function forgotten_password()
{
if (!isset($_REQUEST["Benutzername"]) || !isset($_REQUEST["EMail"]) || $_REQUEST["Benutzername"] == 'guest' || empty($_REQUEST["Benutzername"]) || empty($_REQUEST["EMail"]) || !(bool) trim($_REQUEST["Benutzername"]) || !(bool) trim($_REQUEST["EMail"])) {
return -1;
}
if (!USE_PHP_MAILING) {
return -4;
}
$administration = new administration();
define("USER_NAME", trim($_REQUEST["Benutzername"]));
define("USER_EMAIL", trim($_REQUEST["EMail"]));
if (!$administration->getUserIdByUserName(USER_NAME) || USER_EMAIL != $administration->getEmailByUserId($administration->getUserIdByUserName(USER_NAME))) {
return -2;
}
$new_password = $administration->getRandomPassword();
$sql_update = "UPDATE mb_user SET mb_user_password = \$1, mb_user_digest = \$3 WHERE mb_user_id = \$2";
$v = array(md5($new_password), $administration->getUserIdByUserName(USER_NAME), md5(USER_NAME . ";" . USER_EMAIL . ":" . REALM . ":" . $new_password));
$t = array("s", "i");
if (!db_prep_query($sql_update, $v, $t)) {
return -3;
}
$email_subject = "New GeoPortal.rlp Password";
$email_body = sprintf("Your new GeoPortal.rlp password is: %s", $new_password);
if (!$administration->sendEmail(NULL, NULL, USER_EMAIL, USER_NAME, $email_subject, $email_body, $error_msg)) {
return -4;
}
return 1;
}
//if mail form has been filled in and sent
if ($_POST["mail"]) {
if (!$admin->isValidEmail($_POST["replyto"])) {
$error_msg .= "The reply-to address is not valid! Please correct it.";
} else {
$toAddr = array();
$toName = array();
$namesAndAddresses = explode(":::", $_POST["owners"]);
for ($i = 0; $i < count($namesAndAddresses) - 1; $i++) {
$nameAndAddress = explode(";;;", $namesAndAddresses[$i]);
$toAddr[$i] = $nameAndAddress[0];
$toName[$i] = $nameAndAddress[1];
}
$error = '';
for ($i = 0; $i < count($toAddr); $i++) {
if (!$admin->sendEmail($_POST["replyto"], $_POST["from"], $toAddr[$i], $toName[$i], "[Mapbender] A user has suggested a WMS for deletion", $_POST["comment"], $error)) {
if ($error) {
$error_msg .= $error . " ";
}
}
}
if (!$error_msg) {
echo "<script language='javascript'>";
echo "alert('Other owners have been informed!');";
echo "</script>";
}
}
}
// if deletion has been suggested, or there's an error in the form, display mail form (again)
if ($_POST["suggest"] || $error_msg) {
if ($error_msg) {
$j = 0;
for ($i = 0; $i < count($owner_ids); $i++) {
$adr_tmp = $admin->getEmailByUserId($owner_ids[$i]);
if (!in_array($adr_tmp, $owner_mail_addresses) && $adr_tmp) {
$owner_mail_addresses[$j] = $adr_tmp;
$j++;
}
}
$replyto = $admin->getEmailByUserId(Mapbender::session()->get("mb_user_id"));
$from = $replyto;
$pathArray = explode("http/php/", $_SERVER["PATH_TRANSLATED"]);
$path = $pathArray[0];
$body = "WMS '" . $admin->getWmsTitleByWmsId($myWMS) . "' has been updated. \n\nServer name: " . $_SERVER["SERVER_NAME"] . "\nInstallation Path: " . $path . "\n\nYou may want to check the changes as you are an owner of this WMS.";
$error_msg = "";
for ($i = 0; $i < count($owner_mail_addresses); $i++) {
if (!$admin->sendEmail($replyto, $from, $owner_mail_addresses[$i], $owner_mail_addresses[$i], "[Mapbender] A user has updated one of your WMS", $body, $error)) {
if ($error) {
$error_msg .= $error . " ";
}
}
}
if (!$error_msg) {
echo "<script language='javascript'>";
echo "alert('Other owners of this WMS have been informed about the changes!');";
echo "</script>";
} else {
