/**
* Implements failing tables; if an account type fails multiple times,
* then send the user an email and disable the account.
* @see OpenclerkJobQueuer#getStandardJobs()
*/
function failed(\Exception $runtime_exception, Connection $db, Logger $logger)
{
// is this a standard job?
$standard = $this->findStandardJob();
if ($standard) {
$logger->info("Using standard job " . print_r($standard, true));
if (!$standard['failure']) {
$logger->info("Not a failure standard job");
return;
}
} else {
return;
}
$failing_table = $standard['table'];
$job = $this->job;
// find the relevant account_data for this standard job
$account_data = false;
foreach (account_data_grouped() as $label => $group) {
foreach ($group as $exchange => $data) {
if (isset($data['job_type']) && $job['job_type'] == $data['job_type']) {
$account_data = $data;
$account_data['exchange'] = $exchange;
break;
}
}
}
if (!$account_data) {
$logger->warn("Could not find any account data for job type '" . $job['job_type'] . "'");
}
$logger->info("Using account data " . print_r($account_data, true));
// don't count CloudFlare as a failure
if ($runtime_exception instanceof CloudFlareException || $runtime_exception instanceof \Openclerk\Apis\CloudFlareException) {
$logger->info("Not increasing failure count: was a CloudFlareException");
} else {
if ($runtime_exception instanceof IncapsulaException || $runtime_exception instanceof \Openclerk\Apis\IncapsulaException) {
$logger->info("Not increasing failure count: was a IncapsulaException");
} else {
if ($runtime_exception instanceof BlockchainException || $runtime_exception instanceof \Core\BlockchainException) {
$logger->info("Not increasing failure count: was a BlockchainException");
} else {
$q = $db->prepare("UPDATE {$failing_table} SET failures=failures+1,first_failure=IF(ISNULL(first_failure), NOW(), first_failure) WHERE id=?");
$q->execute(array($job['arg_id']));
$logger->info("Increasing account failure count");
}
}
}
$user = get_user($job['user_id']);
if (!$user) {
$logger->info("Warning: No user " . $job['user_id'] . " found");
} else {
// failed too many times?
$q = $db->prepare("SELECT * FROM {$failing_table} WHERE id=? LIMIT 1");
$q->execute(array($job['arg_id']));
$account = $q->fetch();
$logger->info("Current account failure count: " . number_format($account['failures']));
if ($account['failures'] >= get_premium_value($user, 'max_failures')) {
// disable it and send an email
$q = $db->prepare("UPDATE {$failing_table} SET is_disabled=1 WHERE id=?");
$q->execute(array($job['arg_id']));
crypto_log(print_r($account_data, true));
if ($user['email'] && !$account['is_disabled']) {
$email_type = $job['job_type'] == "notification" ? "failure_notification" : "failure";
send_user_email($user, $email_type, array("name" => $user['name'] ? $user['name'] : $user['email'], "exchange" => get_exchange_name($account_data['exchange']), "label" => $account_data['label'], "labels" => $account_data['labels'], "failures" => number_format($account['failures']), "message" => $runtime_exception->getMessage(), "length" => recent_format(strtotime($account['first_failure']), "", ""), "title" => isset($account['title']) && $account['title'] ? "\"" . $account['title'] . "\"" : "untitled", "url" => absolute_url(url_for("wizard_accounts"))));
$logger->info("Sent failure e-mail to " . htmlspecialchars($user['email']) . ".");
}
}
}
}
<?php
/**
* An existing free user has not logged in within X days and we
* now need to disable their account.
