public function resetPass(array $params) { global $DB, $User; $ChangeUser = new User($params['userID']); if ($ChangeUser->type['Admin'] || $ChangeUser->type['Moderator'] && !$User->type['Admin']) { throw new Exception(l_t("Cannot reset an admin/moderator's password if you aren't admin.")); } $password = base64_encode(rand(1000000, 2000000)); $DB->sql_put("UPDATE wD_Users\r\n\t\t\tSET password = UNHEX('" . libAuth::pass_Hash($password) . "')\r\n\t\t\tWHERE id = " . $ChangeUser->id); return l_t('Users password reset to %s', $password); }
/** * Filter a registration/user control panel form. An exception is thrown if * data can't be filtered. An array of variables usable in SQL are returned. * * @param array $input An array of unfiltered data from a registration/control panel form * @return array An array of filtered SQL insertable data */ public static function processForm($input, &$errors) { global $DB; $SQLVars = array(); $available = array('username' => '', 'password' => '', 'passwordcheck' => '', 'email' => '', 'hideEmail' => '', 'showEmail' => '', 'homepage' => '', 'comment' => ''); $userForm = array(); foreach ($available as $name => $val) { if (isset($input[$name]) and $input) { $userForm[$name] = $input[$name]; } } if (isset($userForm['username'])) { $SQLVars['username'] = trim($DB->escape($userForm['username'])); } if (isset($userForm['password']) and $userForm['password']) { if (isset($userForm['passwordcheck']) and $userForm['password'] == $userForm['passwordcheck']) { $SQLVars['password'] = "******" . libAuth::pass_Hash($userForm['password']) . "')"; } else { $errors[] = l_t("The two passwords do not match"); } } if (isset($userForm['email']) and $userForm['email']) { $userForm['email'] = trim($DB->escape($userForm['email'])); if (!libAuth::validate_email($userForm['email'])) { $errors[] = l_t("The e-mail address you entered isn't valid. Please enter a valid one"); } else { $SQLVars['email'] = $userForm['email']; } } if (isset($userForm['hideEmail'])) { if ($userForm['hideEmail'] == "Yes") { $SQLVars['hideEmail'] = "Yes"; } else { $SQLVars['hideEmail'] = "No"; } } if (isset($userForm['homepage']) and $userForm['homepage']) { $userForm['homepage'] = $DB->escape($userForm['homepage']); $SQLVars['homepage'] = $userForm['homepage']; } if (isset($userForm['comment']) and $userForm['comment']) { $userForm['comment'] = $DB->msg_escape($userForm['comment']); $SQLVars['comment'] = $userForm['comment']; } return $SQLVars; }
</form>'; } elseif ($_REQUEST['forgotPassword'] == 2 && isset($_REQUEST['forgotUsername'])) { try { $forgottenUser = new User(0, $DB->escape($_REQUEST['forgotUsername'])); } catch (Exception $e) { throw new Exception(l_t("Cannot find an account for the given username, please " . "<a href='logon.php?forgotPassword=1' class='light'>go back</a> and check your spelling.")); } require_once l_r('objects/mailer.php'); $Mailer = new Mailer(); $Mailer->Send(array($forgottenUser->email => $forgottenUser->username), l_t('webDiplomacy forgotten password verification link'), l_t("You can use this link to get a new password generated:") . "<br>\r\n" . libAuth::email_validateURL($forgottenUser->email) . "&forgotPassword=3<br><br>\r\n\r\n" . l_t("If you have any further problems contact the server's admin at %s.", Config::$adminEMail) . "<br>"); print '<p>' . l_t('An e-mail has been sent with a verification link, which will allow you to have your password reset. ' . 'If you can\'t find the e-mail in your inbox try your junk folder/spam-box.') . '</p>'; } elseif ($_REQUEST['forgotPassword'] == 3 && isset($_REQUEST['emailToken'])) { $email = $DB->escape(libAuth::emailToken_email($_REQUEST['emailToken'])); $userID = User::findEmail($email); $newPassword = base64_encode(rand(1000000000, 2000000000)); $DB->sql_put("UPDATE wD_Users\r\n\t\t\t\tSET password=UNHEX('" . libAuth::pass_Hash($newPassword) . "')\r\n\t\t\t\tWHERE id=" . $userID . " LIMIT 1"); print '<p>' . l_t('Thanks for verifying your address, this is your new password, which you can ' . 'change once you have logged back on:') . '<br /><br /> <strong>' . $newPassword . '</strong></p> <p><a href="logon.php" class="light">' . l_t('Back to log-on prompt') . '</a></p>'; } } catch (Exception $e) { print '<p class="notice">' . $e->getMessage() . '</p>'; } print '</div>'; libHTML::footer(); } if (!$User->type['User']) { print libHTML::pageTitle(l_t('Log on'), l_t('Enter your webDiplomacy account username and password to log into your account.')); print '