public function postForgot(&$content) { if (empty($_POST['fg_username']) && empty($_POST['fg_email'])) { $content = dgettext('users', 'You must enter either a username or email address.'); return false; } if (!empty($_POST['fg_username'])) { $username = $_POST['fg_username']; if (preg_match('/\'|"/', html_entity_decode(strip_tags($username), ENT_QUOTES))) { $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.'); return false; } $db = new PHPWS_DB('users'); $db->addWhere('username', strtolower($username)); $db->addColumn('email'); $db->addColumn('id'); $db->addColumn('deity'); $db->addColumn('authorize'); $user_search = $db->select('row'); if (PHPWS_Error::logIfError($user_search)) { $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.'); return false; } elseif (empty($user_search)) { $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.'); return false; } else { if ($user_search['deity'] && !ALLOW_DEITY_FORGET) { Security::log(dgettext('users', 'Forgotten password attempt made on a deity account.')); $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.'); return false; } if ($user_search['authorize'] != 1) { $content = sprintf(dgettext('users', 'Sorry but your authorization is not checked on this site. Please contact %s for information on reseting your password.'), PHPWS_User::getUserSetting('site_contact')); return false; } if (PHPWS_Core::isPosted()) { $content = dgettext('users', 'Please check your email for a response.'); return true; } if (empty($user_search['email'])) { $content = dgettext('users', 'Your email address is missing from your account. Please contact the site administrators.'); PHPWS_Error::log(USER_ERR_NO_EMAIL, 'users', 'User_Action::postForgot'); return true; } if (User_Action::emailPasswordReset($user_search['id'], $user_search['email'])) { $content = dgettext('users', 'We have sent you an email to reset your password.'); return true; } else { $content = dgettext('users', 'We are currently unable to send out email reminders. Try again later.'); return true; } } } elseif (!empty($_POST['fg_email'])) { $email = $_POST['fg_email']; if (preg_match('/\'|"/', html_entity_decode(strip_tags($email), ENT_QUOTES))) { $content = dgettext('users', 'Email address not found. Please try again.'); return false; } if (!PHPWS_Text::isValidInput($email, 'email')) { $content = dgettext('users', 'Email address not found. Please try again.'); return false; } $db = new PHPWS_DB('users'); $db->addWhere('email', $email); $db->addColumn('username'); $user_search = $db->select('row'); if (PHPWS_Error::logIfError($user_search)) { $content = dgettext('users', 'Email address not found. Please try again.'); return false; } elseif (empty($user_search)) { $content = dgettext('users', 'Email address not found. Please try again.'); return false; } else { if (PHPWS_Core::isPosted()) { $content = dgettext('users', 'Please check your email for a response.'); return true; } if (User_Action::emailUsernameReminder($user_search['username'], $email)) { $content = dgettext('users', 'We have sent you an user name reminder. Please check your email and return to log in.'); return true; } else { $content = dgettext('users', 'We are currently unable to send out email reminders. Try again later.'); return true; } } } }