/**
* checks the validity of input parameters, fills $page['errors'] and
* $page['infos'] and send an email with confirmation link
*
* @return bool (true if email was sent, false otherwise)
*/
function process_password_request()
{
global $page, $conf;
if (empty($_POST['username_or_email'])) {
$page['errors'][] = l10n('Invalid username or email');
return false;
}
$user_id = get_userid_by_email($_POST['username_or_email']);
if (!is_numeric($user_id)) {
$user_id = get_userid($_POST['username_or_email']);
}
if (!is_numeric($user_id)) {
$page['errors'][] = l10n('Invalid username or email');
return false;
}
$userdata = getuserdata($user_id, false);
// password request is not possible for guest/generic users
$status = $userdata['status'];
if (is_a_guest($status) or is_generic($status)) {
$page['errors'][] = l10n('Password reset is not allowed for this user');
return false;
}
if (empty($userdata['email'])) {
$page['errors'][] = l10n('User "%s" has no email address, password reset is not possible', $userdata['username']);
return false;
}
$activation_key = generate_key(20);
list($expire) = pwg_db_fetch_row(pwg_query('SELECT ADDDATE(NOW(), INTERVAL 1 HOUR)'));
single_update(USER_INFOS_TABLE, array('activation_key' => pwg_password_hash($activation_key), 'activation_key_expire' => $expire), array('user_id' => $user_id));
$userdata['activation_key'] = $activation_key;
set_make_full_url();
$message = l10n('Someone requested that the password be reset for the following user account:') . "\r\n\r\n";
$message .= l10n('Username "%s" on gallery %s', $userdata['username'], get_gallery_home_url());
$message .= "\r\n\r\n";
$message .= l10n('To reset your password, visit the following address:') . "\r\n";
$message .= get_gallery_home_url() . '/password.php?key=' . $activation_key . '-' . urlencode($userdata['email']);
$message .= "\r\n\r\n";
$message .= l10n('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n";
unset_make_full_url();
$message = trigger_change('render_lost_password_mail_content', $message);
$email_params = array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Password Reset'), 'content' => $message, 'email_format' => 'text/plain');
if (pwg_mail($userdata['email'], $email_params)) {
$page['infos'][] = l10n('Check your email for the confirmation link');
return true;
} else {
$page['errors'][] = l10n('Error sending email');
return false;
}
}
/**
* Fetches user data from database.
* Same that getuserdata() but with additional tests for guest.
*
* @param int $user_id
* @param boolean $user_cache
* @return array
*/
function build_user($user_id, $use_cache = true)
{
global $conf;
$user['id'] = $user_id;
$user = array_merge($user, getuserdata($user_id, $use_cache));
if ($user['id'] == $conf['guest_id'] and $user['status'] != 'guest') {
$user['status'] = 'guest';
$user['internal_status']['guest_must_be_guest'] = true;
}
// Check user theme
if (!isset($user['theme_name'])) {
$user['theme'] = get_default_theme();
}
return $user;
}
//check session
if (isset($_GET['sessionid'])) {
//echo checkalive($_GET['sessionid']);
if (checkalive($_GET['sessionid'], $_GET['userid'])) {
$_SESSION['sessionid'] = $_GET['sessionid'];
} else {
$_SESSION['sessionid'] = "";
}
}
$sessionid = $_SESSION['sessionid'];
if ($sessionid == "") {
header("Location:index.php?expired=1");
}
//check userid
if (isset($_GET['userid'])) {
getuserdata($_GET['userid']);
}
//current account being modified
//$account = "test test test";
function checkalive($id, $user)
{
$mysqli = new mysqli(DBSERVER, DBUSER, DBPWD, DB);
////set the query
$query = "SELECT UNIX_TIMESTAMP(`sessions`.`sessiontimestamp`) AS `sessiontimestamp` FROM `sessions` WHERE `sessions`.`sessionmd5` = '" . $id . "' AND `sessions`.`userid` = " . $user;
//echo $query;
$result = $mysqli->query($query);
if ($mysqli->affected_rows > 0) {
$row = $result->fetch_object();
$date = $row->sessiontimestamp;
} else {
echo $mysqli->error;