*/
// get the relevant user info
$user = get_user($job['arg_id']);
if (!$user) {
throw new JobException("Cannot find user ID " . $job['arg_id']);
}
// check that they're not a premium user etc - this should never happen
if ($user['is_premium']) {
throw new JobException("Premium user was requested to be disabled - this should not happen");
}
// update user (before sending email)
$q = db()->prepare("UPDATE user_properties SET is_disabled=1,disabled_at=NOW() WHERE id=? LIMIT 1");
$q->execute(array($user['id']));
// construct email
if ($user['email']) {
$disables_at = strtotime(($user['last_login'] ? $user['last_login'] : $user['created_at']) . " +" . get_site_config('user_expiry_days') . " day");
send_user_email($user, "disable", array("name" => $user['name'] ? $user['name'] : $user['email'], "days" => number_format(get_site_config('user_expiry_days')), "disables" => iso_date($disables_at), "disables_text" => recent_format($disables_at, false, ""), "url" => absolute_url(url_for("user#user_premium")), "login" => absolute_url(url_for("login")), "profile" => absolute_url(url_for("profile"))));
crypto_log("Sent disabled account e-mail to " . htmlspecialchars($user['email']) . ".");
} else {
crypto_log("User had no valid e-mail address.");
}
$args += array("label" => "total " . get_currency_abbr($currency));
} else {
if (substr($account['summary_type'], 0, strlen('all2')) == 'all2') {
$summary_type = substr($account['summary_type'], strlen('all2'));
$summary_types = get_total_conversion_summary_types();
$args += array("label" => "converted " . $summary_types[$summary_type]['short_title']);
} else {
throw new JobException("Unknown summary_instance summary_type '" . htmlspecialchars($account['summary_type']) . "'");
}
}
}
$args['label_uc'] = capitalize($args['label']);
break;
default:
throw new JobException("Unknown notification type for email '" . $notification['notification_type'] . "'");
}
send_user_email($user, $email_template, $args);
crypto_log("Sent notification e-mail to " . htmlspecialchars($user['email']) . ".");
// update user stats
$q = db()->prepare("UPDATE user_properties SET notifications_sent=notifications_sent+1 WHERE id=?");
$q->execute(array($user['id']));
}
// update the notification
$q = db()->prepare("UPDATE notifications SET is_notified=1,last_notification=NOW(),last_value=?,notifications_sent=notifications_sent+1 WHERE id=?");
$q->execute(array($current_value, $notification['id']));
} else {
crypto_log("Trigger not successful.");
// update the notification
$q = db()->prepare("UPDATE notifications SET is_notified=0,last_value=? WHERE id=?");
$q->execute(array($current_value, $notification['id']));
}
throw new PurchaseException(t("Could not generate :currency address for purchase; please try again later.", array(':currency' => get_currency_abbr($currency))));
}
// register it to the system as a normal blockchain address, but we need to get received rather than balance
$q = db()->prepare("INSERT INTO addresses SET user_id=:user_id, address=:address, currency=:currency, is_received=1");
$q->execute(array("user_id" => get_site_config('system_user_id'), "address" => $address['address'], "currency" => $currency));
$new_address_id = db()->lastInsertId();
// create a new outstanding premium
$q = db()->prepare("INSERT INTO outstanding_premiums SET user_id=:user_id, premium_address_id=:pid, address_id=:aid, balance=:balance, months=:months, years=:years");
$q->execute(array("user_id" => user_id(), "pid" => $address['id'], "aid" => $new_address_id, "balance" => $cost, "months" => $months, "years" => $years));
$purchase_id = db()->lastInsertId();
// address is now in use
$q = db()->prepare("UPDATE premium_addresses SET is_used=1,used_at=NOW() WHERE id=?");
$q->execute(array($address['id']));
// try sending email, if an email address has been registered
if ($user['email']) {
