public function __processForgottenPasswordRequest($context) { if (isset($_POST['action']['front-end-authentication']['forgot'])) { $username = function_exists('mysql_real_escape_string') ? mysql_real_escape_string($_POST['front-end-authentication']['username']) : addslashes($_POST['front-end-authentication']['username']); $password = $this->__getPasswordFromUsername($username); if (strlen($password) > 0) { $params = $context['params']; $params += array('username' => $username, 'password' => $password); $subject = self::__replaceParams(stripslashes($this->_Parent->Configuration->get('email-subject', 'frontend-authentication')), $params); $body = self::__replaceParams(stripslashes($this->_Parent->Configuration->get('email-body', 'frontend-authentication')), $params); General::sendEmail($username, 'noreply@' . parse_url($params['root'], PHP_URL_HOST), $params['website-name'], $subject, $body); define_safe('FRONT_END_AUTHENTICATION_EMAIL_SENT', true); return; } define_safe('FRONT_END_AUTHENTICATION_EMAIL_SENT', false); return; } }
### # Delegate: PasswordResetSuccess # Description: A successful password reset has taken place. Author ID is provided $CampfireManager->notifyMembers('PasswordResetSuccess', CURRENTPAGE, array('author_id' => $author['id'])); $_f = "newpass"; $error = "You have been sent an email with instructions."; } else { ### # Delegate: PasswordResetFailure # Description: A failed password reset has taken place. Author ID is provided $CampfireManager->notifyMembers('PasswordResetFailure', CURRENTPAGE, array('author_id' => $author['id'])); $error = "Symphony could not locate your account."; $_f = "forgot"; } } } if ($_REQUEST['action'] == "resetpass" && isset($_REQUEST['_t'])) { $sql = "SELECT t1.`id`, t1.`email`, t1.`firstname` " . "FROM `tbl_authors` as t1, `tbl_forgotpass` as t2 " . "WHERE t2.`token` = '" . $_REQUEST['_t'] . "' AND t1.`id` = t2.`author_id` " . "LIMIT 1"; $author = $DB->fetchRow(0, $sql); if (!empty($author)) { $newpass = General::generatePassword(); General::sendEmail($author['email'], "*****@*****.**", "Symphony Concierge", "RE: New Symphony Account Password", "Hi " . $author['firstname'] . ",\nAs requested, here is your new Symphony Author Password for '" . URL . "' \n\n\t{$newpass}\n\n" . "\n\nBest Regards,\nThe Symphony Team"); $DB->update(array("password" => md5($newpass)), "tbl_authors", "WHERE `id` = '" . $author['id'] . "' LIMIT 1"); $DB->delete("tbl_forgotpass", "WHERE `author_id` = '" . $author['id'] . "'"); ### # Delegate: PasswordResetRequest # Description: User has requested a password reset. Author ID is provided. $CampfireManager->notifyMembers('PasswordResetRequest', CURRENTPAGE, array('author_id' => $author['id'])); $error = "Password reset. Check your email"; } }
function action() { if (isset($_POST['action'])) { $actionParts = array_keys($_POST['action']); $action = end($actionParts); ##Login Attempted if ($action == 'login') { if (!isset($_POST['username']) || strlen(trim($_POST['username'])) == 0) { $this->invalid_credentials = true; $this->missing_username = true; } if (!isset($_POST['password']) || strlen(trim($_POST['password'])) == 0) { $this->invalid_credentials = true; $this->missing_password = true; } elseif (!Administration::instance()->login($_POST['username'], $_POST['password'])) { ## FIXME: Fix this delegate ### # Delegate: LoginFailure # Description: Failed login attempt. Username is provided. //Extension::notify('LoginFailure', getCurrentPage(), array('username' => $_POST['username'])); //$this->Body->appendChild(new XMLElement('p', 'Login invalid. <a href="'.ADMIN_URL . '/?forgot">Forgot your password?</a>')); //$this->_alert = 'Login invalid. <a href="'.ADMIN_URL . '/?forgot">Forgot your password?</a>'; $this->invalid_credentials = true; } else { ## FIXME: Fix this delegate ### # Delegate: LoginSuccess # Description: Successful login attempt. Username is provided. //Extension::notify('LoginSuccess', getCurrentPage(), array('username' => $_POST['username'])); if (isset($_POST['redirect'])) { redirect(URL . str_replace(parse_url(URL, PHP_URL_PATH), NULL, $_POST['redirect'])); } redirect(ADMIN_URL . '/'); } ##Reset of password requested } elseif ($action == 'reset') { $user = Symphony::Database()->query("SELECT id, email, first_name FROM `tbl_users` WHERE `email` = '%s'", array($_POST['email'])); if ($user->valid()) { $user = $user->current(); Symphony::Database()->delete('tbl_forgotpass', array(DateTimeObj::getGMT('c')), " `expiry` < '%s'"); $token = Symphony::Database()->query("\n\t\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\t\ttoken\n\t\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t\t`tbl_forgotpass`\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\texpiry > '%s'\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\t\t\tuser_id = %d\n\t\t\t\t\t\t\t", DateTimeObj::getGMT('c'), $user->id); if ($token->valid()) { $token = substr(md5(time() . rand(0, 200)), 0, 6); Symphony::Database()->insert('tbl_forgotpass', array('user_id' => $user->id, 'token' => $token, 'expiry' => DateTimeObj::getGMT('c', time() + 120 * 60))); } $this->_email_sent = General::sendEmail($user['email'], 'noreply@' . HTTP_HOST, __('Symphony Concierge'), __('New Symphony Account Password'), __('Hi %s,', array($user->first_name)) . PHP_EOL . __('A new password has been requested for your account. Login using the following link, and change your password via the Users area:') . PHP_EOL . PHP_EOL . ' ' . ADMIN_URL . "/login/{$token}/" . PHP_EOL . PHP_EOL . __('It will expire in 2 hours. If you did not ask for a new password, please disregard this email.') . PHP_EOL . PHP_EOL . __('Best Regards,') . PHP_EOL . __('The Symphony Team')); ## FIXME: Fix this delegate ### # Delegate: PasswordResetSuccess # Description: A successful password reset has taken place. User ID is provided //Extension::notify('PasswordResetSuccess', getCurrentPage(), array('user_id' => $user['id'])); } else { ## FIXME: Fix this delegate ### # Delegate: PasswordResetFailure # Description: A failed password reset has taken place. User ID is provided //Extension::notify('PasswordResetFailure', getCurrentPage(), array('user_id' => $user['id'])); $this->_email_sent = false; } ##Change of password requested } elseif ($action == 'change' && Administration::instance()->isLoggedIn()) { if (empty($_POST['password']) || empty($_POST['password-confirmation']) || $_POST['password'] != $_POST['password-confirmation']) { $this->_mismatchedPassword = true; } else { $user_id = Administration::instance()->User->id; $user = User::load($user_id); $user->set('password', md5(Symphony::Database()->escape($_POST['password']))); if (!User::save($user) || !Administration::instance()->login($user->username, $_POST['password'])) { redirect(URL . "symphony/system/users/edit/{$user_id}/error/"); } ## FIXME: Fix this delegate ### # Delegate: PasswordChanged # Description: After editing an User. ID of the User is provided. //Extension::notify('PasswordChanged', getCurrentPage(), array('user_id' => $user_id)); redirect(ADMIN_URL . '/'); } } } elseif ($_REQUEST['action'] == 'resetpass' && isset($_REQUEST['token'])) { $user = Symphony::Database()->query("\n\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\tu.id, u.email, u.first_name\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t`tbl_users` as u, `tbl_forgotpass` as t2\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tt2.`token` = '%s'\n\t\t\t\t\t\tAND\n\t\t\t\t\t\t\tu.`id` = t2.`user_id`\n\t\t\t\t\t\tLIMIT 1\n\t\t\t\t\t", $_REQUEST['token']); if ($user->valid()) { $user = $user->current(); $newpass = General::generatePassword(); General::sendEmail($user->email, 'noreply@' . HTTP_HOST, 'Symphony Concierge', 'RE: New Symphony Account Password', 'Hi ' . $user['first_name'] . ',' . PHP_EOL . "As requested, here is your new Symphony User Password for '" . URL . "'" . PHP_EOL . "\t{$newpass}" . PHP_EOL . PHP_EOL . 'Best Regards,' . PHP_EOL . 'The Symphony Team'); Symphony::Database()->update('tbl_users', array('password' => md5($newpass)), array($user->id), "`id` = '%d'"); Symphony::Database()->delete('tbl_forgotpass', array($user->id), " `user_id` = '%d'"); ## FIXME: Fix this delegate ### # Delegate: PasswordResetRequest # Description: User has requested a password reset. User ID is provided. //Extension::notify('PasswordResetRequest', getCurrentPage(), array('user_id' => $user['id'])); $this->_alert = 'Password reset. Check your email'; } } }
function action() { if (isset($_POST['action'])) { $actionParts = array_keys($_POST['action']); $action = end($actionParts); ##Login Attempted if ($action == 'login') { if (empty($_POST['username']) || empty($_POST['password']) || !$this->_Parent->login($_POST['username'], $_POST['password'])) { ## TODO: Fix Me ### # Delegate: LoginFailure # Description: Failed login attempt. Username is provided. //$ExtensionManager->notifyMembers('LoginFailure', getCurrentPage(), array('username' => $_POST['username'])); //$this->Body->appendChild(new XMLElement('p', 'Login invalid. <a href="'.URL.'/symphony/?forgot">Forgot your password?</a>')); //$this->_alert = 'Login invalid. <a href="'.URL.'/symphony/?forgot">Forgot your password?</a>'; $this->_invalidPassword = true; } else { ## TODO: Fix Me ### # Delegate: LoginSuccess # Description: Successful login attempt. Username is provided. //$ExtensionManager->notifyMembers('LoginSuccess', getCurrentPage(), array('username' => $_POST['username'])); if (isset($_POST['redirect'])) { redirect(URL . str_replace(parse_url(URL, PHP_URL_PATH), '', $_POST['redirect'])); } redirect(URL . '/symphony/'); } ##Reset of password requested } elseif ($action == 'reset') { $author = $this->_Parent->Database->fetchRow(0, "SELECT `id`, `email`, `first_name` FROM `tbl_authors` WHERE `email` = '" . $_POST['email'] . "'"); if (!empty($author)) { $this->_Parent->Database->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' "); if (!