public function postForgot(&$content)
{
if (empty($_POST['fg_username']) && empty($_POST['fg_email'])) {
$content = dgettext('users', 'You must enter either a username or email address.');
return false;
}
if (!empty($_POST['fg_username'])) {
$username = $_POST['fg_username'];
if (preg_match('/\'|"/', html_entity_decode(strip_tags($username), ENT_QUOTES))) {
$content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.');
return false;
}
$db = new PHPWS_DB('users');
$db->addWhere('username', strtolower($username));
$db->addColumn('email');
$db->addColumn('id');
$db->addColumn('deity');
$db->addColumn('authorize');
$user_search = $db->select('row');
if (PHPWS_Error::logIfError($user_search)) {
$content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.');
return false;
} elseif (empty($user_search)) {
$content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.');
return false;
} else {
if ($user_search['deity'] && !ALLOW_DEITY_FORGET) {
Security::log(dgettext('users', 'Forgotten password attempt made on a deity account.'));
$content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.');
return false;
}
if ($user_search['authorize'] != 1) {
$content = sprintf(dgettext('users', 'Sorry but your authorization is not checked on this site. Please contact %s for information on reseting your password.'), PHPWS_User::getUserSetting('site_contact'));
return false;
}
if (PHPWS_Core::isPosted()) {
$content = dgettext('users', 'Please check your email for a response.');
return true;
}
if (empty($user_search['email'])) {
$content = dgettext('users', 'Your email address is missing from your account. Please contact the site administrators.');
PHPWS_Error::log(USER_ERR_NO_EMAIL, 'users', 'User_Action::postForgot');
return true;
}
if (User_Action::emailPasswordReset($user_search['id'], $user_search['email'])) {
$content = dgettext('users', 'We have sent you an email to reset your password.');
return true;
} else {
$content = dgettext('users', 'We are currently unable to send out email reminders. Try again later.');
return true;
}
}
} elseif (!empty($_POST['fg_email'])) {
$email = $_POST['fg_email'];
if (preg_match('/\'|"/', html_entity_decode(strip_tags($email), ENT_QUOTES))) {
$content = dgettext('users', 'Email address not found. Please try again.');
return false;
}
if (!PHPWS_Text::isValidInput($email, 'email')) {
$content = dgettext('users', 'Email address not found. Please try again.');
return false;
}
$db = new PHPWS_DB('users');
$db->addWhere('email', $email);
$db->addColumn('username');
$user_search = $db->select('row');
if (PHPWS_Error::logIfError($user_search)) {
$content = dgettext('users', 'Email address not found. Please try again.');
return false;
} elseif (empty($user_search)) {
$content = dgettext('users', 'Email address not found. Please try again.');
return false;
} else {
if (PHPWS_Core::isPosted()) {
$content = dgettext('users', 'Please check your email for a response.');
return true;
}
if (User_Action::emailUsernameReminder($user_search['username'], $email)) {
$content = dgettext('users', 'We have sent you an user name reminder. Please check your email and return to log in.');
return true;
} else {
$content = dgettext('users', 'We are currently unable to send out email reminders. Try again later.');
return true;
}
}
}
}