send_user_email($user, "purchase", array("name" => $user['name'] ? $user['name'] : $user['email'], "amount" => number_format_autoprecision($cost), "currency" => get_currency_abbr($currency), "currency_name" => get_currency_name($currency), "address" => $address['address'], "explorer" => get_explorer_address($currency, $address['address']), "url" => absolute_url(url_for("user#user_outstanding"))));
}
// success! inform the user
redirect(url_for('user#user_outstanding', array('new_purchase' => $purchase_id)));
} catch (PurchaseException $e) {
log_uncaught_exception($e);
$errors[] = $e->getMessage();
}
}
page_header(t("Purchase Premium"), "page_purchase", array('js' => 'purchase'));
?>
<h1><?php
echo ht("Purchase Premium with :currency", array(':currency' => get_currency_name($currency)));
?>
</h1>
if ($subscribe != $user['subscribe_announcements'] || $subscribe && $user['email'] != $email) {
$q = db()->prepare("DELETE FROM pending_subscriptions WHERE user_id=?");
$q->execute(array(user_id()));
if ($email) {
$q = db()->prepare("INSERT INTO pending_subscriptions SET user_id=?,created_at=NOW(),is_subscribe=?");
$q->execute(array($user['id'], $subscribe));
if ($subscribe) {
$messages[] = t("You will be added manually to the :mailing_list soon.", array(':mailing_list' => "<a href=\"http://groups.google.com/group/" . htmlspecialchars(get_site_config('google_groups_announce')) . "\" target=\"_blank\">" . t("Announcements Mailing List") . "</a>"));
} else {
$messages[] = t("You will be removed manually from the :mailing_list soon.", array(':mailing_list' => "<a href=\"http://groups.google.com/group/" . htmlspecialchars(get_site_config('google_groups_announce')) . "\" target=\"_blank\">" . t("Announcements Mailing List") . "</a>"));
}
}
}
// try sending email
if ($email && $email != $old_email) {
send_user_email($user, $old_email ? "change_email" : "new_email", array("old_email" => $old_email ? $old_email : t("(no previous e-mail address)"), "email" => $email, "url" => absolute_url(url_for("unsubscribe", array('email' => $email, 'hash' => md5(get_site_config('unsubscribe_salt') . $email))))));
}
// redirect to GET
set_temporary_messages($messages);
redirect(url_for('user'));
}
}
$q = db()->prepare("SELECT outstanding_premiums.*, ab.created_at AS last_check, ab.balance AS last_balance,\n addresses.address, addresses.currency FROM outstanding_premiums\n LEFT JOIN addresses ON outstanding_premiums.address_id=addresses.id\n LEFT JOIN (SELECT * FROM address_balances WHERE is_recent=1) AS ab ON ab.address_id=addresses.id\n WHERE outstanding_premiums.user_id=? AND is_paid=0 AND is_unpaid=0\n ORDER BY outstanding_premiums.created_at DESC");
$q->execute(array(user_id()));
$outstanding = $q->fetchAll();
$q = db()->prepare("SELECT outstanding_premiums.*,\n premium_addresses.address, premium_addresses.currency FROM outstanding_premiums\n LEFT JOIN premium_addresses ON outstanding_premiums.premium_address_id=premium_addresses.id\n WHERE outstanding_premiums.user_id=? AND (is_paid=1 OR is_unpaid=1)\n ORDER BY outstanding_premiums.created_at DESC");
$q->execute(array(user_id()));
$previous = $q->fetchAll();
if (require_get("new_purchase", false)) {
// find the new purchase
foreach ($outstanding as $p) {
add_summary_instance($job, 'crypto2' . $currency, $total);
}
}
crypto_log("</ul>");
}
// update last_sum_job
$q = db()->prepare("UPDATE user_properties SET last_sum_job=NOW() WHERE id=?");
$q->execute(array($job['user_id']));
// and now that we have added summary instances, check for first_report
// (this is so that first_report jobs don't block up the job queue)
/**
* Send an e-mail to new users once their first non-zero summary reports have been compiled.
*/
// reload user in case multiple summary jobs for the same user are all blocked at once
$user = get_user($job['user_id']);
if (!$user['is_first_report_sent']) {
// is there a non-zero summary instance?