($token = $this->_Parent->Database->fetchVar('token', 0, "SELECT `token` FROM `tbl_forgotpass` WHERE `expiry` > '" . DateTimeObj::getGMT('c') . "' AND `author_id` = " . $author['id']))) { $token = substr(md5(time() . rand(0, 200)), 0, 6); $this->_Parent->Database->insert(array('author_id' => $author['id'], 'token' => $token, 'expiry' => DateTimeObj::getGMT('c', time() + 120 * 60)), 'tbl_forgotpass'); } $this->_email_sent = General::sendEmail($author['email'], $this->_Parent->Database->fetchVar('email', 0, "SELECT `email` FROM `tbl_authors` ORDER BY `id` ASC LIMIT 1"), __('Symphony Concierge'), __('New Symphony Account Password'), __('Hi %s,', array($author['first_name'])) . self::CRLF . __('A new password has been requested for your account. Login using the following link, and change your password via the Authors area:') . self::CRLF . self::CRLF . ' ' . URL . "/symphony/login/{$token}/" . self::CRLF . self::CRLF . __('It will expire in 2 hours. If you did not ask for a new password, please disregard this email.') . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team')); ## TODO: Fix Me ### # Delegate: PasswordResetSuccess # Description: A successful password reset has taken place. Author ID is provided //$ExtensionManager->notifyMembers('PasswordResetSuccess', getCurrentPage(), array('author_id' => $author['id'])); } else { ## TODO: Fix Me ### # Delegate: PasswordResetFailure # Description: A failed password reset has taken place. Author ID is provided //$ExtensionManager->notifyMembers('PasswordResetFailure', getCurrentPage(), array('author_id' => $author['id'])); $this->_email_sent = false; } ##Change of password requested } elseif ($action == 'change' && $this->_Parent->isLoggedIn()) { if (empty($_POST['password']) || empty($_POST['password-confirmation']) || $_POST['password'] != $_POST['password-confirmation']) { $this->_mismatchedPassword = true; } else { $author_id = $this->_Parent->Author->get('id'); require_once TOOLKIT . '/class.authormanager.php'; $authorManager = new AuthorManager($this->_Parent); $author = $authorManager->fetchByID($author_id); $author->set('password', md5($this->_Parent->Database->cleanValue($_POST['password']))); if (!$author->commit() || !$this->_Parent->login($author->get('username'), $_POST['password'])) { redirect(URL . "symphony/system/authors/edit/{$author_id}/error/"); } ## TODO: Fix me ### # Delegate: PasswordChanged # Description: After editing an author. ID of the author is provided. //$ExtensionManager->notifyMembers('PasswordChanged', getCurrentPage(), array('author_id' => $author_id)); redirect(URL . '/symphony/'); } } } elseif ($_REQUEST['action'] == 'resetpass' && isset($_REQUEST['token'])) { $sql = "SELECT t1.`id`, t1.`email`, t1.`first_name` \n\t\t\t\t\t FROM `tbl_authors` as t1, `tbl_forgotpass` as t2\n\t\t\t\t\t \tWHERE t2.`token` = '" . $_REQUEST['token'] . "' AND t1.`id` = t2.`author_id`\n\t\t\t\t\t \tLIMIT 1"; $author = $this->_Parent->Database->fetchRow(0, $sql); if (!empty($author)) { $newpass = General::generatePassword(); General::sendEmail($author['email'], '*****@*****.**', 'Symphony Concierge', 'RE: New Symphony Account Password', 'Hi ' . $author['first_name'] . ',' . self::CRLF . "As requested, here is your new Symphony Author Password for '" . URL . "'" . self::CRLF . "\t{$newpass}" . self::CRLF . self::CRLF . 'Best Regards,' . self::CRLF . 'The Symphony Team'); $this->_Parent->Database->update(array('password' => md5($newpass)), 'tbl_authors', " `id` = '" . $author['id'] . "' LIMIT 1"); $this->_Parent->Database->delete('tbl_forgotpass', " `author_id` = '" . $author['id'] . "'"); ## TODO: Fix Me ### # Delegate: PasswordResetRequest # Description: User has requested a password reset. Author ID is provided. //$ExtensionManager->notifyMembers('PasswordResetRequest', getCurrentPage(), array('author_id' => $author['id'])); $this->_alert = 'Password reset. Check your email'; } } }
function __doit($source, $fields, &$result, &$obj, &$event, $filters, $position = NULL, $entry_id = NULL) { $post_values = new XMLElement('post-values'); $post = General::getPostData(); $filter_results = array(); ## Create the post data cookie element if (is_array($post) && !empty($post)) { General::array_to_xml($post_values, $fields, true); } ### # Delegate: EventPreSaveFilter # Description: Prior to saving entry from the front-end. This delegate will force the Event to terminate if it populates the error # array reference. Provided with references to this object, the POST data and also the error array $obj->ExtensionManager->notifyMembers('EventPreSaveFilter', '/frontend/', array('fields' => $fields, 'event' => &$event, 'messages' => &$filter_results, 'post_values' => &$post_values)); if (is_array($filter_results) && !empty($filter_results)) { foreach ($filter_results as $fr) { list($type, $status, $message) = $fr; $result->appendChild(buildFilterElement($type, $status ? 