function adminResetPasswordByUsername($username, $adminUid)
{
$row = get_row_null(sprintf("SELECT * FROM user_info WHERE username='******';", mysql_real_escape_string($username)));
if (!$row) {
return FALSE;
}
resetPassword($row, $adminUid);
return TRUE;
}
function addUser($user)
{
if (is_array($user)) {
$db = Database::obtain();
if ($user['id'] == NULL) {
if ($user['group'] == '2') {
$group = 'User';
$user['maxwebsites'] = 1;
} elseif ($user['group'] == '3') {
$group = 'Developer';
$user['maxwebsites'] = 25;
}
$user['joined'] = "NOW()";
$user['account_active'] = 0;
$userid = $db->insert("users", $user);
newWebsite($userid);
$newpass = resetPassword($userid);
$subject = 'Your account details for ' . szName();
$message = '
Thank you for registering on ' . szName() . '
Below are the details for your user account on ' . szUrl() . '
Please keep this information in a save place.
User ID: U53R' . $userid . '
Username: '******'username'] . '
Password: '******'
Full Names: ' . $user['fullnames'] . '
Account Type: ' . $group . '
Phone Number: ' . $user['phone'] . '
Website: ' . $user['user_website'] . '
Email Address: ' . $user['email'] . '
Thank you for signing up with us. While we try to automate almost everything on our servers it does not mean that we do not care about our clients. By automating the functions online we are able to provide our clients with faster response times. If you feel the need to contact us directly please do not hesitate to do so. We are always happy to hear from our clients. Compliments motivate us and complaints improves our service whilst suggestions make what we do better every day.
' . szName() . ' is a new product created from scratch; should you find any problems or have suggestions, we would be glad to hear from you. Our first priority is to fix any errors as they get reported. We upload new templates weekly and you can watch the total number of templates increase in the ' . szName() . ' Stats box on the home page of the ' . szName() . ' website. If you have a theme that you would like included, please let us know and we will add it to the collection. We are also planning a lot of new and exciting features in the near future and we will update the news pages as we make changes, fix errors and add additional functions.
For billing and invoice related queries please email us directly at ' . szEmail() . '. Any other support questions should be directed to the Support Forums. For the best experience please use Firefox. It is a free web browser and can be downloaded online from http://www.mozilla.org/en-US/firefox/new/
By default Developers can only create 25 websites. This is only implemented to prevent abuse. If you are registered as a Developer and need 50 or 100 extra websites just contact us and we will be happy to set this number to whatever you need it to be. We look forward to doing business with you for many years to come.
Kind Regards
The ' . szName() . ' Team
';
$headers = 'From: ' . szEmail() . "\r\n" . 'Bcc: ' . szCronEmail() . "\r\n";
if (sendEmail($user['email'], $subject, $message, $headers)) {
return true;
} else {
return false;
}
} else {
return false;
}
} else {
return false;
}
}
<?php
require "../API/loginUser.php";
require "../API/registerUser.php";
$response = array("login" => "fail", "user" => array("id" => "-1", "username" => null, "email" => null));
$file = $_SERVER['DOCUMENT_ROOT'] . '/concept/bower_components/bootstrap/mobile/logfile.txt';
$postdata = file_get_contents("php://input");
$data = json_decode($postdata);
if (!empty($data)) {
switch ($data->method) {
case "login":
$json = loginUser($data->username, $data->password);
$loginObj = json_decode($json);
$response['login'] = $loginObj->{'status'};
$response['user'] = $loginObj->{'user'};
break;
case "register":
$retVal = registerUser($data->username, $data->email, $data->password);
$response['register'] = $retVal;
break;
case "resetPassword":
$retVal = resetPassword($data->username, $data->email);
$response['reset'] = $retVal;
break;
default:
$retVal = "Error";
$response['user'] = $retVal;
break;
}
}
echo json_encode($response);
$userID = tlUser::doesUserExist($db, $args->login);
if (!$userID) {
$gui->note = lang_get('bad_user');
} else {
// need to know if auth method for user allows reset
$user = new tlUser(intval($userID));
$user->readFromDB($db);
if (tlUser::isPasswordMgtExternal($user->authentication, $user->authentication)) {
$gui->external_password_mgmt = 1;
$gui->password_mgmt_feedback = sprintf(lang_get('password_mgmt_feedback'), trim($args->login));
}
}
}
if (!$gui->external_password_mgmt && $userID) {
echo __LINE__;
$result = resetPassword($db, $userID);
$gui->note = $result['msg'];
if ($result['status'] >= tl::OK) {
$user = new tlUser($userID);
if ($user->readFromDB($db) >= tl::OK) {
logAuditEvent(TLS("audit_pwd_reset_requested", $user->login), "PWD_RESET", $userID, "users");
}
redirect(TL_BASE_HREF . "login.php?note=lost");
exit;
} else {
if ($result['status'] == tlUser::E_EMAILLENGTH) {
$gui->note = lang_get('mail_empty_address');
} else {
if ($note != "") {
$gui->note = getUserErrorMessage($result['status']);
}
<title>
</title>
</head>
<body>
<?php
/**
* Created by PhpStorm.
