Esempio n. 1
0
 if (!empty($emailmatches[1])) {
     // Check if username is taken
     $form->errors[] = "Email already taken.";
     $form->valid = false;
 }
 $username = $form->getElement("username");
 $unvalue = $username->value;
 $unmatches = db_get("SELECT 1 FROM login_user WHERE upper(username) = upper('{$unvalue}')", 'column');
 if (!empty($unmatches[1])) {
     // Check if email is taken
     $form->errors[] = "Username already taken.";
     $form->valid = false;
 }
 if ($form->valid == true) {
     // Hash the password
     $hash = db_hash_password($_REQUEST['password1']);
     if ($hash) {
         // Insert the values
         $firstname = $_REQUEST["firstname"];
         $lastname = $_REQUEST["lastname"];
         $insertfields = array("username" => $unvalue, "pass" => $hash, "email" => $emailvalue, "firstname" => $firstname, "lastname" => $lastname, "pending" => 1);
         $ins = new SQLInsert("login_user", $insertfields);
         $ins->execute();
         //db_execute("INSERT INTO login_user (username, pass, email, firstname, lastname) VALUES('$unvalue', '$hash', '$emailvalue','".$_REQUEST["firstname"]."','".$_REQUEST["lastname"]."')");
         //die("Created user $unvalue");
         $subject = "Access Request for {$unvalue}";
         $url = "http://" . $_SERVER["SERVER_NAME"] . "/shared/login/approveordeny.php?username="******"{$firstname} {$lastname} has requested access to the " . $system_name . ". <br><br><a href='" . $url . "'>Approve or deny</a> {$url}";
         $headers = "From: " . $admin_email . "\r\n";
         $headers .= "Reply-To: " . $admin_email . "\r\n";
         $headers .= "MIME-Version: 1.0\r\n";
Esempio n. 2
0
        if (!empty($emailmatches[1])) {
            $field = 'email';
        } else {
            $form->errors[] = "No user found with username or email <strong>" . $unvalue . "</strong>";
            $form->valid = false;
        }
    }
    if (isset($field)) {
        $userinfo = db_get("SELECT id,email FROM login_user WHERE {$field} = '{$unvalue}'", 'row');
        $email = $userinfo[0]["EMAIL"];
        $userid = $userinfo[0]["ID"];
        $length = 10;
        $randomString = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
        //$randomString = "TestPassword1";
        $newpassword = $randomString;
        $hash = db_hash_password($newpassword);
        db_execute("UPDATE login_user SET pass = "******" WHERE id = " . dbize($userid));
        $to = $email;
        $subject = "New Password for RMV Data System";
        $message = "Your new password is: {$newpassword}";
        $headers = 'From: ' . $admin_email . "\r\n" . 'Reply-To: ' . $admin_email . "\r\n" . 'X-Mailer: PHP/' . phpversion();
        $sent = mail($to, $subject, $message, $headers, "-f" . $admin_email);
        if ($sent) {
            $status = "<div class='success status'>An email has been sent to your email address on file, " . $email . ", with your new password.</div>";
            $form->valid = true;
        } else {
            $form->errors[] = "Could not send mail.";
            $form->valid = false;
        }
    }
}