$q = db()->prepare("SELECT * FROM summary_instances WHERE user_id=? AND is_recent=1 AND balance > 0 LIMIT 1");
$q->execute(array($user['id']));
if ($instance = $q->fetch()) {
crypto_log("User has a non-zero summary instance.");
// update that we've reported now
$q = db()->prepare("UPDATE user_properties SET is_first_report_sent=1,first_report_sent=NOW() WHERE id=?");
$q->execute(array($user['id']));
// send email
if ($user['email']) {
send_user_email($user, "first_report", array("name" => $user['name'] ? $user['name'] : $user['email'], "url" => absolute_url(url_for("profile")), "login" => absolute_url(url_for("login")), "wizard_currencies" => absolute_url(url_for("wizard_currencies")), "wizard_addresses" => absolute_url(url_for("wizard_accounts_addresses")), "wizard_accounts" => absolute_url(url_for("wizard_accounts")), "wizard_notifications" => absolute_url(url_for("wizard_notifications")), "reports" => absolute_url(url_for("profile")), "premium" => absolute_url(url_for("premium"))));
crypto_log("Sent first report e-mail to " . htmlspecialchars($user['email']) . ".");
}
}
}
$errors[] = t("No such user account exists.");
} else {
if (!$user['last_password_reset'] || strtotime($user['last_password_reset']) < strtotime("-1 day")) {
$errors[] = t("That account has not requested a password reset.");
} else {
$expected_hash = md5(get_site_config('password_reset_salt') . $email . ":" . strtotime($user['last_password_reset']));
if ($hash != $expected_hash) {
$errors[] = t("Invalid hash - please recheck the link in your e-mail.");
}
}
}
if (!$errors) {
$q = db()->prepare("UPDATE users SET password_hash=?, password_last_changed=NOW() WHERE id=?");
$password_hash = md5(get_site_config('password_salt') . $password);
$q->execute(array($password_hash, $user['id']));
send_user_email($user, "password_reset_complete", array("email" => $email, "name" => $user['name'] ? $user['name'] : $email));
$messages[] = t("Password changed; you should now immediately login with this new password.");
set_temporary_messages($messages);
set_temporary_errors($errors);
redirect(url_for('login', array('email' => $email, 'use_password' => true)));
}
}
require __DIR__ . "/../layout/templates.php";
page_header(t("Change Password"), "page_password_reset", array('js' => 'auth'));
?>
<?php
require_template("password_reset");
?>
<div class="authentication-form">
$account_data = get_account_data($exchange);
// we re-enable ALL accounts, not just accounts belonging to active users, so that when a disabled user
// logs back in, they automatically get their disabled accounts disabled as well
$q = db()->prepare("SELECT t.*, users.email, user_properties.name AS users_name, user_properties.is_disabled AS user_is_disabled FROM " . $account_data['table'] . " t\n JOIN users ON t.user_id=users.id\n JOIN user_properties ON users.id=user_properties.id\n WHERE t.is_disabled=1");
$q->execute();
$count = 0;
$accounts = $q->fetchAll();
foreach ($accounts as $account) {
// re-enable it
$q = db()->prepare("UPDATE " . $account_data['table'] . " SET is_disabled=0 WHERE id=? AND is_disabled_manually=0");
$q->execute(array($account['id']));
// email the user if their account is not disabled
if (!$account['user_is_disabled']) {
if ($account['email']) {
$user_temp = array('email' => $account['email'], 'name' => $account['users_name']);
send_user_email($user_temp, "reenable", array("name" => $account['users_name'] ? $account['users_name'] : $account['email'], "exchange" => get_exchange_name($exchange), "label" => $account_data['label'], "labels" => $account_data['labels'], "title" => isset($account['title']) && $account['title'] ? "\"" . $account['title'] . "\"" : "untitled", "url" => absolute_url(url_for("wizard_accounts"))));