* User: Adriana
* Date: 10/11/2015
* Time: 14:04
*/
$email = $_POST["user"];
$numero = crypt($email, '."#$%&/()');
include "../Model/resetPassword.php";
resetPassword($email, $numero);
require "../PHPMailer-master/PHPMailer-master/PHPMailerAutoload.php";
$mail = new PHPMailer();
$mail->isSMTP();
$mail->SMTPDebug = 2;
$mail->Debugoutput = 'html';
$mail->Host = 'smtp-mail.outlook.com';
$mail->Port = 587;
$mail->SMTPSecure = 'tls';
$mail->SMTPAuth = true;
$mail->Username = "******";
$mail->Password = "******";
$mail->setFrom("*****@*****.**", 'Osham Fashion Community');
$mail->addReplyTo("*****@*****.**", 'Osham Fashion Community');
$mail->addAddress($email, 'Usuario');
$mail->Subject = 'Reset Password';
<?
require("_functions.php");
require("_database.php");
$email = trim($_GET['email']);
$temppass = trim($_GET['token']);
$message = '';
if (!$email || !$temppass) {
die('Missing $email or $token parameter.');
}
if ($_POST['action'] == 'reset') {
if (!resetPassword($email, $temppass, $password)) {
$message = '<p class="error" style="margin:2em 0">System error. Cannot reset password now.</p>';
}
else {
$message = "<p class='ok' style='margin:2em 0'>Ok, your account's been deleted. <a href='/halfnote'>Go create a new one!</a>.</p>";
}
}
?>
<html>
<head>
<style type="text/css">
<? include("_style_base.php"); ?>
<? include("_style_form.php"); ?>
</style>
<title>halfnote - reset account</title>
<table id="masthead" width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="left">
<?
//security check
if(!$GLOBALS['vlDC']) {
die("<font face=arial size=2>Job 38:11</font>");
}
//should we send the password to an email?
if($remindEmail) {
resetPassword($remindEmail);
go("/sentreminder/$remindEmail/");
}
if($login && $email && $pass) {
//validate
$email=validate($email);
//authenticate
$u=0;
$u=mysqlquery("select * from vl_users where lower(email)='".strtolower($email)."'");
if(mysqlnumrows($u)) {
while($un=mysqlfetcharray($u)) {
if(strtolower($email)==strtolower($un["email"])) {
//email authentic
if(vlSimpleDecrypt($un["xp"])==hash("sha256",$pass)) {
//has this account been de-activated?
if(!$un["active"]) {
go("/login/in/");
} else {
//register session variables
$_SESSION["VLEMAIL"]=$email;
//log
switch ($i) {
case 10:
//获取token
var_dump(getToken());
break;
case 11:
//创建单个用户
var_dump(createUser("zhangsan", "123456"));
break;
case 12:
//创建批量用户
var_dump(createUsers(array(array("username" => "zhangsan", "password" => "123456"), array("username" => "lisi", "password" => "123456"))));
break;
case 13:
//重置用户密码
var_dump(resetPassword("zhangsan", "123456"));
break;
case 14:
//获取单个用户
var_dump(getUser("zhangsan"));
break;
case 15:
//获取批量用户---不分页(默认返回10个)
var_dump(getUsers());
break;
case 16:
//获取批量用户----分页
$cursor = readCursor("userfile.txt");
var_dump(getUsersForPage(10, $cursor));
break;
case 17:
$message = null;
/** Redirect if key and login are not set */
if (!count($_POST) && (!array_key_exists('key', $_GET) || !array_key_exists('login', $_GET))) {
header('Location: ' . $GLOBALS['RELPATH']);
}
/** Check key for validity */
if (!checkForgottonPasswordKey(sanitize($_GET['key']), sanitize($_GET['login']))) {
header('Location: ' . $GLOBALS['RELPATH'] . '?forgot_password&keyInvalid');
}
if (count($_POST)) {
extract($_POST);
extract($_GET);
if ($user_password != $cpassword) {
$message = sprintf('<p class="failed">%s</p>', _('The passwords do not match.'));
} else {
if (!resetPassword(sanitize($login), sanitize($key), sanitize($user_password))) {
$message = sprintf('<p class="failed">%s</p>', _('Your password failed to get updated.'));
} else {
require_once ABSPATH . 'fm-modules/facileManager/classes/class_logins.php';
$fm_login->checkPassword($login, $user_password);
exit(printResetConfirmation());
}
}
}
printPasswordResetForm($message);
/**
* Display password reset user form.
