function mail_password()
{
global $user_prefix, $db, $pagetitle, $userinfo;
if ((!isset($_POST['lost_username']) || empty($_POST['lost_username'])) && (!isset($_POST['lost_email']) || empty($_POST['lost_email']))) {
cpg_error('Please enter either a username or email address');
}
if (isset($_POST['lost_username']) && (!isset($_POST['lost_email']) || empty($_POST['lost_email']))) {
$username = Fix_Quotes($_POST['lost_username']);
if (empty($username) || strtolower($username) == 'anonymous') {
cpg_error('Invalid username');
}
$sql = "username='******'";
} else {
$sql = "user_email='" . Fix_Quotes($_POST['lost_email']) . "'";
}
$result = $db->sql_query('SELECT username, user_email, user_password, user_level FROM ' . $user_prefix . '_users WHERE ' . $sql);
$pagetitle .= ' ' . _BC_DELIM . ' ' . _PASSWORDLOST;
if ($db->sql_numrows($result) != 1) {
cpg_error(_SORRYNOUSERINFO);
} else {
$row = $db->sql_fetchrow($result);
$username = $row['username'];
if ($row['user_level'] > 0) {
global $sitename, $MAIN_CFG;
$code = $_POST['code'];
$areyou = substr($row['user_password'], 0, 10);
$from = 'noreply@' . str_replace('www.', '', $MAIN_CFG['server']['domain']);
if ($areyou == $code) {
$newpass = make_pass(8, 5);
$message = _USERACCOUNT . " '{$username}' " . _AT . " {$sitename} " . _HASTHISEMAIL . " " . _AWEBUSERFROM . " " . decode_ip($userinfo["user_ip"]) . " " . _HASREQUESTED . "\n\n" . _YOURNEWPASSWORD . " {$newpass}\n\n " . _YOUCANCHANGE . " " . URL::index('Your_Account', true, true) . "\n\n" . _IFYOUDIDNOTASK;
$subject = _USERPASSWORD4 . " {$username}";
if (!send_mail($mailer_message, $message, 0, $subject, $row['user_email'], $username, $from)) {
cpg_error($mailer_message);
}
// Next step: add the new password to the database
$cryptpass = md5($newpass);
$query = "UPDATE " . $user_prefix . "_users SET user_password='******' WHERE username='******'";
if (!$db->sql_query($query)) {
cpg_error(_UPDATEFAILED);
}
cpg_error(_PASSWORD4 . " {$username} " . _MAILED, _TB_INFO, URL::index());
// If no code, send it
} else {
$message = _USERACCOUNT . " '{$username}' " . _AT . " {$sitename} " . _HASTHISEMAIL . " " . _AWEBUSERFROM . " " . decode_ip($userinfo["user_ip"]) . " " . _CODEREQUESTED . "\n\n" . _YOURCODEIS . " {$areyou} \n\n" . _WITHTHISCODE . " " . URL::index('&op=pass_lost', true, true) . "\n" . _IFYOUDIDNOTASK2;
$subject = _CODEFOR . " {$username}";
if (!send_mail($mailer_message, $message, 0, $subject, $row['user_email'], $username, $from)) {
cpg_error($mailer_message);
}
cpg_error(_CODEFOR . " {$username} " . _MAILED, _TB_INFO, URL::index('&op=pass_lost'));
}
} elseif ($row['user_level'] == 0) {
cpg_error(_ACCSUSPENDED);
} elseif ($row['user_level'] == -1) {
cpg_error(_ACCDELETED);
}
}
}
}
} elseif ($op == "reset_passwd") {
/*** verification securite ***/
if ($grade['a'] != 'a' && $grade['b'] != 'b' && $grade['j'] != 'j') {
js_goto($PHP_SELF);
}
$db->select("id,passwd,email");
$db->from("{$dbprefix}joueurs");
$db->where("id = '{$id}'");
$db->exec();
$joueur = $db->fetch();
if ($db->num_rows() != 1) {
show_erreur($strElementsJoueurInvalide);
} else {
// génération du nouveau pass
$nv_pass = make_pass();
$array1 = array("%nomsite%", "%urlsite%", "%passwd%");
$array2 = array($config['nomsite'], $config['urlsite'], $nv_pass);
if ($config['mail'] != 'N') {
// envoi du mail contenant le nouveau pass
$to = $joueur->email;
$from = $config['emailcontact'];
$subject = $strPasswordEmail;
$subject = str_replace($array1, $array2, $subject);