'passed' : 'failed', $message)); if (!$status) { $result->appendChild($post_values); $result->setAttribute('result', 'error'); $result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.'))); return false; } } } include_once TOOLKIT . '/class.sectionmanager.php'; include_once TOOLKIT . '/class.entrymanager.php'; $sectionManager = new SectionManager($obj); if (!($section = $sectionManager->fetch($source))) { $result->setAttribute('result', 'error'); $result->appendChild(new XMLElement('message', __('Section is invalid'))); return false; } $entryManager = new EntryManager($obj); if (isset($entry_id) && $entry_id != NULL) { $entry =& $entryManager->fetch($entry_id); $entry = $entry[0]; if (!is_object($entry)) { $result->setAttribute('result', 'error'); $result->appendChild(new XMLElement('message', __('Invalid Entry ID specified. Could not create Entry object.'))); return false; } } else { $entry =& $entryManager->create(); $entry->set('section_id', $source); } $filter_errors = array(); if (__ENTRY_FIELD_ERROR__ == $entry->checkPostData($fields, $errors, $entry->get('id') ? true : false)) { $result->setAttribute('result', 'error'); $result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.'))); foreach ($errors as $field_id => $message) { $field = $entryManager->fieldManager->fetch($field_id); $result->appendChild(new XMLElement($field->get('element_name'), NULL, array('type' => $fields[$field->get('element_name')] == '' ? 'missing' : 'invalid', 'message' => General::sanitize($message)))); } if (isset($post_values) && is_object($post_values)) { $result->appendChild($post_values); } return false; } elseif (__ENTRY_OK__ != $entry->setDataFromPost($fields, $errors, false, $entry->get('id') ? true : false)) { $result->setAttribute('result', 'error'); $result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.'))); if (isset($errors['field_id'])) { $errors = array($errors); } foreach ($errors as $err) { $field = $entryManager->fieldManager->fetch($err['field_id']); $result->appendChild(new XMLElement($field->get('element_name'), NULL, array('type' => 'invalid'))); } if (isset($post_values) && is_object($post_values)) { $result->appendChild($post_values); } return false; } else { if (!$entry->commit()) { $result->setAttribute('result', 'error'); $result->appendChild(new XMLElement('message', __('Unknown errors where encountered when saving.'))); if (isset($post_values) && is_object($post_values)) { $result->appendChild($post_values); } return false; } $result->setAttribute('id', $entry->get('id')); } ## PASSIVE FILTERS ONLY AT THIS STAGE. ENTRY HAS ALREADY BEEN CREATED. if (@in_array('send-email', $filters) && !@in_array('expect-multiple', $filters)) { if (!function_exists('__sendEmailFindFormValue')) { function __sendEmailFindFormValue($needle, $haystack, $discard_field_name = true, $default = NULL, $collapse = true) { if (preg_match('/^(fields\\[[^\\]]+\\],?)+$/i', $needle)) { $parts = preg_split('/\\,/i', $needle, -1, PREG_SPLIT_NO_EMPTY); $parts = array_map('trim', $parts); $stack = array(); foreach ($parts as $p) { $field = str_replace(array('fields[', ']'), '', $p); $discard_field_name ? $stack[] = $haystack[$field] : ($stack[$field] = $haystack[$field]); } if (is_array($stack) && !empty($stack)) { return $collapse ? implode(' ', $stack) : $stack; } else { $needle = NULL; } } $needle = trim($needle); if (empty($needle)) { return $default; } return $needle; } } $fields = $_POST['send-email']; $fields['recipient'] = __sendEmailFindFormValue($fields['recipient'], $_POST['fields'], true); $fields['recipient'] = preg_split('/\\,/i', $fields['recipient'], -1, PREG_SPLIT_NO_EMPTY); $fields['recipient'] = array_map('trim', $fields['recipient']); $fields['recipient'] = $obj->Database->fetch("SELECT `email`, `first_name` FROM `tbl_authors` WHERE `username` IN ('" . @implode("', '", $fields['recipient']) . "') "); $fields['subject'] = __sendEmailFindFormValue($fields['subject'], $_POST['fields'], true, __('[Symphony] A new entry was created on %s', array($obj->Configuration->get('sitename', 'general')))); $fields['body'] = __sendEmailFindFormValue($fields['body'], $_POST['fields'], false, NULL, false); $fields['sender-email'] = __sendEmailFindFormValue($fields['sender-email'], $_POST['fields'], true, 'noreply@' . parse_url(URL, PHP_URL_HOST)); $fields['sender-name'] = __sendEmailFindFormValue($fields['sender-name'], $_POST['fields'], true, 'Symphony'); $edit_link = URL . '/symphony/publish/' . $section->get('handle') . '/edit/' . $entry->get('id') . '/'; $body = __('Dear <!-- RECIPIENT NAME -->,') . General::CRLF . __('This is a courtesy email to notify you that an entry was created on the %1$s section. You can edit the entry by going to: %2$s', array($section->get('name'), $edit_link)) . General::CRLF . General::CRLF; if (is_array($fields['body'])) { foreach ($fields['body'] as $field_handle => $value) { $body .