*
* @since 1.0
* @package facileManager
*/
<?php
// include files
include "../../includes/ini.php";
include "../../includes/session.php";
include "../../includes/functions.php";
include "../../lang/" . getLang('');
// send user new password
if ($_POST && $_POST['userEmail']) {
$result = resetPassword($_POST['userEmail']);
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link type="text/css" rel="stylesheet" href="style.css">
<style>
.text
{
font-family: Verdana, Arial;
font-size: 12px;
font-style: normal;
color: #84B2DE;
}
</style>
<?php
require_once 'includes/header.php';
require_once DIR_APP . 'users.php';
if (isset($_POST['reset_password'])) {
$result = resetPassword($_POST['email']);
}
?>
<div class="home-page content page-forgot">
<div class="main-content">
<div class="content-block">
<div class="content-title">Reset Password</div>
<form action="" method="post">
<?php
if (!empty($result)) {
echo '<p>' . $result . '</p>';
}
?>
<?php
if ($result != 'Thank you. We have sent a login passcode to your email. Please do login with that sent passcode and remember to change it.') {
echo '
<div class="form-item"><label>Your Email:</label> <input type="email" name="email"></div>
<div class="form-bottom"><input type="submit" name="reset_password" value="Send" style=""></div>';
}
?>
</form>
</div>
<?php
session_start();
require_once 'config.php';
$isSuccess = false;
$isValid = false;
$expired = '';
$token = htmlspecialchars($_GET["token"]);
if (isset($_SESSION['current_user']['login_username'])) {
header("Location: photography.php");
return;
}
$isValid = SetupSession($token);
if (isset($_POST['changePass'])) {
resetPassword($_POST['newpass']);
}
function SetupSession($token)
{
$conn = mysqli_connect(db_host, db_user, db_pass, db_name);
if (mysqli_connect_errno()) {
echo "Error connecting to database";
return false;
}
$currentDate = date('m/d/Y h:i:s a', time());
$query = "SELECT DISTINCT * FROM users WHERE token = '" . $token . "' AND tokenexpiration >= '" . $currentDate . "'";
$result = mysqli_fetch_assoc(mysqli_query($conn, $query));
if (!$result) {
mysqli_close($conn);
echo "Error connecting to database";
return false;
}
if (!$register_message) {
// Username is a slug of the email address with the dashes removed.
// End users won't use this, we just need a unique ID for the account.
$username = str_replace('-', '', str::slug(get('email')));
// Check for duplicate accounts
$duplicateEmail = $site->users()->findBy('email', trim(get('email')));
$duplicateUsername = $site->users()->findBy('username', $username);
if (count($duplicateEmail) === 0 and count($duplicateUsername) === 0) {
try {
// Random password for initial setup.
// User will create their own password after opt-in email verification.
