/**
* Add to the newsletter, in the simplest way.
*
* @param EMAIL The email address of the subscriber
* @param integer The interest level
* @range 1 4
* @param ?LANGUAGE_NAME The language (NULL: users)
* @param boolean Whether to require a confirmation mail
* @param ?AUTO_LINK The newsletter to join (NULL: the first)
* @param string Subscribers forename
* @param string Subscribers surname
* @return string Newsletter password
*/
function basic_newsletter_join($email, $interest_level = 4, $lang = NULL, $get_confirm_mail = false, $newsletter_id = NULL, $forename = '', $surname = '')
{
if (is_null($lang)) {
$lang = user_lang();
}
if (is_null($newsletter_id)) {
$newsletter_id = db_get_first_id();
}
$password = get_rand_password();
$code_confirm = $get_confirm_mail ? mt_rand(1, 9999999) : 0;
$test = $GLOBALS['SITE_DB']->query_value_null_ok('newsletter_subscribe', 'the_level', array('newsletter_id' => $newsletter_id, 'email' => $email));
if ($test === 0) {
$GLOBALS['SITE_DB']->query_delete('newsletter_subscribe', array('newsletter_id' => $newsletter_id, 'email' => $email), '', 1);
$test = NULL;
}
if (is_null($test)) {
require_lang('newsletter');
$test = $GLOBALS['SITE_DB']->query_value_null_ok('newsletter', 'email', array('email' => $email));
if (is_null($test)) {
$salt = produce_salt();
$GLOBALS['SITE_DB']->query_insert('newsletter', array('n_forename' => $forename, 'n_surname' => $surname, 'join_time' => time(), 'email' => $email, 'code_confirm' => $code_confirm, 'pass_salt' => $salt, 'the_password' => md5($password . $salt), 'language' => $lang), false, true);
// race condition
if ($get_confirm_mail) {
$_url = build_url(array('page' => 'newsletter', 'type' => 'confirm', 'email' => $email, 'confirm' => $code_confirm), get_module_zone('newsletter'));
$url = $_url->evaluate();
$message = do_lang('NEWSLETTER_SIGNUP_TEXT', comcode_escape($url), comcode_escape($password), array($forename, $surname, $email, get_site_name()), $lang);
require_code('mail');
mail_wrap(do_lang('NEWSLETTER_SIGNUP', NULL, NULL, NULL, $lang), $message, array($email));
}
} else {
$GLOBALS['SITE_DB']->query_update('newsletter', array('join_time' => time()), array('email' => $email), '', 1);
$password = '';
}
$GLOBALS['SITE_DB']->query_insert('newsletter_subscribe', array('newsletter_id' => $newsletter_id, 'the_level' => $interest_level, 'email' => $email), false, true);
// race condition
return $password;
}
return do_lang('NA');
}
/**
* The UI and actualisation for: accepting code if it is correct (and not ''), and setting password to something random, emailing it
*
* @return tempcode The UI
*/
function step3()
{
$title = get_page_title('RESET_PASSWORD');
$code = get_param('code', '');
if ($code == '') {
require_code('form_templates');
$fields = new ocp_tempcode();
$fields->attach(form_input_username(do_lang_tempcode('USERNAME'), '', 'username', NULL, true));
$fields->attach(form_input_integer(do_lang_tempcode('CODE'), '', 'code', NULL, true));
$submit_name = do_lang_tempcode('PROCEED');
return do_template('FORM_SCREEN', array('_GUID' => '6e4db5c6f3c75faa999251339533d22a', 'TITLE' => $title, 'GET' => true, 'SKIP_VALIDATION' => true, 'HIDDEN' => '', 'URL' => get_self_url(false, false, NULL, false, true), 'FIELDS' => $fields, 'TEXT' => do_lang_tempcode('MISSING_CONFIRM_CODE'), 'SUBMIT_NAME' => $submit_name));
}
$username = get_param('username', NULL);
if (!is_null($username)) {