= "// {$field_handle}" . General::CRLF . $value . General::CRLF . General::CRLF; } } else { $body .= $fields['body']; } $errors = array(); if (!is_array($fields['recipient']) || empty($fields['recipient'])) { $result->appendChild(buildFilterElement('send-email', 'failed', __('No valid recipients found. Check send-email[recipient] field.'))); } else { foreach ($fields['recipient'] as $r) { list($email, $name) = array_values($r); if (!General::sendEmail($email, $fields['sender-email'], $fields['sender-name'], $fields['subject'], str_replace('<!-- RECIPIENT NAME -->', $name, $body))) { $errors[] = $email; } } if (!empty($errors)) { $xml = buildFilterElement('send-email', 'failed'); foreach ($errors as $address) { $xml->appendChild(new XMLElement('recipient', $address)); } $result->appendChild($xml); } else { $result->appendChild(buildFilterElement('send-email', 'passed')); } } } $filter_results = array(); ### # Delegate: EventPostSaveFilter # Description: After saving entry from the front-end. This delegate will not force the Events to terminate if it populates the error # array reference. Provided with references to this object, the POST data and also the error array $obj->ExtensionManager->notifyMembers('EventPostSaveFilter', '/frontend/', array('entry_id' => $entry->get('id'), 'fields' => $fields, 'entry' => $entry, 'event' => &$event, 'messages' => &$filter_results)); if (is_array($filter_results) && !empty($filter_results)) { foreach ($filter_results as $fr) { list($type, $status, $message) = $fr; $result->appendChild(buildFilterElement($type, $status ? 'passed' : 'failed', $message)); } } ### # Delegate: EventFinalSaveFilter $obj->ExtensionManager->notifyMembers('EventFinalSaveFilter', '/frontend/', array('fields' => $fields, 'event' => &$event, 'errors' => &$filter_errors, 'entry' => $entry)); $result->setAttributeArray(array('result' => 'success', 'type' => isset($entry_id) ? 'edited' : 'created')); $result->appendChild(new XMLElement('message', isset($entry_id) ? __('Entry edited successfully.') : __('Entry created successfully.'))); if (isset($post_values) && is_object($post_values)) { $result->appendChild($post_values); } return true; ## End Function }
protected function __trigger() { $success = true; $result = new XMLElement('forgot-password'); $Members = $this->_Parent->ExtensionManager->create('members'); $username = $email = $code = NULL; if (isset($_POST['fields']['code']) && strlen(trim($_POST['fields']['code'])) > 0) { $code = $_POST['fields']['code']; $new_password = General::generatePassword(); self::__init(); $db = ASDCLoader::instance(); // Make sure we dont accidently use an expired token extension_Members::purgeTokens(); $token_row = $db->query(sprintf("SELECT * FROM `tbl_members_login_tokens` WHERE `token` = '%s' LIMIT 1", $db->escape($code)))->current(); // No code, you are a spy! if ($token_row === false) { redirect(URL . '/members/reset-pass/failed/'); } // Attempt to update the password $db->query(sprintf("UPDATE `tbl_entries_data_%d` SET `password` = '%s' WHERE `entry_id` = %d LIMIT 1", $Members->usernameAndPasswordField(), md5($new_password), $token_row->member_id)); extension_Members::purgeTokens($token_row->member_id); // SEND THE EMAIL!! $entry = $Members->initialiseMemberObject($token_row->member_id); $email_address = $entry->getData(self::findFieldID('email-address', 'members')); $name = $entry->getData(self::findFieldID('name', 'members')); $subject = 'Your new password'; $body = 'Dear {$name}, Just now, you have asked the Symphony brain trust to bestow you with a new password. Well, here it is: {$new-password} There\'s a good chance that you won\'t like this new password and want to change it - don\'t worry, we\'re not offended. You can do that once you\'ve logged in by going here: {$root}/members/change-pass/ If you have any trouble, please email us at support@symphony-cms.com and we\'ll do our best to help. Regards, Symphony Team'; $body = str_replace(array('{$name}', '{$root}', '{$new-password}'), array($name['value'], URL, $new_password), $body); $sender_email = 'noreply@' . parse_url(URL, PHP_URL_HOST); $sender_name = Symphony::Configuration()->get('sitename', 'general'); General::sendEmail($email_address['value'], $sender_email, $sender_name, $subject, $body); redirect(URL . '/members/reset-pass/success/'); } // Username take precedence if (isset($_POST['fields']['member-username']) && strlen(trim($_POST['fields']['member-username'])) > 0) { $username = $_POST['fields']['member-username']; } if (isset($_POST['fields']['member-email-address']) && strlen(trim($_POST['fields']['member-email-address'])) > 0) { $email = $_POST['fields']['member-email-address']; } if (is_null($username) && is_null($email)) { $success = false; $result->appendChild(new