static function addAuthor($username, $password, $email, $userlevel, $right_publish, $no_create)
{
global $serendipity;
if (!is_array(serendipity_db_query("SELECT username FROM {$serendipity['dbPrefix']}pending_authors LIMIT 1", true, 'both', false, false, false, true))) {
serendipity_db_schema_import("CREATE TABLE {$serendipity['dbPrefix']}pending_authors (\n username varchar(20) default null,\n password varchar(128) default null,\n email varchar(128) not null default '',\n userlevel int(4) {UNSIGNED} not null default '0',\n right_publish int(1) default '1',\n no_create int(1) default '0',\n hash varchar(32) default null\n );");
}
$hash = md5(time());
if (function_exists('serendipity_hash')) {
// Serendipity 1.5 style
$hashpw = serendipity_hash($password);
} else {
$hashpw = md5($password);
}
serendipity_db_insert('pending_authors', array('username' => $username, 'password' => $hashpw, 'email' => $email, 'userlevel' => $userlevel, 'right_publish' => serendipity_db_bool($right_publish) ? '1' : '0', 'no_create' => serendipity_db_bool($no_create) ? '1' : '0', 'hash' => $hash));
return $hash;
}
/**
* Backwards-compatibility to recognize old-style md5 passwords to allow migration
*
* @param string The string to hash
* @param string Either SHA1 or MD5 hash, depending on value
*/
function serendipity_passwordhash($cleartext_password)
{
global $serendipity;
if ($_SESSION['serendipityHashType'] > 0) {
return serendipity_hash($cleartext_password);
} else {
return md5($cleartext_password);
}
}
function event_hook($event, &$bag, &$eventData, $addData = null)
{
global $serendipity;
$hooks =& $bag->get('event_hooks');
if (isset($hooks[$event])) {
switch ($event) {
case 'backend_login_page':
// first LINK
if (!isset($_GET['forgotpassword']) && !isset($_GET['username']) && !isset($_POST['username'])) {
$eventData['footer'] = '
<table cellspacing="10" cellpadding="0" border="0" align="center">
<tr>
<td colspan="2" align="right"><a href="?forgotpassword=1">' . PLUGIN_EVENT_FORGOTPASSWORD_LOST_PASSWORD . '</a></td>
</tr>
</table>';
return true;
// first FORM
} elseif (!isset($_POST['username']) && !isset($_GET['uid'])) {
$eventData['footer'] = '
<form action="serendipity_admin.php" method="post">
<table cellspacing="10" cellpadding="0" border="0" align="center">
<tr>
<td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_ENTER_USERNAME . '</td>
</tr>
<tr>
<td>' . USERNAME . '</td>
<td><input class="input_textbox" type="text" name="username" /></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="forgot" value="' . PLUGIN_EVENT_FORGOTPASSWORD_SEND_EMAIL . '" class="serendipityPrettyButton input_button" /></td>
</tr>
</table>
</form>';
return true;
// submitted FORM (send an email to user and show a simple page)
} elseif (!isset($_POST['uid']) && isset($_POST['username'])) {
$q = 'SELECT email, authorid FROM ' . $serendipity['dbPrefix'] . 'authors where username = \'' . serendipity_db_escape_string($_POST['username']) . '\'';
$sql = serendipity_db_query($q);
if (!is_array($sql) || count($sql) < 1) {
$eventData['footer'] = '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . PLUGIN_EVENT_FORGOTPASSWORD_USER_NOT_EXIST . '</div>';
return true;
}
if ($sql && is_array($sql)) {
if (empty($sql[0]['email'])) {
$eventData['footer'] = '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . $this->get_config('nomailinfo') . '</div>';
if ($this->get_config('nomailadd') != '') {
$sent = serendipity_sendMail($this->get_config('nomailadd'), PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_SUBJECT, sprintf($this->get_config('nomailtxt'), $_POST['username']), NULL);
}
return true;
}
$res = $sql[0];
$email = $res['email'];
$authorid = $res['authorid'];
$md5 = md5(uniqid(time()));
$q = 'INSERT INTO ' . $serendipity['dbPrefix'] . 'forgotpassword VALUES (\'' . $md5 . '\', \'' . $authorid . '\')';
$sql = serendipity_db_query($q);
if (!$sql) {
$eventData['footer'] = '
