** this page is called by create_login.php and is responsible for * ** inserting the l/p into tbl_users. * ** NOTE: this page is only accessible by the account which is * ** defined in $UBER_USER in login.inc * **---------------------------------------------------------------------*/ //ob_start(); //@include("php_lib_login_includes/languages.inc.php"); //@include("languages.inc.php"); session_start(); include dirname(__FILE__) . "/login.inc.php"; $gString = getgString(); // protect if public signup is false lib_login_protect_signup(); // mailback account creation requires building a random password if ($cache == "random") { $password = lib_login_create_random_passwd(); $passwordagain = $password; } /*---------------------------------------------------------------------* ** it is the uber user... so we take $username, $password and * ** $passwordagain and use it to create can account... then we redirect * ** back to create_login.php * **---------------------------------------------------------------------*/ $error = lib_login_create_account($username, $password, $passwordagain, $email, $question, $answer); $error = urlencode($error); // find out where we came from, sript all GET vars off the URL $goback = GetReferer(); $goback = explode("?", $goback); $goback = $goback[0]; if ($cache == "random" && $error == "success") { // do mail stuff here... and make an attempt at error checkin? huh?
function lib_login_forgot_password_art($iteration, $reminduser, $answer, $artpath) { global $REQUEST_URI; global $THIS_SITE; global $HEADER_TAG_OPEN; global $HEADER_TAG_CLOSE; global $SUB_HEAD_TAG_OPEN; global $SUB_HEAD_TAG_CLOSE; global $BODY_TAG_OPEN; global $BODY_TAG_CLOSE; global $LOG_MESSAGE; global $QA_SIGNUP; global $gString; global $gDB; $db = $gDB; // first, if $QA_SIGNUP is false, there are no questions for users to answer, so we // should probably not permit the password reminder to run. bail now. if ($QA_SIGNUP == "FALSE") { return 1; } $right_here .= $REQUEST_URI; // does this work with IIS ???? /* * First Iteration ---------------------------------------------- */ if ($iteration == "") { // the URI may have GET vars on the URL that will cause probs // so strip off all data after ? in URL (including ?) $right_here = explode("?", $right_here); $right_here = $right_here[0]; // gStrings[19] = "forgot your password?" print "<a href=\"{$right_here}?iteration=1\">" . $BODY_TAG_OPEN . $gString[19] . $BODY_TAG_CLOSE . "</a>"; return 1; } else { // gStrings[20] = "password reminder step " print $HEADER_TAG_OPEN . $gString[20] . " " . $iteration . $HEADER_TAG_CLOSE . "<br>"; } /* * Second Iteration --------------------------------------------- */ if ($iteration == "1") { // strip GET info off URI $right_here = substr($right_here, 0, strpos($right_here, '?')); // gStrings[21] = "enter your username" print <<<HTML \t\t\t<form method="POST" action="{$right_here}?iteration=2"> \t\t\t{$SUB_HEAD_TAG_OPEN} {$gString['21']} {$SUB_HEAD_TAG_CLOSE}<br> \t\t\t\t<input type="text" name="reminduser"><p> HTML; // deal with the art button vs. form button stuff. if ($artpath == "") { echo "<input type=\"submit\" value=\"submit\" name=\"submit\"></form>"; } else { echo "<input type=\"image\" src=\"{$artpath}\" border=\"0\" name=\"submit\"></form>"; } return 1; // arbitrary value } /* * Third Iteration ---------------------------------------------- */ if ($iteration == "2") { // Strip GET info off URI $right_here = substr($right_here, 0, strpos($right_here, '?')); // Retreive question for user $sql_get_question = <<<SQL \t\t\tSELECT\t* \t\t\tFROM\ttbl_users \t\t\tWHERE\tusername='******' SQL; $result = $db->Execute($sql_get_question); $question = $result->fields[3]; // this index will NOT survive new ddl // WARNING!! // No question entered, bail // gStrings[22] = "you did not supply a question when you..." if ($question == "") { print $BODY_TAG_OPEN . $gString[22] . $BODY_TAG_CLOSE; return 1; } $url_reminduser = urlencode($reminduser); // Poll for an answer // gString[23] = "question for " // gString[24] = "answer" print <<<HTML2 \t\t\t<form method="POST" action="{$right_here}?iteration=3&reminduser={$url_reminduser}"> \t\t\t{$SUB_HEAD_TAG_OPEN} \t\t\t{$gString['23']} {$reminduser}: \t\t\t{$SUB_HEAD_TAG_CLOSE}<br> \t\t\t{$BODY_TAG_OPEN} \t\t\t{$question} \t\t\t{$BODY_TAG_CLOSE}<p> \t\t\t{$SUB_HEAD_TAG_OPEN} \t\t\t{$gString['24']} \t\t\t{$SUB_HEAD_TAG_CLOSE}<br> \t\t\t\t<input type="text" name="answer"><p> HTML2; if ($artpath == "") { echo "<input type=\"submit\" value=\"submit\" name=\"submit\"></form>"; } else { echo "<input type=\"image\" src=\"{$artpath}\" border=\"0\" name=\"submit\"></form>"; } return 1; } /* * Fourth Iteration ---------------------------------------------- */ if ($iteration == "3") { $reminduser = urldecode($reminduser); // Get answer and email at once $sql_get_answer_email = <<<SQL2 \t\t\tSELECT\tanswer, email \t\t\tFROM\ttbl_users \t\t\tWHERE\tusername='******' SQL2; $result = $db->Execute($sql_get_answer_email); $correct_answer = $result->fields[0]; // easier to remember and $user_email = $result->fields[1]; // works in strings // gString[25] = "wrong answer" // gString[26] = "try again?" if ($correct_answer != $answer) { $right_here = substr($right_here, 0, strpos($right_here, '?')); print "<br>" . $SUB_HEAD_TAG_OPEN . $gString[25] . $SUB_HEAD_TAG_CLOSE . "<br>"; print "<a href=\"{$right_here}?iteration=1\">"; print $gString[26] . "</a><br>"; } else { $new_pass = lib_login_create_random_passwd(); $md5password = md5($new_pass); $sql_update_password = <<<SQL3 \t\t\t\tUPDATE\ttbl_users \t\t\t\tSET\t\tpassword='******' \t\t\t\tWHERE\tusername='******' SQL3; $result = $db->Execute($sql_update_password); // gString[27] = "your new password for $THIS_SITE is" // gString[28] = "new password for $THIS_SITE" // gString[29] = "your new password has been mailed to you" if ($result) { $message = $gString[27] . "<p>\n {$new_pass}"; @mail($user_email, $gString[28], $message); // no fail msg. lib_login_write_log($LOG_MESSAGE[5], $reminduser); print $SUB_HEAD_TAG_OPEN . "<p>" . $gString[29] . $SUB_HEAD_TAG_CLOSE; } else { print $SUB_HEAD_TAG_OPEN . $gString[30] . $SUB_HEAD_TAG_CLOSE; } } return 1; } }