XMLElement('member-username', NULL, array('type' => 'missing'))); $result->appendChild(new XMLElement('member-email-address', NULL, array('type' => 'missing'))); } else { $members = array(); if (!is_null($email)) { $members = $Members->findMemberIDFromEmail($email); } if (!is_null($username)) { $members[] = $Members->findMemberIDFromUsername($username); } // remove duplicates $members = array_unique($members); try { if (is_array($members) && !empty($members)) { foreach ($members as $member_id) { $Members->sendForgotPasswordEmail($member_id); } redirect(URL . '/members/reset-pass/code/'); } } catch (Exception $e) { // Shouldn't get here, but will catch an invalid member ID if it does } $success = false; } $result->setAttribute('status', $success === true ? 'success' : 'error'); return $result; }
private function __sendNewRegistrationEmail(Entry $entry, array $fields = array()) { $role_data = $entry->getData($this->roleField()); if (!($role = $this->fetchRole($role_data['role_id']))) { return; } if ($role->email_body() == NULL || self::memberEmailFieldID() == NULL || $role->email_subject() == NULL) { return; } $email_address_data = $entry->getData(self::memberEmailFieldID()); $to_address = $email_address_data['value']; $subject = $this->__replaceFieldsInString($role->email_subject(), $entry); $body = $this->__replaceFieldsInString($role->email_body(), $entry); $token = $this->generateToken($entry->get('id')); $body = str_replace(array('{$root}', '{$activation-token}'), array(URL, $token), $body); $body = str_replace('{$' . $this->usernameAndPasswordFieldHandle() . '::plaintext-password}', $fields[$this->usernameAndPasswordFieldHandle()]['password'], $body); $body = str_replace('{$' . $this->usernameAndPasswordFieldHandle() . '::username}', $fields[$this->usernameAndPasswordFieldHandle()]['username'], $body); $sender_email = 'noreply@' . parse_url(URL, PHP_URL_HOST); $sender_name = Symphony::Configuration()->get('sitename', 'general'); General::sendEmail($to_address, $sender_email, $sender_name, $subject, $body); }
public function sendEmail($entry_id, $template_id) { header('content-type: text/plain'); $template = $this->getTemplate($template_id); $conditions = $this->getConditions($template_id); $data = $this->getData($template, $entry_id); $xpath = new DOMXPath($data); $email = null; // Find condition: foreach ($conditions as $condition) { if (empty($condition['expression'])) { $email = $condition; break; } $results = $xpath->query($condition['expression']); if ($results->length > 0) { /* foreach ($results as $node) { var_dump($data->saveXML($node)); } */ $email = $condition; break; } } if (is_null($email)) { return; } // Replace {xpath} queries: foreach ($email as $key => $value) { $content = $email[$key]; $replacements = array(); // Find queries: preg_match_all('/\\{[^\\}]+\\}/', $content, $matches); // Find replacements: foreach ($matches[0] as $match) { $results = @$xpath->query(trim($match, '{}')); if ($results->length) { $replacements[$match] = $results->item(0)->nodeValue; } else { $replacements[$match] = ''; } } $content = str_replace(array_keys($replacements), array_values($replacements), $content); $email[$key] = $content; } // Find generator: $page = $this->getPage($email['page']); $generator = URL; if ($page->path) { $generator .= '/' . $page->path; } $generator .= '/' . $page->handle; $generator = rtrim($generator, '/'); $params = trim($email['params'], '/'); $email['generator'] = "{$generator}/{$params}/"; // Add values: $email['message'] = (string) file_get_contents($email['generator']); $email['condition_id'] = $email['id']; $email['entry_id'] = $entry_id; // Remove junk: unset($email['id']); unset($email['expression']); unset($email['type']); unset($email['sortorder']); unset($email['page']); unset($email['params']); unset($email['generator']); //var_dump($data->saveXML()); //var_dump(self::$params); //var_dump($email); //exit; // Send the email: $return = General::sendEmail($email['recipients'], $email['senders'], $email['sender'], $email['subject'], $email['message'], array('mime-version' => '1.0', 'content-type' => 'text/html; charset="UTF-8"')); // Log the email: $email['success'] = $return ? 'yes' : 'no'; $email['date'] = DateTimeObj::get('c'); $this->_Parent->Database->insert($email, 'tbl_etf_logs'); return $return; }
