = $modx->db->getRow($ds)) { $newpwd = webLoginGeneratePassword(8); $newpwdkey = webLoginGeneratePassword(8); // activation key //save new password $modx->db->update(array('cachepwd' => "{$newpwd}|{$newpwdkey}"), $modx->getFullTableName('web_users'), "id='{$row['id']}'"); // built activation url $xhtmlUrlSetting = $modx->config['xhtml_urls']; $modx->config['xhtml_urls'] = false; if ($_SERVER['SERVER_PORT'] != '80') { $url = $modx->config['server_protocol'] . '://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . $modx->makeURL($modx->documentIdentifier, '', "webloginmode=actp&wli=" . $row['id'] . "&wlk=" . $newpwdkey); } else { $url = $modx->config['server_protocol'] . '://' . $_SERVER['SERVER_NAME'] . $modx->makeURL($modx->documentIdentifier, '', "webloginmode=actp&wli=" . $row['id'] . "&wlk=" . $newpwdkey); } $modx->config['xhtml_urls'] = $xhtmlUrlSetting; // replace placeholders and send email $message = str_replace("[+uid+]", $row['username'], $webpwdreminder_message); $message = str_replace("[+pwd+]", $newpwd, $message);
if (isset($_POST['password'])) { // verify password if ($_POST['password'] != $_POST['confirmpassword']) { $output = webLoginAlert("Password typed is mismatched") . $tpl; return; } // check password if (strlen($password) < 6) { $output = webLoginAlert("Password is too short!") . $tpl; return; } elseif ($password == "") { $output = webLoginAlert("You didn't specify a password for this user!") . $tpl; return; } } else { $password = webLoginGeneratePassword(); } // verify form code if ($useCaptcha && $_SESSION['veriword'] != $formcode) { $output = webLoginAlert("Incorrect form code. Please enter the correct code displayed by the image.") . $tpl; return; } // create the user account $sql = "INSERT INTO " . $modx->getFullTableName("web_users") . " (username, password) \n VALUES('" . $username . "', md5('" . $password . "'));"; $rs = $modx->db->query($sql); if (!$rs) { $output = webLoginAlert("An error occured while attempting to save the user.") . $tpl; return; } // now get the id $key = $modx->db->getInsertId();
$output = webLoginAlert("Password typed is mismatched", 1) . $tpl; return; } // generate a new password for this user if ($specifiedpassword != "" && $passwordgenmethod == "spec") { if (strlen($specifiedpassword) < 6) { $output = webLoginAlert("Password is too short!") . $tpl; return; } else { $newpassword = $specifiedpassword; } } elseif ($specifiedpassword == "" && $passwordgenmethod == "spec") { $output = webLoginAlert("You didn't specify a password for this user!") . $tpl; return; } elseif ($passwordgenmethod == 'g') { $newpassword = webLoginGeneratePassword(8); } else { $output = webLoginAlert("No password generation method specified!") . $tpl; return; } // handle notification if ($passwordnotifymethod == 'e') { $rt = webLoginSendNewPassword($ds["email"], $ds["username"], $newpassword, $ds["fullname"]); if ($rt !== true) { // an error occured $output = $rt . $tpl; return; } else { $newpassmsg = "A copy of the new password was sent to your email address."; } } else {