$messages[] = "Sent enabled message to " . htmlspecialchars($account['email']);
}
}
$count++;
}
$messages[] = "Re-enabled " . plural("account", $count) . ".";
}
page_header("Admin: Accounts", "page_admin_accounts", array('js' => array('accounts')));
// where 0% = bad; 100% = perfect; etc
function get_error_class($n)
{
if ($n >= 0.9) {
// 0%
return "perfect";
} else {
$q->execute(array(require_post("code"), require_post("title")));
$messages[] = "Added coin " . require_post("code") . ".";
}
if (require_post("id", false)) {
$q = db()->prepare("SELECT * FROM vote_coins WHERE id=?");
$q->execute(array(require_post("id")));
$vote = $q->fetch();
if (!$vote) {
$errors[] = "Could not find any such vote_coins";
} else {
$sent = 0;
$q = db()->prepare("SELECT * FROM vote_coins_votes JOIN users ON vote_coins_votes.user_id=users.id WHERE coin_id=?");
$q->execute(array($vote['id']));
while ($user = $q->fetch()) {
if ($user['email']) {
send_user_email($user, "voted_coin", array("name" => $user['name'] ? $user['name'] : $user['email'], "code" => strtolower($vote['code']), "abbr" => get_currency_abbr(strtolower($vote['code'])), "title" => get_currency_name(strtolower($vote['code'])), "original_title" => $vote['title'], "total_users" => plural("other user", $vote['total_users']), "url" => absolute_url(url_for("vote_coins")), "wizard" => absolute_url(url_for("wizard_currencies"))));
$sent++;
}
}
$messages[] = "Sent notifications to " . plural("user", $sent) . ".";
// remove vote_coins and vote_coins_votes entries
$q = db()->prepare("DELETE FROM vote_coins WHERE id=?");
$q->execute(array($vote['id']));
$q = db()->prepare("DELETE FROM vote_coins_votes WHERE coin_id=?");
$q->execute(array($vote['id']));
$messages[] = "Removed voted coin.";
}
}
page_header("Admin Vote Coins", "page_admin_vote_coins");
?>
<?php
throw new Exception("This functionality is currently unavailable.");
require_login();
$user = get_user(user_id());
$messages = array();
$errors = array();
$confirm = require_post("confirm", false);
if ($password && (strlen($password) < 6 || strlen($password) > 255)) {
$errors[] = t("You did not select the confirmation checkbox.");
}
if (!$errors) {
$q = db()->prepare("UPDATE user_properties SET password_hash=NULL, password_last_changed=NOW() WHERE id=?");
$q->execute(array(user_id()));
$messages[] = t("Removed password.");
$name = $user['name'] ? $user['name'] : $user['email'];
$email = $user['email'];
send_user_email($user, "password_removed", array("email" => $email, "name" => $name, "url" => absolute_url(url_for("user#user_openid"))));
}
set_temporary_messages($messages);
set_temporary_errors($errors);
redirect(url_for('user#user_password'));
<?php
/**
* An existing premium user's account needs to expire.
* May send out an e-mail.
*/
// get the relevant user info
$user = get_user($job['arg_id']);
if (!$user) {
throw new JobException("Cannot find user ID " . $job['arg_id']);
}
$was_premium = $user['is_premium'];
// update user (before sending email)
$q = db()->prepare("UPDATE user_properties SET updated_at=NOW(),is_premium=0 WHERE id=? LIMIT 1");
$q->execute(array($user['id']));
crypto_log("Disabled premium status on user " . $user['id'] . ".");
// construct email, but only if we haven't already sent an email out
if ($user['email'] && $was_premium) {
send_user_email($user, "expire", array("name" => $user['name'] ? $user['name'] : $user['email'], "expires" => iso_date($user['premium_expires']), "expires_text" => recent_format($user['premium_expires'], false, ""), "prices" => get_text_premium_prices(), "prices_html" => get_html_premium_prices(), "url" => absolute_url(url_for("user#user_premium"))));
crypto_log("Sent premium expired e-mail to " . htmlspecialchars($user['email']) . ".");
} else {
crypto_log("User had no valid e-mail address.");
}
