function _userSetnewpwd() { global $_CONF, $_TABLES, $_USER, $LANG04; $retval = ''; if (empty($_POST['passwd']) || $_POST['passwd'] != $_POST['passwd_conf']) { echo COM_refresh($_CONF['site_url'] . '/users.php?mode=newpwd&uid=' . COM_applyFilter($_POST['uid'], true) . '&rid=' . COM_applyFilter($_POST['rid'])); } else { $uid = COM_applyFilter($_POST['uid'], true); $reqid = COM_sanitizeID(COM_applyFilter($_POST['rid'])); if (!empty($uid) && is_numeric($uid) && $uid > 1 && !empty($reqid) && strlen($reqid) == 16) { $uid = (int) $uid; $safereqid = DB_escapeString($reqid); $valid = DB_count($_TABLES['users'], array('uid', 'pwrequestid'), array($uid, $safereqid)); if ($valid == 1) { $passwd = SEC_encryptPassword($_POST['passwd']); DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", $uid); DB_delete($_TABLES['sessions'], 'uid', $uid); DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $uid); echo COM_refresh($_CONF['site_url'] . '/users.php?msg=53'); } else { // request invalid or expired $retval .= COM_showMessage(54, '', '', 1, 'error'); $retval .= getpasswordform(); } } else { // this request doesn't make sense - ignore it echo COM_refresh($_CONF['site_url']); } } break; }
function _userEmailpassword() { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG12; $retval = ''; if ($_CONF['passwordspeedlimit'] == 0) { $_CONF['passwordspeedlimit'] = 300; // 5 minutes } COM_clearSpeedlimit($_CONF['passwordspeedlimit'], 'password'); $last = COM_checkSpeedlimit('password'); if ($last > 0) { $retval .= COM_showMessageText(sprintf($LANG04[93], $last, $_CONF['passwordspeedlimit']), $LANG12[26], true, 'error'); $retval .= getpasswordform(); } else { $username = $_POST['username']; $email = COM_applyFilter($_POST['email']); if (empty($username) && !empty($email)) { $username = DB_getItem($_TABLES['users'], 'username', "email = '" . DB_escapeString($email) . "' AND ((remoteservice IS NULL) OR (remoteservice = ''))"); } if (!empty($username)) { $retval .= requestpassword($username, 55); } else { echo COM_refresh($_CONF['site_url'] . '/users.php?mode=getpassword'); } } return $retval; }
/** * Account does not exist - show both the login and register forms * * @param string $msg message to display if one is needed * @return string HTML for form */ function defaultform($msg) { global $_CONF, $LANG04; $retval = ''; if (!empty($msg)) { $retval .= COM_showMessageText($msg, $LANG04[21]); } $retval .= loginform(true); if (!$_CONF['disable_new_user_registration']) { $retval .= newuserform(); } $retval .= getpasswordform(); return $retval; }