/**
* Used by the "forget password?" page to have a client's login information sent to them.
*
* @param array $info the $_POST containing a "username" key. That value is used to find the user
* account information to email them.
* @return array [0]: true/false (success / failure)
* [1]: message string
*/
function ft_send_password($info)
{
global $g_root_url, $g_root_dir, $g_table_prefix, $LANG;
$info = ft_sanitize($info);
extract(ft_process_hook_calls("start", compact("info"), array("info")), EXTR_OVERWRITE);
$success = true;
$message = $LANG["notify_login_info_emailed"];
if (!isset($info["username"]) || empty($info["username"])) {
$success = false;
$message = $LANG["validation_no_username_or_js"];
return array($success, $message);
}
$username = $info["username"];
$query = mysql_query("\r\n SELECT *\r\n FROM {$g_table_prefix}accounts\r\n WHERE username = '******'\r\n ");
// not found
if (!mysql_num_rows($query)) {
$success = false;
$message = $LANG["validation_account_not_recognized_info"];
return array($success, $message);
}
$account_info = mysql_fetch_assoc($query);
$email = $account_info["email"];
// one final check: confirm the email is defined & valid
if (empty($email) || !ft_is_valid_email($email)) {
$success = false;
$message = $LANG["validation_email_not_found_or_invalid"];
return array($success, $message);
}
$account_id = $account_info["account_id"];
$username = $account_info["username"];
$new_password = ft_generate_password();
$encrypted_password = md5(md5($new_password));
// update the database with the new password (encrypted). As of 2.1.0 there's a second field to store the
// temporary generated password, leaving the original password intact. This prevents a situation arising when
// someone other than the admin / client uses the "Forget Password" feature and invalidates a valid, known password.
// Any time the user successfully logs in,
mysql_query("\r\n UPDATE {$g_table_prefix}accounts\r\n SET temp_reset_password = '******'\r\n WHERE account_id = {$account_id}\r\n ");
// now build and sent the email
// 1. build the email content
$placeholders = array("login_url" => "{$g_root_url}/?id={$account_id}", "email" => $email, "username" => $username, "new_password" => $new_password);
$smarty_template_email_content = file_get_contents("{$g_root_dir}/global/emails/forget_password.tpl");
$email_content = ft_eval_smarty_string($smarty_template_email_content, $placeholders);
// 2. build the email subject line
$placeholders = array("program_name" => ft_get_settings("program_name"));
$smarty_template_email_subject = file_get_contents("{$g_root_dir}/global/emails/forget_password_subject.tpl");
$email_subject = trim(ft_eval_smarty_string($smarty_template_email_subject, $placeholders));
// if Swift Mailer is enabled, send the emails with that. In case there's a problem sending the message with
// Swift, it falls back the default mail() function.
$swift_mail_error = false;
$swift_mail_enabled = ft_check_module_enabled("swift_mailer");
if ($swift_mail_enabled) {
$sm_settings = ft_get_module_settings("", "swift_mailer");
if ($sm_settings["swiftmailer_enabled"] == "yes") {
ft_include_module("swift_mailer");
// get the admin info. We'll use that info for the "from" and "reply-to" values. Note
// that we DON'T use that info for the regular mail() function. This is because retrieving
// the password is important functionality and we don't want to cause problems that could
// prevent the email being sent. Many servers don't all the 4th headers parameter of the mail()
// function
$admin_info = ft_get_admin_info();
$admin_email = $admin_info["email"];
$email_info = array();
$email_info["to"] = array();
$email_info["to"][] = array("email" => $email);
$email_info["from"] = array();
$email_info["from"]["email"] = $admin_email;
$email_info["subject"] = $email_subject;
$email_info["text_content"] = $email_content;
list($success, $sm_message) = swift_send_email($email_info);
// if the email couldn't be sent, display the appropriate error message. Otherwise
// the default success message is used
if (!$success) {
$swift_mail_error = true;
$message = $sm_message;
}
}
}
// if there was an error sending with Swift, or if it wasn't installed, send it by mail()
if (!$swift_mail_enabled || $swift_mail_error) {
// send email [note: the double quotes around the email recipient and content are intentional: some systems fail without it]
if (!@mail("{$email}", $email_subject, $email_content)) {
$success = false;
$message = $LANG["notify_email_not_sent"];
return array($success, $message);
}
}
extract(ft_process_hook_calls("end", compact("success", "message", "info"), array("success", "message")), EXTR_OVERWRITE);
return array($success, $message);
}
/**
* Creates a client account in the database.
*
* @param array $account_info this has has 4 required keys: first_name, last_name, user_name, password
*
* The password is automatically encrypted by this function.