echo "<script language='javascript'>";
echo "alert('When notifying the owners of this WMS about your changes, an error occured: ' + '" . $error_msg . "');";
echo "</script>";
}
}
$status_comment = "Monitoring process timed out.";
$status = '-1';
array_push($problemOWS, $wms_id_own[$k]);
array_push($commentProblemOWS, $status_comment);
}
$v = array('0', intval($status), intval($image), $status_comment, (string) intval($timestamp_end), $map_url, (string) intval($timestamp_begin), $cap_diff, (string) $time, $wms_id_own[$k]);
$t = array('s', 'i', 'i', 's', 's', 's', 's', 's', 's', 's');
$res = db_prep_query($sql, $v, $t);
}
$body = "";
echo "\nmonitoring info in db for user: "******"\n";
//loop for single monitor requests that has problems
for ($i = 0; $i < count($problemOWS); $i++) {
$body .= $br . $admin->getWmsTitleByWmsId($problemOWS[$i]) . " (" . $problemOWS[$i] . "): " . $commentProblemOWS[$i] . $br;
}
unset($problemOWS);
unset($commentProblemOWS);
//end of loop for single monitor requests
// Send an email to the user if body string exists
if ($body) {
$error_msg = "";
if ($admin->getEmailByUserId($userid)) {
$admin->sendEmail(MAILADMIN, MAILADMINNAME, $admin->getEmailByUserId($userid), $user, "Mapbender monitoring report " . date("F j, Y, G:i:s", $time), utf8_decode($body), &$error_msg);
} else {
$error_msg = "Email address of user '" . $admin->getUserNameByUserId($userid) . "' unknown!\n";
}
if ($error_msg) {
echo "\n ERROR: " . $error_msg;
}
}
}
public function sendUserLoginMail()
{
$admin = new administration();
$userMessage = "Your Mapbender login data:\n";
$userMessage .= "Your login name is: " . $this->name . "\n";
$userMessage .= "Please set your password using the following link: \n";
$mbUrl = substr(LOGIN, 0, -9);
$userMessage .= $mbUrl . "../javascripts/mod_confirmLogin.php?user_id=" . $this->id . "&user_name=" . $this->name . "&user_ticket=" . $this->passwordTicket . "\n";
$userMessage .= "Follow this link to login to Mapbender: \n";
$userMessage .= LOGIN . "\n";
$userMail = $admin->getEmailByUserId($this->id);
if (!$admin->sendEmail("", "", $userMail, $this->name, utf8_decode("Your Mapbender account"), utf8_decode($userMessage), $error_msg)) {
return "Registry data could not be send. Please check mail address.";
}
return "Registry data has been sent successfully.";
}
if (db_numrows($res) == 0 and !$registerAsGuest) {
$userAlreadyExists = 0;
/// pr�fen auf email und richtigkeit
if ($adm->isValidEmail($mb_user_email)) {
$emailValid = 1;
/////INSERT
if (!isset($mb_user_postal_code) || $mb_user_postal_code == '') {
$mb_user_postal_code = 0;
}
$sql = "INSERT INTO mb_user (mb_user_name,mb_user_password,mb_user_digest,mb_user_owner,mb_user_description,mb_user_email,mb_user_phone,mb_user_department,mb_user_organisation_name,mb_user_position_name,mb_user_city,mb_user_postal_code, mb_user_textsize, mb_user_glossar) VALUES (\$1, \$2,\$13, '1', \$3, \$4, \$5, \$6, \$7, \$8, \$9, \$10,\$11,\$12)";
$v = array($mb_user_name, md5($mb_user_password), $mb_user_description, $mb_user_email, $mb_user_phone, $mb_user_department, $mb_user_organisation_name, $mb_user_position_name, $mb_user_city, $mb_user_postal_code, 'textsize1', 'ja', md5($mb_user_name . ";" . $mb_user_email . ":" . REALM . ":" . $mb_user_password));
$t = array('s', 's', 's', 's', 's', 's', 's', 's', 's', 'i', 's', 's', 's');
$res = db_prep_query($sql, $v, $t);
$sql = "SELECT mb_group_id FROM mb_group WHERE mb_group_name = 'guest' LIMIT 1";
