} elseif (strlen($userPassword) < 8 || strlen($userPassword) > 30) {
WrongPasswordLength();
// Invalid Old Password
} elseif (preg_match("/^[A-Za-z0-9@#\$%^&+=!.-_]+\$/", $userPasswordOld) == 0) {
InvalidOldPassword();
// Old Password has less than 8 characters or more than 30
} elseif (strlen($userPasswordOld) < 8 || strlen($userPasswordOld) > 30) {
WrongOldPasswordLength();
// Passwords do not match
} elseif ($userPassword != $userPasswordBis) {
DifferentPasswords();
} else {
// VALIDATION PASSED -------------------------------------------------------
// Encoding the passwords
$userPassword = EncodePassword($userPassword, $ldap_enc);
$userPasswordOld = EncodePassword($userPasswordOld, $ldap_enc);
// We are going to search for a user entry matching the data provided by
// the user on the form
// We stablish what attributes are going to be retrieved from each entry
$search_limit = array("dn");
// The filter string to search through LDAP
$search_string = "(&(mail=" . $mail . ")(userPassword="******")(uid=" . $uid . "))";
// The attribute the array of entries is going to be sorted by
$sort_string = 'dn';
// Searching ...
$search_entries = AssistedLDAPSearch($ldapc, $ldap_base, $search_string, $search_limit, $sort_string);
// How much did we get?
$result_count = $search_entries['count'];
// If we didn't get any entries, there are no user entries matching the
// data provided by the user. Maybe the user doesn't exist or the user made
// a mistake entering the data
// If we have zero coincidences, then the user somehow was removed from LDAP
// just after he made the Reset Password petition
if ($result_count == 0) {
NoResults();
// If we have more than one entry with the same data, then database is corrupted
// and we are in a big mess
} elseif ($result_count > 1) {
MultipleResults();
// If we got one coincidence, we are on the right path
} elseif ($result_count == 1) {
// What dn are we going to modify?
$moddn = $search_entries['0']['dn'];
// Generating pretty badass password
$genPassword = substr(md5(md5(mt_rand() . "+" . time())), 0, 8);
// We encode the password
$encPassword = EncodePassword($genPassword, $ldap_enc);
// We construct the modificator array
$in['userPassword'] = $encPassword;
// Modifying ...
$mod = AssistedLDAPModify($ldapc, $moddn, $in);
// If the modifying went OK, we send the notification e-mail to the user
if ($mod) {
$send = AssistedEMail("ResetPasswordDo", $mail);
}
// If the mailing went OK ...
if ($send) {
// We need to get rid of the temporary entry
$del_q = sprintf("DELETE FROM ResetPassword" . " WHERE mail='%s'" . " AND uid='%s'" . " AND token='%s'", mysql_real_escape_string($mail), mysql_real_escape_string($uid), mysql_real_escape_string($token));
// Deleting the row from the table ...
$del_r = AssistedMYSQLQuery($del_q);
// We log the event