$body = $strPasswordEmailMessage;
$body = str_replace($array1, $array2, $body);
$mail = new phpTMailer();
$mail->From = $from;
$mail->FromName = "";
$mail->AddAddress($to);
$mail->Subject = $subject;
function make_pass_rand(&$p, $names = null)
{
$p[!empty($names['input']) ? $names['input'] : 'pass'] = rand_pass();
make_pass($p, $names);
}
}
$username = Fix_Quotes($_POST['username'], 1);
$email = Fix_Quotes($_POST['email'], 1);
$password = Fix_Quotes($_POST['password'], 1);
if ($password != Fix_Quotes($_POST['password_confirm'], 1)) {
cpg_error(_PASSDIFFERENT);
} else {
if (strlen($password) < $MAIN_CFG['member']['minpass'] && $password != '') {
cpg_error(_YOUPASSMUSTBE . ' <b>' . $MAIN_CFG['member']['minpass'] . '</b> ' . _CHARLONG);
}
}
userCheck($_POST['username'], $_POST['email']);
$fieldlist = $valuelist = '';
check_fields($fieldlist, $valuelist, $fields);
if (empty($password)) {
$password = make_pass(8, 5);
}
$result = $db->sql_query('INSERT INTO ' . $user_prefix . '_users (username, user_email, user_password, user_regdate, user_avatar' . $fieldlist . ') ' . "VALUES ('{$username}', '{$email}', '" . md5($password) . "', '" . time() . "', '" . $MAIN_CFG['avatar']['default'] . "'" . $valuelist . ')');
$message = _WELCOMETO . " {$MAIN_CFG['global']['sitename']}!\n\n" . _YOUUSEDEMAIL . " ({$email}) " . _TOREGISTER . " {$MAIN_CFG['global']['sitename']}.\n\n " . _FOLLOWINGMEM . "\n" . _USERNAME . ": {$username}\n" . _PASSWORD . ": {$password}";
send_mail($dummy, $message, 0, _ACTIVATIONSUB, $email, $username);
URL::redirect(URL::admin());
} else {
if ($_POST['mode'] == 'promoteConf') {
if ($CPG_SESS['admin']['page'] != 'users') {
cpg_error(_ERROR_BAD_LINK, _SEC_ERROR);
}
if (can_admin()) {
list($num) = $db->sql_ufetchrow("SELECT COUNT(*) FROM " . $prefix . "_admins WHERE aid='{$_POST['aid']}'", SQL_NUM);
if ($num > 0) {
cpg_error(_NAMEERROR);
} else {
function forgot () {
// Load Auth app
$auth_app = Frix::app('auth');
// Already authorized?
if ($auth_app->get_user()) {
// Go to the admin home
redir(url(self::$root));
}
// Load AuthUser model
$auth_app->load_model('AuthUser');
// Get model meta
$meta = AuthUser::meta();
$f = new Form;
$f->add_fields(array(
'email' => new CharField('E-mail', array('length' => 100)),
));
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Get form data
$f->input($_POST);
$email = $f->get_email();
// Check for a valid e-mail address.
if (!validate_email($email)) {
self::$context['msg'] = sprintf('Invalid e-mail address "%s"!', $email);
self::$context['msg_type'] = 'err';
}
else {
// Get user by e-mail address
$user = $meta->one(array('email' => $email));
if ($user) {
// Create a new password
$pass = make_pass();
$msg =
'Your new passord is:' . "\n" .
$pass . "\n\n" .
'You can log in using your username:'******'New password', $msg, Frix::app('settings')->get('contact_email'), $user->email);
// Error sending the msg?
if (!$ok) {
self::$context['msg'] =
'Couldn\'t send msg.<br />' .
'Password not changed.'
;
self::$context['msg_type'] = 'err';
}
// Message sucessfully sent?
else {
// Change user password and save
$user->set_password($pass);
$user->save();
// Redirect with a success msg
redir('./?sent=1');
}
}
else {
self::$context['msg'] = sprintf('E-mail address "%s" not found!', $email);
self::$context['msg_type'] = 'err';
}
}
}
else {
if ($_GET['sent']) {
self::$context['msg'] =
'The new password was sent!<br />'.
'Please check your inbox.'
