/** * TODO: Remove for v4.0 - caseydk 22 February 2013 * * @deprecated */ function makePass() { trigger_error("makePass() has been deprecated in v3.0 and will be removed in v4.0. Use w2p_Authenticators_SQL->createNewPassword instead.", E_USER_NOTICE); $auth = new w2p_Authenticators_SQL(); return $auth->createNewPassword(); }
function sendNewPass() { global $AppUI; // ensure no malicous sql gets past $checkusername = preg_replace("/[^A-Za-z0-9]/", "", w2PgetParam($_POST, 'checkusername', '')); $confirmEmail = trim(w2PgetParam($_POST, 'checkemail', '')); $confirmEmail = strtolower(db_escape($confirmEmail)); $q = new w2p_Database_Query(); $q->addTable('users'); $q->addJoin('contacts', 'con', 'user_contact = contact_id', 'inner'); $q->addQuery('user_id'); $q->addWhere("user_username = '******'"); /* Begin Hack */ /* * This is a particularly annoying hack but I don't know of a better * way to resolve #457. In v2.0, there was a refactoring to allow for * muliple contact methods which resulted in the contact_email being * removed from the contacts table. If the user is upgrading from * v1.x and they try to log in before applying the database, crash. * Info: http://bugs.web2project.net/view.php?id=457 */ $qTest = new w2p_Database_Query(); $qTest->addTable('w2pversion'); $qTest->addQuery('max(db_version)'); $dbVersion = $qTest->loadResult(); if ($dbVersion >= 21 && $dbVersion < 26) { $q->leftJoin('contacts_methods', 'cm', 'cm.contact_id = con.contact_id'); $q->addWhere("cm.method_value = '{$confirmEmail}'"); } else { $q->addWhere("LOWER(user_email) = '{$confirmEmail}'"); } /* End Hack */ $user_id = $q->loadResult(); if (!$user_id) { $AppUI->setMsg('Invalid username or email.', UI_MSG_ERROR); $AppUI->redirect(); } $auth = new w2p_Authenticators_SQL(); $newpass = $auth->createNewPassword(); $hashed = $auth->hashPassword($newpass); $q->addTable('users'); $q->addUpdate('user_password', $hashed); $q->addWhere('user_id=' . $user_id); $cur = $q->exec(); if ($cur) { $emailManager = new w2p_Output_EmailManager($AppUI); $body = $emailManager->notifyPasswordReset($checkusername, $newpass); $m = new w2p_Utilities_Mail(); // create the mail $m->To($confirmEmail); $subject = $_sitename . ' :: ' . $AppUI->_('sendpass4', UI_OUTPUT_RAW) . ' - ' . $checkusername; $m->Subject($subject); $m->Body($body, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : ''); // set the body $m->Send(); // send the mail $AppUI->setMsg('New User Password created and emailed to you'); $AppUI->redirect(); } }