$username = trim($username);
$member = $GLOBALS['FORUM_DRIVER']->get_member_from_username($username);
if (is_null($member)) {
warn_exit(do_lang_tempcode('PASSWORD_RESET_ERROR_2'));
}
} else {
$member = get_param_integer('member');
}
$correct_code = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member, 'm_password_change_code');
if ($correct_code == '') {
$_reset_url = build_url(array('page' => '_SELF', 'username' => $GLOBALS['FORUM_DRIVER']->get_username($member)), '_SELF');
$reset_url = $_reset_url->evaluate();
warn_exit(do_lang_tempcode('PASSWORD_ALREADY_RESET', escape_html($reset_url), get_site_name()));
}
if ($code != $correct_code) {
$test = $GLOBALS['SITE_DB']->query_value_null_ok('adminlogs', 'date_and_time', array('the_type' => 'RESET_PASSWORD', 'param_a' => strval($member), 'param_b' => $code));
if (!is_null($test)) {
warn_exit(do_lang_tempcode('INCORRECT_PASSWORD_RESET_CODE'));
}
log_hack_attack_and_exit('HACK_ATTACK_PASSWORD_CHANGE');
}
$email = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member, 'm_email_address');
$new_password = get_rand_password();
// Send password in mail
$_login_url = build_url(array('page' => 'login', 'username' => $GLOBALS['FORUM_DRIVER']->get_username($member)), get_module_zone('login'), NULL, false, false, true);
$login_url = $_login_url->evaluate();
$message = do_lang('MAIL_NEW_PASSWORD', comcode_escape($new_password), $login_url, get_site_name());
require_code('mail');
mail_wrap(do_lang('RESET_PASSWORD'), $message, array($email), $GLOBALS['FORUM_DRIVER']->get_username($member), '', '', 3, NULL, false, NULL, false, false, false, 'MAIL', true);
if (get_value('no_password_hashing') === '1') {
$password_compatibility_scheme = 'plain';
$new = $new_password;
} else {
$password_compatibility_scheme = '';
$salt = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member, 'm_pass_salt');
$new = md5($salt . md5($new_password));
}
unset($_GET['code']);
$GLOBALS['FORUM_DB']->query_update('f_members', array('m_validated_email_confirm_code' => '', 'm_password_compat_scheme' => $password_compatibility_scheme, 'm_password_change_code' => '', 'm_pass_hash_salted' => $new), array('id' => $member), '', 1);
return inform_screen($title, do_lang_tempcode('NEW_PASSWORD_MAILED', escape_html($email)));
}
/**
* The actualiser for resetting newsletter password.
*
* @return tempcode The UI
*/
function newsletter_password_reset()
{
$title = get_page_title(escape_html(get_option('newsletter_title')), false);
$email = trim(get_param('email'));
$lang = $GLOBALS['SITE_DB']->query_value('newsletter', 'language', array('email' => $email));
$salt = $GLOBALS['SITE_DB']->query_value('newsletter', 'pass_salt', array('email' => $email));
$new_password = get_rand_password();
$GLOBALS['SITE_DB']->query_update('newsletter', array('the_password' => md5($new_password . $salt)), array('email' => $email), '', 1);
$message = do_lang('NEWSLETTER_PASSWORD_CHANGE', comcode_escape(get_ip_address()), comcode_escape($new_password), NULL, $lang);
require_code('mail');
mail_wrap(get_option('newsletter_title'), $message, array($email), $GLOBALS['FORUM_DRIVER']->get_username(get_member()));
breadcrumb_set_self(do_lang_tempcode('NEWSLETTER_PASSWORD_BEEN_RESET'));
breadcrumb_set_parents(array(array('_SELF:_SELF:misc', get_option('newsletter_title'))));
return inform_screen($title, protect_from_escaping(do_lang('NEWSLETTER_PASSWORD_BEEN_RESET', NULL, NULL, NULL, $lang)));
}