;
self::$context['msg_type'] = 'ok';
}
else {
self::$context['msg'] = 'Type your e-mail to get a new password.';
}
}
self::$context['form'] = $f;
$t = new Template('frix/admin/forgot');
echo $t->render(self::$context);
}
function register_finish()
{
global $db, $user_cfg, $user_prefix, $sitename, $sec_code, $CPG_SESS, $userinfo, $MAIN_CFG;
if ($sec_code & 4) {
if (!validate_secimg()) {
cpg_error(_SECCODEINCOR);
}
}
$fields = $_SESSION['REGISTER'];
if (empty($fields['username'])) {
cpg_error('session gone...');
}
$random = empty($fields['password']);
if ($random) {
$fields['password'] = make_pass(8, 5);
}
$user_email = $fields['email'];
$fieldlist = $valuelist = '';
check_fields($fieldlist, $valuelist, $fields, false);
$username = $fields['username'];
$password = $random ? "\n" . _PASSWORD . ': ' . $fields['password'] : '';
mt_srand((double) microtime() * 1000000);
$check_num = mt_rand(0, 1000000);
$check_num = md5($check_num);
$new_password = md5($fields['password']);
$user_regdate = time();
if ($user_cfg['useactivate'] || $user_cfg['requireadmin']) {
$result = $db->sql_query("INSERT INTO " . $user_prefix . "_users_temp (username, user_email, user_password, user_regdate, check_num, time" . $fieldlist . ") VALUES ('{$username}', '{$user_email}', '{$new_password}', '{$user_regdate}', '{$check_num}', {$user_regdate} {$valuelist})");
} else {
$result = $db->sql_query("INSERT INTO " . $user_prefix . "_users (username, user_email, user_password, user_regdate, user_lastvisit, user_avatar {$fieldlist}) VALUES ('{$username}', '{$user_email}', '{$new_password}', '{$user_regdate}', {$user_regdate}, '{$MAIN_CFG['avatar']['default']}' {$valuelist})");
if ($user_cfg['send_welcomepm']) {
welcome_pm();
}
}
$uid = $db->sql_nextid('user_id');
$finishlink = URL::index("&file=register&activate={$uid}&check_num={$check_num}", true, true);
$message = _WELCOMETO . " {$sitename}!\n\n" . _YOUUSEDEMAIL . " ({$user_email}) ";
if ($fields['coppa']) {
// $message = $lang['COPPA'];
// $email_template = 'coppa_welcome_inactive';
$message .= _TOAPPLY . " {$sitename}.\n\n" . _WAITAPPROVAL . "\n\n" . _FOLLOWINGMEM . "\n" . _USERNAME . ": {$username}{$password}";
$subject = _APPLICATIONSUB;
OpenTable();
echo "<center><b>" . _ACCOUNTRESERVED . "</b><br /><br />" . _YOUAREPENDING . "<br /><br />" . _THANKSAPPL . " {$sitename}!</center>";
} else {
if (!$user_cfg['requireadmin']) {
$message .= _TOREGISTER . " {$sitename}.\n\n";
OpenTable();
echo "<center><b>" . _ACCOUNTCREATED . "</b><br /><br />" . _YOUAREREGISTERED . "<br /><br />";
if ($user_cfg['useactivate']) {
echo _FINISHUSERCONF;
$message .= _TOFINISHUSER . "\n\n {$finishlink}\n\n";
//<- Is the activation link in email. DJMaze
$subject = _ACTIVATIONSUB;
} else {
echo _FINISHUSERCONF2 . '<a href="' . URL::index() . '">' . _FINISHUSERCONF3 . '</a>.';
$subject = _REGISTRATIONSUB;
}
echo '<br /><br />' . _THANKSUSER . " {$sitename}!</center>";
$message .= _FOLLOWINGMEM . "\n" . _USERNAME . ": {$username}{$password}";
} else {
$message .= _TOAPPLY . " {$sitename}.\n\n" . _WAITAPPROVAL . "\n\n" . _FOLLOWINGMEM . "\n" . _USERNAME . ": {$username}{$password}";
$subject = _APPLICATIONSUB;
OpenTable();
echo '<center><b>' . _ACCOUNTRESERVED . '</b><br /><br />' . _YOUAREPENDING . '<br /><br />' . _THANKSAPPL . " {$sitename}!</center>";
}
}
$from = 'noreply@' . str_replace('www.', '', $MAIN_CFG['server']['domain']);
if (!send_mail($mailer_message, $message, 0, $subject, $user_email, $username, $from)) {
echo 'Member mail: ' . $mailer_message;
}
if ($user_cfg['sendaddmail']) {
if ($user_cfg['requireadmin']) {
$subject = "{$sitename} - " . _MEMAPL;
} else {
$subject = "{$sitename} - " . _MEMADD;
}
$message = "{$username} has been added to {$sitename}.\n\nUser IP: " . decode_ip($userinfo['user_ip']) . "\n--------------------------------------------------------\nDo not reply to this message!!";
if (!send_mail($mailer_message, $message, 0, $subject)) {
echo "Admin mail: " . $mailer_message;
}
}
CloseTable();
unset($_SESSION['REGISTER']);
}