$errors[] = $e->getMessage();
}
if ($user && !$errors) {
$user_instance = $user;
$q = db()->prepare("INSERT INTO user_properties SET\n id=:id,\n name=:name, country=:country, user_ip=:ip, referer=:referer, subscribe_announcements=:subscribe, created_at=NOW(), updated_at=NOW()");
$user = array("id" => $user->getId(), "name" => $name, "country" => $country, "ip" => user_ip(), "referer" => isset($_SESSION['referer']) ? substr($_SESSION['referer'], 0, 250) : NULL, "subscribe" => $subscribe ? 1 : 0);
$q->execute($user);
if ($subscribe) {
$q = db()->prepare("INSERT INTO pending_subscriptions SET user_id=?,created_at=NOW(),is_subscribe=1");
$q->execute(array($user['id']));
$messages[] = t("You will be added manually to the :mailing_list soon.", array(':mailing_list' => "<a href=\"http://groups.google.com/group/" . htmlspecialchars(get_site_config('google_groups_announce')) . "\" target=\"_blank\">" . t("Announcements Mailing List") . "</a>"));
}
// try sending email
if ($user_instance->getEmail()) {
$user['email'] = $user_instance->getEmail();
send_user_email($user, "signup", array("email" => $user['email'], "name" => $name ? $name : $user['email'], "announcements" => "http://groups.google.com/group/" . htmlspecialchars(get_site_config('google_groups_announce')), "url" => absolute_url(url_for("unsubscribe", array('email' => $user['email'], 'hash' => md5(get_site_config('unsubscribe_salt') . $user['email'])))), "wizard_currencies" => absolute_url(url_for("wizard_currencies")), "wizard_addresses" => absolute_url(url_for("wizard_accounts_addresses")), "wizard_accounts" => absolute_url(url_for("wizard_accounts")), "wizard_notifications" => absolute_url(url_for("wizard_notifications")), "reports" => absolute_url(url_for("profile")), "premium" => absolute_url(url_for("premium"))));
}
// create default summary pages and cryptocurrencies and graphs contents
reset_user_settings($user['id']);
// success!
// issue #62: rather than requiring another step to login, just log the user in now.
\Users\User::forceLogin(db(), $user['id']);
complete_login($user, $autologin);
$messages[] = t("New account creation successful.");
// redirect
set_temporary_messages($messages);
redirect(url_for(get_site_config('premium_welcome') ? "welcome" : get_site_config('signup_login'), array("pause" => true)));
}
} catch (Exception $e) {
if (!$e instanceof EscapedException) {
$e = new EscapedException(htmlspecialchars($e->getMessage()), (int) $e->getCode(), $e);
crypto_log("Sent e-mail to " . htmlspecialchars($user['email']) . ".");
}
}
} else {
// have we reminded recently?
if (!$address['last_reminder'] || strtotime($address['last_reminder'] . " +" . get_site_config('outstanding_reminder_hours') . " hour") < time()) {
// send a reminder
if ($user['email']) {
send_user_email($user, "purchase_reminder", array("name" => $user['name'] ? $user['name'] : $user['email'], "amount" => number_format_autoprecision($address['balance']), "received" => number_format_autoprecision($balance['balance']), "currency" => get_currency_abbr($address['currency']), "currency_name" => get_currency_name($address['currency']), "address" => $address['address'], "explorer" => get_explorer_address($address['currency'], $address['address']), "url" => absolute_url(url_for("user#user_outstanding")), "reminder" => $reminder, "cancelled" => $cancelled));
crypto_log("Sent e-mail to " . htmlspecialchars($user['email']) . ".");
}
$q = db()->prepare("UPDATE outstanding_premiums SET last_reminder=NOW() WHERE id=?");
$q->execute(array($address['id']));
crypto_log("Sent reminder message on outstanding premium payment.");
}
}
} else {
if ($balance['balance'] > 0 && $balance['balance'] > $address['last_balance']) {
// issue #231: have we made a new payment since we looked last?
