예제 #1
0
/**
 * TODO:  Remove for v4.0 - caseydk 22 February 2013
 *
 * @deprecated
 */
function makePass()
{
    trigger_error("makePass() has been deprecated in v3.0 and will be removed in v4.0. Use w2p_Authenticators_SQL->createNewPassword instead.", E_USER_NOTICE);
    $auth = new w2p_Authenticators_SQL();
    return $auth->createNewPassword();
}
예제 #2
0
function sendNewPass()
{
    global $AppUI;
    // ensure no malicous sql gets past
    $checkusername = preg_replace("/[^A-Za-z0-9]/", "", w2PgetParam($_POST, 'checkusername', ''));
    $confirmEmail = trim(w2PgetParam($_POST, 'checkemail', ''));
    $confirmEmail = strtolower(db_escape($confirmEmail));
    $q = new w2p_Database_Query();
    $q->addTable('users');
    $q->addJoin('contacts', 'con', 'user_contact = contact_id', 'inner');
    $q->addQuery('user_id');
    $q->addWhere("user_username = '******'");
    /* Begin Hack */
    /*
     * This is a particularly annoying hack but I don't know of a better
     *   way to resolve #457. In v2.0, there was a refactoring to allow for
     *   muliple contact methods which resulted in the contact_email being
     *   removed from the contacts table. If the user is upgrading from
     *   v1.x and they try to log in before applying the database, crash.
     *   Info: http://bugs.web2project.net/view.php?id=457
     */
    $qTest = new w2p_Database_Query();
    $qTest->addTable('w2pversion');
    $qTest->addQuery('max(db_version)');
    $dbVersion = $qTest->loadResult();
    if ($dbVersion >= 21 && $dbVersion < 26) {
        $q->leftJoin('contacts_methods', 'cm', 'cm.contact_id = con.contact_id');
        $q->addWhere("cm.method_value = '{$confirmEmail}'");
    } else {
        $q->addWhere("LOWER(user_email) = '{$confirmEmail}'");
    }
    /* End Hack */
    $user_id = $q->loadResult();
    if (!$user_id) {
        $AppUI->setMsg('Invalid username or email.', UI_MSG_ERROR);
        $AppUI->redirect();
    }
    $auth = new w2p_Authenticators_SQL();
    $newpass = $auth->createNewPassword();
    $hashed = $auth->hashPassword($newpass);
    $q->addTable('users');
    $q->addUpdate('user_password', $hashed);
    $q->addWhere('user_id=' . $user_id);
    $cur = $q->exec();
    if ($cur) {
        $emailManager = new w2p_Output_EmailManager($AppUI);
        $body = $emailManager->notifyPasswordReset($checkusername, $newpass);
        $m = new w2p_Utilities_Mail();
        // create the mail
        $m->To($confirmEmail);
        $subject = $_sitename . ' :: ' . $AppUI->_('sendpass4', UI_OUTPUT_RAW) . ' - ' . $checkusername;
        $m->Subject($subject);
        $m->Body($body, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : '');
        // set the body
        $m->Send();
        // send the mail
        $AppUI->setMsg('New User Password created and emailed to you');
        $AppUI->redirect();
    }
}