function leoUser_changePassword($userID, $newPassword)
{
global $db, $CONF;
if (!$userID || !$newPassword) {
return -1;
}
$passwordMinLength = $CONF['userdb']['edit']['password_minlength'] ? $CONF['userdb']['edit']['password_minlength'] : 4;
if (strlen($newPassword) < $passwordMinLength) {
return -2;
}
if (function_exists('leonardo_hash')) {
$newPassword = leonardo_hash($newPassword);
} else {
$newPassword = md5($newPassword);
}
$sql = 'UPDATE ' . $CONF['userdb']['users_table'] . ' SET ' . $CONF['userdb']['password_field'] . '="' . $newPassword . '" WHERE ' . $CONF['userdb']['user_id_field'] . "={$userID}";
$res = $db->sql_query($sql);
if ($res <= 0) {
return 0;
}
return 1;
}
if( isset($_GET['rkey']) && !($_POST) ){
$sql="select * from ".$CONF['userdb']['users_temp_table']." where user_actkey ='".$_GET['rkey']."'";
$result = $db->sql_query($sql);
$user_exist = $db->sql_numrows($result);
if($user_exist!=1){
echo "<p align='center'>."._Server_did_not_found_registration."</p>";
closeMain();return;
}
$user=$db->sql_fetchrow($result);
$sql1="insert into ". $CONF['userdb']['users_table'] .
" ( user_active, username, user_password, user_session_time, user_regdate, user_email, user_actkey )
values ( '1', '".$user['user_name']."' , '".leonardo_hash($user['user_password'])."',
'".$user['user_session_time']."', '".time()."', '".$user['user_email']."', '".$user['user_actkey']."' )";
// echo $sql1;
$res=$db->sql_query($sql1);
if (!$res) {
echo "Problem in inserting user into DB: $sql1<BR>";
closeMain();return;
}
$id=$db->sql_nextid();
if (!$id) {
echo "Could not get next ID from DB<BR>";
closeMain();return;
}
// now defined in site/predefined/3/config.php
//$CONF['userdb']['users_temp_table']="leonardo_temp_users";
$sql = "delete from " . $CONF['userdb']['users_temp_table'] . " where user_regdate <= '" . (time() - 3 * 60 * 60) . "'";
$db->sql_query($sql);
// Activate the user account
if (isset($_GET['rkey']) && !$_POST) {
$sql = "select * from " . $CONF['userdb']['users_temp_table'] . " where user_actkey ='" . $_GET['rkey'] . "'";
$result = $db->sql_query($sql);
$user_exist = $db->sql_numrows($result);
if ($user_exist != 1) {
echo "<p align='center'>." . _Server_did_not_found_registration . "</p>";
closeMain();
return;
}
$user = $db->sql_fetchrow($result);
$sql1 = "insert into " . $CONF['userdb']['users_table'] . " ( user_active, username, user_password, user_session_time, user_regdate, user_email, user_actkey )\n\t\t\tvalues ( '1', '" . $user['user_name'] . "' , '" . leonardo_hash($user['user_password']) . "',\n\t\t\t'" . $user['user_session_time'] . "', '" . time() . "', '" . $user['user_email'] . "', '" . $user['user_actkey'] . "' )";
// echo $sql1;
$res = $db->sql_query($sql1);
if (!$res) {
echo "Problem in inserting user into DB: {$sql1}<BR>";
closeMain();
return;
}
$id = $db->sql_nextid();
if (!$id) {
echo "Could not get next ID from DB<BR>";
closeMain();
return;
}
$sql2 = "INSERT INTO {$pilotsTable} (pilotID, countryCode, CIVL_ID, CIVL_NAME,\n\t NACid,NACmemberID,NACclubID,\n\tFirstName, LastName, NickName, Birthdate, BirthdateHideMask, Sex)\n\tvalues ('{$id}','" . $user['user_nation'] . "','" . $user['user_civlid'] . "','" . addslashes($user['civlname']) . "',\n\n\t'" . addslashes($user['NACid']) . "',\n\t'" . addslashes($user['NACmemberID']) . "',\n\t'" . addslashes($user['NACclubID']) . "',\n\n\t'" . addslashes($user['user_firstname']) . "','" . addslashes($user['user_lastname']) . "','" . addslashes($user['user_nickname']) . "',\n '" . addslashes($user['user_birthdate']) . "','xx.xx.xxxx','" . ($user['user_gender'] == 1 ? 'F' : 'M') . "') ";
if (!($res = $db->sql_query($sql2))) {
return $res;
}
if (isset($_POST['uce'])) {
$str = addslashes($_POST['uce']);
//var_dump(_search_user($str));
if ($res = mysql_fetch_assoc(_search_user($str))) {
$ltime = time();
$emailtime = $res['user_emailtime'];
// gen a new password with 6 char long;
//$emailtime=0;
if ($emailtime + $CONF['userdb']['edit']['password_change_expire_time'] < $ltime) {
// print "$emailtime | $ltime";
$actkey = md5(uniqid(rand(), true));
$newpass = generatePassword($CONF['userdb']['edit']['password_minlength']);
if (function_exists('leonardo_hash')) {
$newPassword = leonardo_hash($newpass);
} else {
$newPassword = md5($newpass);
}
$sql = "UPDATE " . $CONF['userdb']['users_table'] . " set user_emailtime='" . time() . "', user_newpasswd='" . $newPassword . "',user_actkey='{$actkey}' where " . $CONF['userdb']['user_id_field'] . "=" . $res['user_id'];
if ($db->sql_query($sql)) {
$msg = "<span class='ok'><b>" . _Email_new_password . "</b></span>";
$email_body = sprintf(_Password_recovery_email, $CONF['site']['name'], $res['username'], $_SERVER['SERVER_NAME'], $res['username'], $res['user_civlid'], $newpass, str_replace('//', '/', $_SERVER['SERVER_NAME'] . getRelMainDir() . '/' . $CONF_mainfile), $actkey);
LeonardoMail::sendMail("[Leonardo] " . $CONF['site']['name'] . " - " . _Password_subject_confirm, utf8_decode($email_body), $res['user_email'], addslashes($_POST['name']));
}
} else {
$expiretime = date("d/M/Y H:i:s", $emailtime + $CONF['userdb']['edit']['password_change_expire_time']);
$msg = "<span class='alert'><b>" . sprintf(_impossible_to_gen_new_pass, $expiretime) . "</b></span>";
}
} else {
$msg = "<span class='alert'><b>" . _informed_user_not_found . "</b></span>";