// send a reminder
if ($user['email']) {
send_user_email($user, "purchase_further", array("name" => $user['name'] ? $user['name'] : $user['email'], "amount" => number_format_autoprecision($address['balance']), "received" => number_format_autoprecision($balance['balance']), "difference" => number_format_autoprecision($balance['balance'] - $address['last_balance']), "currency" => get_currency_abbr($address['currency']), "currency_name" => get_currency_name($address['currency']), "address" => $address['address'], "explorer" => get_explorer_address($address['currency'], $address['address']), "url" => absolute_url(url_for("user#user_outstanding")), "reminder" => $reminder, "cancelled" => $cancelled));
crypto_log("Sent e-mail to " . htmlspecialchars($user['email']) . ".");
}
$q = db()->prepare("UPDATE outstanding_premiums SET last_balance=? WHERE id=?");
$q->execute(array($balance['balance'], $address['id']));
crypto_log("Sent received payment message on outstanding premium payment.");
}
}
}
}
if ($confirm != "confirm") {
$errors[] = t("Please type in ':text'.", array(':text' => "confirm"));
}
if (!$errors) {
// mark the account as due to be deleted
$q = db()->prepare("UPDATE user_properties SET is_deleted=1, requested_delete_at=NOW() WHERE id=?");
$q->execute(array(user_id()));
// remove any OpenID connections for this user account, so that users can sign up
// again immediately with the same OpenID details
$q = db()->prepare("DELETE FROM user_openid_identities WHERE user_id=?");
$q->execute(array(user_id()));
// send email to user
$name = $user['name'] ? $user['name'] : $user['email'];
$email = $user['email'];
if ($email) {
send_user_email($user, "deleted", array("email" => $email, "name" => $name, "url" => absolute_url(url_for("signup"))));
}
// send email to admin with reasons
$email = get_site_config('site_email');
send_email($email, "deleted_reason", array("email" => $email, "reason" => $reason, "user" => print_r($user, true)));
// redirect back to signup page with information
$messages[] = t("Your user account will shortly be deleted. You may sign up again here.");
// now logout the user before doing anything else!
user_logout();
set_temporary_messages($messages);
set_temporary_errors($errors);
redirect(url_for('signup'));
}
// otherwise, go back to user page with errors
set_temporary_messages($messages);
set_temporary_errors($errors);
$messages = array();
$errors = array();
$password = require_post("password", false);
$password2 = require_post("password2", false);
if ($password && (strlen($password) < 6 || strlen($password) > 255)) {
$errors[] = t("Please select a password between :min-:max characters long.", array(':min' => 6, ':max' => 255));
}
if ($password && $password != $password2) {
$errors[] = t("Those passwords do not match.");
}
if (!$user['email']) {
$errors[] = t("You need to have added an e-mail address to your account before you can enable password login.");
}
// check there are no other accounts using a password hash on this e-mail address
$q = db()->prepare("SELECT * FROM users WHERE email=? AND id <> ?");
$q->execute(array($user['email'], user_id()));
if ($q->fetch()) {
$errors[] = t("This e-mail address is already being used by another account for password login.");
}
if (!$errors) {
// change password
$user_instance = \Users\User::getInstance(db());
\Users\UserPassword::changePassword(db(), $user_instance, $password);
$messages[] = t("Updated password.");
$name = $user['name'] ? $user['name'] : $user['email'];
$email = $user['email'];
send_user_email($user, $user['password_hash'] ? "password_changed" : "password_added", array("email" => $email, "name" => $name));
}
set_temporary_messages($messages);
set_temporary_errors($errors);
redirect(url_for('user#user_password'));
<?php
throw new Exception("This functionality is currently unavailable.");
$email = trim(require_post("email", require_get("email", false)));
$confirm = require_post("confirm", false);
$messages = array();
$errors = array();
if ($email && $confirm) {
$q = db()->prepare("SELECT * FROM user_properties WHERE email=? AND ISNULL(password_hash) = 0");
$q->execute(array($email));
if ($user = $q->fetch()) {
$q = db()->prepare("UPDATE user_properties SET last_password_reset=NOW() WHERE id=?");
$q->execute(array($user['id']));
$user = get_user($user['id']);
$hash = md5(get_site_config('password_reset_salt') . $email . ":" . strtotime($user['last_password_reset']));
send_user_email($user, "password_reset", array("email" => $email, "name" => $user['name'] ? $user['name'] : $email, "ip" => user_ip(), "url" => absolute_url(url_for("password_reset", array('email' => $email, 'hash' => $hash)))));
$messages[] = t("Further instructions to change your password have been sent to your e-mail address :email.", array(':email' => htmlspecialchars($email)));
} else {
$errors[] = t("No such user account exists.");
}
}
require __DIR__ . "/../layout/templates.php";
page_header(t("Reset Password"), "page_password", array('js' => 'auth'));
?>
<?php
require_template("password");
?>
<div class="authentication-form">
<h2><?php