function __emailEntryAuthor($comment, $entry) { #$entry = $this->_db->fetchRow(0, "SELECT * FROM tbl_entries WHERE tbl_entries.id = '".$comment['entry_id']."' LIMIT 1"); $author = $this->_db->fetchRow(0, "SELECT * FROM tbl_authors WHERE tbl_authors.id = '" . $entry['author_id'] . "' && `email` != '" . $comment['author_email'] . "' LIMIT 1"); General::sendEmail($author['email'], "*****@*****.**", "Symphony Concierge", $comment['author_name'] . " has posted a comment on '" . $this->_parent->getConfigVar("sitename", "general") . "'", "Hi " . $author["firstname"] . "," . "\nThis is to inform you that " . $comment['author_name'] . " has posted a comment to one of your entries (" . $_SERVER['HTTP_REFERER'] . "). Below is a summary." . "\n\nEntry: " . strip_tags($entry['fields'][$entry['primary_field']]['value']) . " (" . URL . "/symphony/?page=/publish/section/edit/&_sid=" . $entry['section_id'] . "&id=" . $entry['id'] . ")" . "\nComment Author: " . $comment['author_name'] . ($comment['author_url'] != "" ? " (" . $comment['author_url'] . ")" : "") . "\nComment Email: " . $comment['author_email'] . "\n\nComment Body: \n" . $comment['body'] . "\n\n\nYou can moderate this comment by visiting the Comments section of your Symphony Admin. " . "\nIf you do not wish to receive emails if the future, simply turn off email notification in your Comments settings area.\n"); }
public function action() { if (isset($_POST['action'])) { $actionParts = array_keys($_POST['action']); $action = end($actionParts); ##Login Attempted if ($action == 'login') { if (empty($_POST['username']) || empty($_POST['password']) || !Administration::instance()->login($_POST['username'], $_POST['password'])) { /** * A failed login attempt into the Symphony backend * * @delegate AuthorLoginFailure * @since Symphony 2.2 * @param string $context * '/login/' * @param string $username * The username of the Author who attempted to login. */ Symphony::ExtensionManager()->notifyMembers('AuthorLoginFailure', '/login/', array('username' => $_POST['username'])); $this->_invalidPassword = true; } else { /** * A successful login attempt into the Symphony backend * * @delegate AuthorLoginSuccess * @since Symphony 2.2 * @param string $context * '/login/' * @param string $username * The username of the Author who logged in. */ Symphony::ExtensionManager()->notifyMembers('AuthorLoginSuccess', '/login/', array('username' => $_POST['username'])); if (isset($_POST['redirect'])) { redirect(URL . str_replace(parse_url(URL, PHP_URL_PATH), '', $_POST['redirect'])); } redirect(SYMPHONY_URL); } ##Reset of password requested } elseif ($action == 'reset') { $author = Symphony::Database()->fetchRow(0, "SELECT `id`, `email`, `first_name` FROM `tbl_authors` WHERE `email` = '" . Symphony::Database()->cleanValue($_POST['email']) . "'"); if (!empty($author)) { Symphony::Database()->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' "); if (!($token = Symphony::Database()->fetchVar('token', 0, "SELECT `token` FROM `tbl_forgotpass` WHERE `expiry` > '" . DateTimeObj::getGMT('c') . "' AND `author_id` = " . $author['id']))) { $token = substr(General::hash(time() . rand(0, 1000)), 0, 6); Symphony::Database()->insert(array('author_id' => $author['id'], 'token' => $token, 'expiry' => DateTimeObj::getGMT('c', time() + 120 * 60)), 'tbl_forgotpass'); } try { $email = Email::create(); $email->recipients = $author['email']; $email->subject = __('New Symphony Account Password'); $email->text_plain = __('Hi %s,', array($author['first_name'])) . self::CRLF . __('A new password has been requested for your account. Login using the following link, and change your password via the Authors area:') . self::CRLF . self::CRLF . ' ' . SYMPHONY_URL . "/login/{$token}/" . self::CRLF . self::CRLF . __('It will expire in 2 hours. If you did not ask for a new password, please disregard this email.') . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team'); $email->send(); $this->_email_sent = true; } catch (Exception $e) { } catch (EmailGatewayException $e) { throw new SymphonyErrorPage('Error sending email. ' . $e->getMessage()); } /** * When a password reset has occured and after the Password * Reset email has been sent. * * @delegate AuthorPostPasswordResetSuccess * @since Symphony 2.2 * @param string $context * '/login/' * @param integer $author_id * The ID of the Author who requested the password reset */ Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetSuccess', '/login/', array('author_id' => $author['id'])); } else { /** * When a password reset has been attempted, but Symphony doesn't * recognise the credentials the user has given. * * @delegate AuthorPostPasswordResetFailure * @since Symphony 2.2 * @param string $context * '/login/' * @param string $email * The santizied Email of the Author who tried to request the password reset */ Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetFailure', '/login/', array('email' => Symphony::Database()->cleanValue($_POST['email']))); $this->_email_sent = false; } ##Change of password requested } elseif ($action == 'change' && Administration::instance()->isLoggedIn()) { if (empty($_POST['password']) || empty($_POST['password-confirmation']) || $_POST['password'] != $_POST['password-confirmation']) { $this->_mismatchedPassword = true; } else { $author_id = Administration::instance()->Author->get('id'); $author = AuthorManager::fetchByID($author_id); $author->set('password', General::hash(Symphony::Database()->cleanValue($_POST['password']))); if (!