protected function __trigger() { self::__init(); $db = ASDCLoader::instance(); $success = false; $Members = $this->_Parent->ExtensionManager->create('members'); $Members->initialiseCookie(); if ($Members->isLoggedIn() !== true) { redirect(URL . '/forbidden/'); } $Members->initialiseMemberObject(); // Make sure we dont accidently use an expired token extension_Members::purgeCodes(); $activation_row = $db->query(sprintf("SELECT * FROM `tbl_members_codes` WHERE `token` = '%s' AND `member_id` = %d LIMIT 1", $db->escape($_POST['fields']['code']), (int) $Members->Member->get('id')))->current(); // No code, you are a spy! if ($activation_row === false) { redirect(URL . '/members/activate/failed/'); } // Got this far, all is well. $db->query(sprintf("UPDATE `tbl_entries_data_%d` SET `role_id` = %d WHERE `entry_id` = %d LIMIT 1", $Members->roleField(), 3, (int) $Members->Member->get('id'))); extension_Members::purgeTokens((int) $Members->Member->get('id')); $em = new EntryManager($this->_Parent); $entry = end($em->fetch((int) $Members->Member->get('id'))); $email = $entry->getData(self::findFieldID('email-address', 'members')); $name = $entry->getData(self::findFieldID('name', 'members')); $Members->emailNewMember(array('section' => $Members->memberSectionHandle(), 'entry' => $entry, 'fields' => array('username-and-password' => $entry->getData(self::findFieldID('username-and-password', 'members')), 'name' => $name['value'], 'email-address' => $email['value']))); redirect(URL . '/members/activate/success/'); }
protected function __trigger() { self::__init(); $db = ASDCLoader::instance(); $success = false; $Members = $this->_Parent->ExtensionManager->create('members'); $Members->initialiseCookie(); if ($Members->isLoggedIn() !== true) { redirect(URL . '/forbidden/'); } $Members->initialiseMemberObject(); // Make sure we dont accidently use an expired token extension_Members::purgeTokens(); $em = new EntryManager($this->_Parent); $entry = end($em->fetch((int) $Members->Member->get('id'))); $email = $entry->getData(self::findFieldID('email-address', 'members')); $name = $entry->getData(self::findFieldID('name', 'members')); $Members->emailNewMember(array('section' => $Members->memberSectionHandle(), 'entry' => $entry, 'fields' => array('username-and-password' => $entry->getData(self::findFieldID('username-and-password', 'members')), 'name' => $name['value'], 'email-address' => $email['value']))); redirect(URL . '/members/activate/sent/'); }
protected function __trigger() { $success = true; $result = new XMLElement('forgot-password'); $Members = $this->_Parent->ExtensionManager->create('members'); $username = $email = $code = NULL; if (isset($_POST['fields']['code']) && strlen(trim($_POST['fields']['code'])) > 0) { $code = $_POST['fields']['code']; $new_password = General::generatePassword(); self::__init(); $db = ASDCLoader::instance(); // Make sure we dont accidently use an expired token extension_Members::purgeTokens(); $token_row = $db->query(sprintf("SELECT * FROM `tbl_members_login_tokens` WHERE `token` = '%s' LIMIT 1", $db->escape($code)))->current(); // No code, you are a spy! if ($token_row === false) { redirect(URL . '/members/reset-pass/failed/'); } // Attempt to update the password $db->query(sprintf("UPDATE `tbl_entries_data_%d` SET `password` = '%s' WHERE `entry_id` = %d LIMIT 1", $Members->usernameAndPasswordField(), md5($new_password), $token_row->member_id)); extension_Members::purgeTokens($token_row->member_id); // SEND THE EMAIL!! $entry = $Members->initialiseMemberObject($token_row->member_id); $email_address = $entry->getData(self::findFieldID('email-address', 'members')); $name = $entry->getData(self::findFieldID('name', 'members')); $subject = 'Your new password'; $body = 'Dear {$name}, Just now, you have asked the Symphony brain trust to bestow you with a new password. Well, here it is: {$new-password} There\'s a good chance that you won\'t like this new password and want to change it - don\'t worry, we\'re not offended. You can do that once you\'ve logged in by going here: {$root}/members/change-pass/ If you have any trouble, please email us at support@symphony-cms.com and we\'ll do our best to help. Regards, Symphony Team'; $body = str_replace(array('{$name}', '{$root}', '{$new-password}'), array($name['value'], URL, $new_password), $body); $sender_email = 'noreply@' . parse_url(URL, PHP_URL_HOST); $sender_name = Symphony::Configuration()->get('sitename', 'general'); General::sendEmail($email_address['value'], $sender_email, $sender_name, $subject, $body); redirect(URL . '/members/reset-pass/success/'); } // Username take precedence if (isset($_POST['fields']['member-username']) && strlen(trim($_POST['fields']['member-username'])) > 0) { $username = $_POST['fields']['member-username']; } if (isset($_POST['fields']['member-email-address']) && strlen(trim($_POST['fields']['member-email-address'])) > 0) { $email = $_POST['fields']['member-email-address']; } if (is_null($username) && is_null($email)) { $success = false; $result->appendChild(new XMLElement('member-username', NULL, array('type' => 'missing'))); $result->appendChild(new XMLElement('member-email-address', NULL, array('type' => 'missing'))); } else { $members = array(); if (!is_null($email)) { $members = $Members->findMemberIDFromEmail($email); } if (!is_null($username)) { $members[] = $Members->findMemberIDFromUsername($username); } // remove duplicates $members = array_unique($members); try { if (is_array($members) && !empty($members)) { foreach ($members as $member_id) { $Members->sendForgotPasswordEmail($member_id); } redirect(URL . '/members/reset-pass/code/'); } } catch (Exception $e) { // Shouldn't get here, but will catch an invalid member ID if it does } $success = false; } $result->setAttribute('status', $success === true ? 'success' : 'error'); return $result; }