$res = db_prep_query($sql, array(), array());
$row = db_fetch_array($res);
$group_id = $row['mb_group_id'];
$sql = "INSERT INTO mb_user_mb_group (fkey_mb_user_id, fkey_mb_group_id) VALUES (\$1, \$2)";
$v = array($adm->getUserIdByUserName($mb_user_name), $group_id);
$t = array('i', 'i');
$res = db_prep_query($sql, $v, $t);
//Mailversand
$mailBody = $mailBody1 . " " . $mb_user_password . " " . $mailBody2;
#echo $mailBody."<br>";
$success = $adm->sendEmail(MAILADMIN, MAILADMINNAME, $mb_user_email, $mb_user_name, 'Ihre Registrierung', $mailBody, $error_msg);
} else {
$emailValid = 0;
}
} else {
$userAlreadyExists = 1;
}
$sql .= "(select distinct fkey_mb_user_id from mb_user_abo_ows " . "where fkey_wms_id in (" . $_POST['wmslist'] . ")) as abo_user ";
$sql .= "where abo_user.fkey_mb_user_id=mb_user.mb_user_id";
$res = db_query($sql);
$cnt = 0;
//Initialisieren des Arrays
$user_email = array();
//Herauslesen der Ergebnisse
//echo "wmslist ist gesetzt!\n<br>";
echo "<h3>" . htmlentities($wms_list_text, ENT_QUOTES, CHARSET) . ":</h3> " . $_POST['wmslist'] . "\n<br><br>";
//echo "wms_id_list: ".$wms_id_list."\n<br>";
//get email of wms owner
$mail_wms_owner = $admin->getEmailByUserId($user->id);
while ($row = db_fetch_array($res)) {
//echo $cnt;
$user_email[$cnt] = $row["mb_user_email"];
$admin->sendEmail($mail_wms_owner, $mail_wms_owner, $user_email[$cnt], $mail_user_recipient, $mail_user_topic . " " . date("F j, Y, G:i:s"), utf8_decode(strip_tags($_POST['emailtext']) . "\n\n" . $further_inquiry_text . ": " . $mail_wms_owner . "\n" . $body_urllist));
$cnt++;
}
//controll mail for wms_owner
$admin->sendEmail(MAILADMIN, MAILADMINNAME, $mail_wms_owner, $mail_admin_recipient, $mail_admin_topic . " " . date("F j, Y, G:i:s"), utf8_decode(_mb($mail_admin_body, $cnt) . "\n\n" . strip_tags($_POST['emailtext']) . $body_urllist));
echo "<br>" . htmlentities($email_sent_text, ENT_QUOTES, CHARSET) . "<br>";
}
}
echo "</form>\n";
} else {
//
// monitoring results
//
$sql = "SELECT DISTINCT mb_monitor.fkey_wms_id FROM mb_monitor, wms " . "WHERE mb_monitor.fkey_wms_id = wms.wms_id AND wms.wms_owner = \$1";
$res = db_prep_query($sql, array($user->id), array("i"));
$wms = array();
} else {
echo "Please fill in your username and mail address.<br><br>";
}
}
/*handle INSERT and DELETE************************************************************************************/
if ($upd) {
$sql_password = $admin->getRandomPassword();
$mailToAddr = $admin->getEmailByUserId($user_id);
$mailToName = $admin->getUsernameByUserId($user_id);
if (!$mailToAddr) {
echo "<script language='javascript'>";
echo "alert('You didn\\'t enter an email address when registering with Mapbender. Unfortunately there is no way to send you a new password.');";
echo "window.back();";
echo "</script>";
} elseif ($user_id) {
if ($admin->sendEmail("", "", $mailToAddr, $mailToName, "Your new Mapbender password", "login: "******"\npassword: "******"UPDATE mb_user SET mb_user_password = \$1";
$sql_update .= " WHERE mb_user_id = \$2";
#echo $sql_update;
$v = array(md5($sql_password), $user_id);
$t = array('s', 'i');
db_prep_query($sql_update, $v, $t);
//reset login count
$admin->resetLoginCount($user_id);
echo "<script language='javascript'>";
echo "alert('A new password will be sent to your e-mail-address!');";
echo "window.close();";
echo "</script>";
} else {
echo "<script language='javascript'>";