$author->commit() || !Administration::instance()->login($author->get('username'), $_POST['password'])) { redirect(SYMPHONY_URL . "/system/authors/edit/{$author_id}/error/"); } /** * When an Author changes their password as the result of a login * with an emergency token (ie. forgot password). Just after their * new password has been set successfully * * @delegate AuthorPostPasswordChange * @since Symphony 2.2 * @param string $context * '/login/' * @param integer $author_id * The ID of the Author who has just changed their password */ Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordChange', '/login/', array('author_id' => $author_id)); redirect(SYMPHONY_URL); } } } elseif ($_REQUEST['action'] == 'resetpass' && isset($_REQUEST['token'])) { $author = Symphony::Database()->fetchRow(0, "SELECT t1.`id`, t1.`email`, t1.`first_name`\n\t\t\t\t\t\tFROM `tbl_authors` as t1, `tbl_forgotpass` as t2\n\t\t\t\t\t \tWHERE t2.`token` = '" . Symphony::Database()->cleanValue($_REQUEST['token']) . "' AND t1.`id` = t2.`author_id`\n\t\t\t\t\t \tLIMIT 1"); if (!empty($author)) { $newpass = General::generatePassword(); General::sendEmail($author['email'], Symphony::Database()->fetchVar('email', 0, "SELECT `email` FROM `tbl_authors` ORDER BY `id` ASC LIMIT 1"), __('Symphony Concierge'), __('New Symphony Account Password'), __('Hi %s,', array($author['first_name'])) . self::CRLF . __("As requested, here is your new Symphony Author Password for ") . URL . " " . self::CRLF . " {$newpass}" . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team')); Symphony::Database()->update(array('password' => General::hash($newpass)), 'tbl_authors', " `id` = '" . $author['id'] . "' LIMIT 1"); Symphony::Database()->delete('tbl_forgotpass', " `author_id` = '" . $author['id'] . "'"); /** * Just after a Forgot Password email has been sent to the Author * who has requested a password reset. * * @delegate AuthorPostPasswordResetRequest * @since Symphony 2.2 * @param string $context * '/login/' * @param integer $author_id * The ID of the Author who has requested their password be reset */ Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetRequest', '/login/', array('author_id' => $author['id'])); $this->_alert = __('Password reset. Check your email'); } } }
function trigger() { $result = new XMLElement("send-email"); $fields['recipient_username'] = $_POST['recipient-username']; $fields['email'] = $_POST['email']; $fields['name'] = $_POST['name']; $fields['subject'] = stripslashes(strip_tags($_POST['subject'])); $fields['message'] = stripslashes(strip_tags($_POST['message'])); $fields = array_map("trim", $fields); ## Create the cookie elements $cookie = new XMLElement("cookie"); $cookie->addChild(new XMLElement("name", $fields['name'])); $cookie->addChild(new XMLElement("email", $fields['email'])); $cookie->addChild(new XMLElement("subject", $fields['subject'])); $cookie->addChild(new XMLElement("message", General::sanitize($fields['message']))); $result->addChild($cookie); $usernames = @implode("', '", @explode(" ", $fields['recipient_username'])); $email_addresses = $this->_parent->_db->fetchCol("email", "SELECT `email` FROM `tbl_authors` WHERE `username` IN ('" . $usernames . "')"); $canProceed = true; if ($fields['email'] == "" || $fields['name'] == "" || $fields['subject'] == "" || $fields['message'] == "") { $xMissing = new XMLElement("missing"); if ($fields['email'] == "") { $missing = new XMLElement("input"); $missing->setAttribute("name", "email"); $xMissing->addChild($missing); } if ($fields['name'] == "") { $missing = new XMLElement("input"); $missing->setAttribute("name", "name"); $xMissing->addChild($missing); } if ($fields['subject'] == "") { $missing = new XMLElement("input"); $missing->setAttribute("name", "subject"); $xMissing->addChild($missing); } if ($fields['message'] == "") { $missing = new XMLElement("input"); $missing->setAttribute("name", "message"); $xMissing->addChild($missing); } $result->addChild($xMissing); $canProceed = false; } if (!ereg('^[a-zA-Z0-9_\\.\\-]+@[a-zA-Z0-9\\-]+\\.[a-zA-Z0-9\\-\\.]+$', $fields['email'])) { $invalid = new XMLElement("invalid"); $xInvalid = new XMLElement("input"); $xInvalid->setAttribute("name", "email"); $invalid->addChild($xInvalid); $result->addChild($invalid); $canProceed = false; } if (!$canProceed) { $result->setAttribute("sent", "false"); } else { $errors = array(); foreach ($email_addresses as $e) { if (!General::sendEmail($e, $fields['email'], $fields['name'], $fields['subject'], $fields['message'])) { $errors[] = $fields['recipient-email']; } } if (!empty($errors)) { $result->addChild(new XMLElement("notice", "Email could not be sent. An unknown error occurred.")); $result->setAttribute("sent", "false"); } else { $result->addChild(new XMLElement("notice", "Email sent successfully")); $result->setAttribute("sent", "true"); } } return $result; }