function _userSetnewpwd()
{
global $_CONF, $_TABLES, $_USER, $LANG04;
$retval = '';
if (empty($_POST['passwd']) || $_POST['passwd'] != $_POST['passwd_conf']) {
echo COM_refresh($_CONF['site_url'] . '/users.php?mode=newpwd&uid=' . COM_applyFilter($_POST['uid'], true) . '&rid=' . COM_applyFilter($_POST['rid']));
} else {
$uid = COM_applyFilter($_POST['uid'], true);
$reqid = COM_sanitizeID(COM_applyFilter($_POST['rid']));
if (!empty($uid) && is_numeric($uid) && $uid > 1 && !empty($reqid) && strlen($reqid) == 16) {
$uid = (int) $uid;
$safereqid = DB_escapeString($reqid);
$valid = DB_count($_TABLES['users'], array('uid', 'pwrequestid'), array($uid, $safereqid));
if ($valid == 1) {
$passwd = SEC_encryptPassword($_POST['passwd']);
DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", $uid);
DB_delete($_TABLES['sessions'], 'uid', $uid);
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $uid);
echo COM_refresh($_CONF['site_url'] . '/users.php?msg=53');
} else {
// request invalid or expired
$retval .= COM_showMessage(54, '', '', 1, 'error');
$retval .= getpasswordform();
}
} else {
// this request doesn't make sense - ignore it
echo COM_refresh($_CONF['site_url']);
}
}
break;
}
function _userEmailpassword()
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG12;
$retval = '';
if ($_CONF['passwordspeedlimit'] == 0) {
$_CONF['passwordspeedlimit'] = 300;
// 5 minutes
}
COM_clearSpeedlimit($_CONF['passwordspeedlimit'], 'password');
$last = COM_checkSpeedlimit('password');
if ($last > 0) {
$retval .= COM_showMessageText(sprintf($LANG04[93], $last, $_CONF['passwordspeedlimit']), $LANG12[26], true, 'error');
$retval .= getpasswordform();
} else {
$username = $_POST['username'];
$email = COM_applyFilter($_POST['email']);
if (empty($username) && !empty($email)) {
$username = DB_getItem($_TABLES['users'], 'username', "email = '" . DB_escapeString($email) . "' AND ((remoteservice IS NULL) OR (remoteservice = ''))");
}
if (!empty($username)) {
$retval .= requestpassword($username, 55);
} else {
echo COM_refresh($_CONF['site_url'] . '/users.php?mode=getpassword');
}
}
return $retval;
}
/**
* Account does not exist - show both the login and register forms
*
* @param string $msg message to display if one is needed
* @return string HTML for form
*/
function defaultform($msg)
{
global $_CONF, $LANG04;
$retval = '';
if (!empty($msg)) {
$retval .= COM_showMessageText($msg, $LANG04[21]);
}
$retval .= loginform(true);
if (!$_CONF['disable_new_user_registration']) {
$retval .= newuserform();
}
$retval .= getpasswordform();
return $retval;
}