*
* It also accepts the following optional keys:
* account_status: "active", "disabled", "pending"
* ui_language: (should only be one of the languages currently supported by the script, e.g. "en_us")
* timezone_offset: +- an integer value, for each hour
* sessions_timeout:
* date_format:
* login_page:
* logout_url:
* theme:
* menu_id:
*
* @return array [0] true / false
* [1] an array of error codes (if false) or the new account ID
*/
function ft_api_create_client_account($account_info)
{
global $g_api_debug, $g_table_prefix;
$account_info = ft_sanitize($account_info);
$error_codes = array();
// check all the valid fields
if (!isset($account_info["first_name"]) || empty($account_info["first_name"])) {
$error_codes[] = 700;
}
if (!isset($account_info["last_name"]) || empty($account_info["last_name"])) {
$error_codes[] = 701;
}
if (!isset($account_info["email"]) || empty($account_info["email"])) {
$error_codes[] = 702;
}
if (!ft_is_valid_email($account_info["email"])) {
$error_codes[] = 703;
}
if (!isset($account_info["username"]) || empty($account_info["username"])) {
$error_codes[] = 704;
} else {
if (preg_match('/[^A-Za-z0-9]/', $account_info["username"])) {
$error_codes[] = 705;
}
if (!_ft_is_valid_username($account_info["username"])) {
$error_codes[] = 706;
}
}
if (!isset($account_info["password"]) || empty($account_info["password"])) {
$error_codes[] = 707;
} else {
if (preg_match('/[^A-Za-z0-9]/', $account_info["password"])) {
$error_codes[] = 708;
}
}
if (!empty($error_codes)) {
if ($g_api_debug) {
$page_vars = array("message_type" => "error", "error_codes" => $error_codes);
ft_display_page("error.tpl", $page_vars);
exit;
} else {
return array(false, $error_codes);
}
}
$first_name = $account_info["first_name"];
$last_name = $account_info["last_name"];
$email = $account_info["email"];
$username = $account_info["username"];
$password = md5(md5($account_info["password"]));
$settings = ft_get_settings();
$account_status = isset($account_info["account_status"]) ? $account_info["account_status"] : "pending";
$language = isset($account_info["ui_language"]) ? $account_info["ui_language"] : $settings["default_language"];
$timezone_offset = isset($account_info["timezone_offset"]) ? $account_info["timezone_offset"] : $settings["default_timezone_offset"];
$sessions_timeout = isset($account_info["sessions_timeout"]) ? $account_info["sessions_timeout"] : $settings["default_sessions_timeout"];
$date_format = isset($account_info["date_format"]) ? $account_info["date_format"] : $settings["default_date_format"];
$login_page = isset($account_info["login_page"]) ? $account_info["login_page"] : $settings["default_login_page"];
$logout_url = isset($account_info["logout_url"]) ? $account_info["logout_url"] : $settings["default_logout_url"];
$theme = isset($account_info["theme"]) ? $account_info["theme"] : $settings["default_theme"];
$menu_id = isset($account_info["menu_id"]) ? $account_info["menu_id"] : $settings["default_client_menu_id"];
// first, insert the record into the accounts table. This contains all the settings common to ALL
// accounts (including the administrator and any other future account types)
$query = "\n INSERT INTO {$g_table_prefix}accounts (account_type, account_status, ui_language, timezone_offset, sessions_timeout,\n date_format, login_page, logout_url, theme, menu_id, first_name, last_name, email, username, password)\n VALUES ('client', '{$account_status}', '{$language}', '{$timezone_offset}', '{$sessions_timeout}',\n '{$date_format}', '{$login_page}', '{$logout_url}', '{$theme}', {$menu_id}, '{$first_name}', '{$last_name}', '{$email}',\n '{$username}', '{$password}')\n ";
if (!mysql_query($query)) {
if ($g_api_debug) {
$page_vars = array("message_type" => "error", "error_code" => 709, "error_type" => "user", "debugging" => "Failed query in <b>" . __FUNCTION__ . "</b>: <i>{$query}</i> " . mysql_error());
ft_display_page("error.tpl", $page_vars);
exit;
} else {
return array(false, $error_codes);
}
}
$new_user_id = mysql_insert_id();
// now create all the custom client account settings, most of which are based on the default values
// in the settings table
$account_settings = array("client_notes" => "", "company_name" => "", "page_titles" => $settings["default_page_titles"], "footer_text" => $settings["default_footer_text"], "may_edit_page_titles" => $settings["clients_may_edit_page_titles"], "may_edit_footer_text" => $settings["clients_may_edit_footer_text"], "may_edit_theme" => $settings["clients_may_edit_theme"], "may_edit_logout_url" => $settings["clients_may_edit_logout_url"], "may_edit_language" => $settings["clients_may_edit_ui_language"], "may_edit_timezone_offset" => $settings["clients_may_edit_timezone_offset"], "may_edit_sessions_timeout" => $settings["clients_may_edit_sessions_timeout"], "may_edit_date_format" => $settings["clients_may_edit_date_format"]);
ft_set_account_settings($new_user_id, $account_settings);
return array(true, $new_user_id);
}