<table cellspacing="10" cellpadding="0" border="0" align="center">
<tr>
<td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_DB_ERROR . '</td>
</tr>
</table>';
return true;
}
$sent = serendipity_sendMail($email, PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_SUBJECT, PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_BODY . $serendipity['baseURL'] . 'serendipity_admin.php?username='******'&uid=' . $md5, NULL);
if ($sent) {
$eventData['footer'] = '
<table cellspacing="10" cellpadding="0" border="0" align="center">
<tr>
<td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_SENT . '</td>
</tr>
</table>';
} else {
$eventData['footer'] = '
<table cellspacing="10" cellpadding="0" border="0" align="center">
<tr>
<td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_CANNOT_SEND . '</td>
</tr>
</table>';
}
return true;
} else {
$eventData['footer'] = '
<table cellspacing="10" cellpadding="0" border="0" align="center">
<tr>
<td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_DB_ERROR . '</td>
</tr>
</table>';
return true;
}
// clicked link in user email
} elseif (isset($_GET['uid']) && isset($_GET['username']) && !isset($_POST['password'])) {
$eventData['footer'] = '
<form action="serendipity_admin.php" method="post">
<table cellspacing="10" cellpadding="0" border="0" align="center">
<tr>
<td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_ENTER_PASSWORD . '</td>
</tr>
<tr>
<td>' . PASSWORD . '</td>
<td><input class="input_textbox" type="password" name="password" />
<input type="hidden" name="username" value="' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($_GET['username']) : htmlspecialchars($_GET['username'], ENT_COMPAT, LANG_CHARSET)) . '" />
<input type="hidden" name="uid" value="' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($_GET['uid']) : htmlspecialchars($_GET['uid'], ENT_COMPAT, LANG_CHARSET)) . '" /></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="forgot" value="' . PLUGIN_EVENT_FORGOTPASSWORD_CHANGE_PASSWORD . '" class="serendipityPrettyButton input_button" /></td>
</tr>
</table>
</form>';
return true;
// changed password page
} elseif (isset($_POST['uid']) && isset($_POST['username']) && isset($_POST['password'])) {
$q = 'SELECT * FROM ' . $serendipity['dbPrefix'] . 'forgotpassword where authorid = \'' . serendipity_db_escape_string($_POST['username']) . '\' and uid = \'' . serendipity_db_escape_string($_POST['uid']) . '\'';
$sql = serendipity_db_query($q);
if ($sql && is_array($sql)) {
$res = $sql[0];
$authorid = $res['authorid'];
if (function_exists('serendipity_hash')) {
$password = serendipity_hash($_POST['password']);
$q = 'UPDATE ' . $serendipity['dbPrefix'] . 'authors SET hashtype=1, password=\'' . $password . '\' where authorid = \'' . serendipity_db_escape_string($_POST['username']) . '\'';
} else {
$password = md5($_POST['password']);
$q = 'UPDATE ' . $serendipity['dbPrefix'] . 'authors SET password=\'' . $password . '\' where authorid = \'' . serendipity_db_escape_string($_POST['username']) . '\'';
}
$sql = serendipity_db_query($q);
if (!$sql) {
$eventData['footer'] = '
<table cellspacing="10" cellpadding="0" border="0" align="center">
<tr>
<td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_DB_ERROR . '</td>
</tr>
</table>';
return true;
}
$q = 'DELETE FROM ' . $serendipity['dbPrefix'] . 'forgotpassword where authorid = \'' . serendipity_db_escape_string($_POST['username']) . '\'';
$sql = serendipity_db_query($q);
$eventData['footer'] = '
<table cellspacing="10" cellpadding="0" border="0" align="center">
<tr>
<td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_PASSWORD_CHANGED . '</td>
</tr>
</table>';
return true;
} else {
$eventData['footer'] = '
<table cellspacing="10" cellpadding="0" border="0" align="center">
<tr>
<td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_DB_ERROR . '</td>
</tr>
</table>';
return true;
}
}
break;
default:
return false;
}
} else {
return false;
}
return false;
}