$password = bin2hex(openssl_random_pseudo_bytes(16));
// Create account
$user = $site->users()->create(array('username' => $username, 'email' => trim(get('email')), 'password' => $password, 'firstName' => trim(get('fullname')), 'language' => 'en', 'country' => get('country')));
// Send password reset email
if (resetPassword($user->email(), true)) {
$register_message = l::get('register-success');
$success = true;
} else {
$register_message = l::get('register-failure-verification');
}
} catch (Exception $e) {
$register_message = l::get('register-failure');
}
} else {
$register_message = l::get('register-duplicate');
}
}
} else {
$register_message = false;
}
<?php
include "../universal/config.php";
//---sendValidation---//
if (isset($_POST["sendValidation"])) {
include "sendValidation.php";
$result = sendValidation($_POST["email"]);
echo $result;
} elseif (isset($_POST["signUp"])) {
include "signUp.php";
$result = signUp($_POST["key"], $_POST["email"], $_POST["username"], $_POST["password"]);
echo $result;
} elseif (isset($_POST["signIn"])) {
include "signIn.php";
$result = signIn($_POST["email"], $_POST["password"], $_POST["remember"]);
echo $result;
} elseif (isset($_POST["resetValidation"])) {
include "resetValidation.php";
$result = resetValidation($_POST["email"]);
echo $result;
} elseif (isset($_POST["resetPassword"])) {
include "resetPassword.php";
$result = resetPassword($_POST["key"], $_POST["email"], $_POST["password"]);
echo $result;
} elseif (isset($_POST["signOut"])) {
include "signOut.php";
$result = signOut();
echo $result;
}
<?php
header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"');
$userId = $_POST['conf_pass__uid'];
$current_password = $_POST['conf_pass_curr_pass'];
$new_password = $_POST['conf_pass_new_pass'];
$conf_password = $_POST['conf_pass_copy_pass'];
if ($userId == "" || $current_password == "" || $new_password == "" || $conf_password == "") {
header('Location: index.php');
}
if ($new_password != $conf_password) {
header('Location: myprofile.php?resetpass=1');
}
include_once "dbinfo.inc.oop.php";
$result = resetPassword($userId, $current_password, $new_password);
if ($result) {
header('Location: myprofile.php?resetpass=0');
} else {
header('Location: myprofile.php?resetpass=2');
}
?>
<?php
/**
* Created by PhpStorm.
* User: lenovo
* Date: 2015/11/26
* Time: 17:50
*/
include_once 'tools.php';
include_once 'SQLSafe.php';
$SQLSafe = new SQLSafe();
$employeeID = $_POST['employeeID'];
//在重置密码时,将重置的密码加密后保存到数据库中
$newPassword = sha1($_POST['newPassword']);
function resetPassword($employeeID, $newPassword)
{
$conn = tools::connectDatabase();
mysqli_query($conn, "UPDATE Users SET Password='******' WHERE EmployeeID='{$employeeID}'");
echo "success";
}
resetPassword($employeeID, $newPassword);
include "include/common.php";
include "config.php";
include "include/db_connect.php";
include "include/session.php";
include "include/reset.php";
if (isset($_SESSION['user_id'])) {
$inform["info"] = "You are already logged in!";
get_page("reset", array("message" => "<a href=\"application/\">Click here</a> if you are not redirected.", "redirect" => "application/"));
} else {
if (isset($_REQUEST['username']) && isset($_REQUEST['email'])) {
if (isset($_REQUEST['auth']) && isset($_REQUEST['user_id'])) {
$check = resetCheck($_REQUEST['username'], $_REQUEST['email'], $_REQUEST['auth'], $_REQUEST['user_id']);
if (isset($_REQUEST['password']) && isset($_REQUEST['password_confirm'])) {
if ($_REQUEST['password'] == $_REQUEST['password_confirm']) {
resetPassword($_REQUEST['user_id'], $_REQUEST['password']);
$inform["success"] = "Your password has been reset! Log in now!";
get_page("login", array("inform" => $inform));
} else {
$inform["error"] = "The passwords do not match!";
get_page("reset", array("inform" => $inform));
}
} else {
get_page("reset_password", array("username" => $_REQUEST['username'], "email" => $_REQUEST['email'], "auth" => $_REQUEST['auth'], "user_id" => $_REQUEST['user_id']));
}
} else {
$result = resetRequest($_REQUEST['username'], $_REQUEST['email']);
$inform = array();
if ($result == 0) {
//request successful
$inform["success"] = "Details on how to reset your password have been sent to " . $_REQUEST['email'] . "!";
<?php
//Include files
require_once '../classes/class_login.php';
//Get post data
$ticket = $_POST['ticket'];
$newPassword = $_POST['newPassword'];
$emailAddress = $_POST['email'];
if ($newPassword == '') {
print 'npassword';
} else {
//Call reset function
resetPassword($ticket, $emailAddress, $newPassword);
}
function ModifyProfile2()
{
global $txt, $modSettings;
global $cookiename, $context;
global $sourcedir, $scripturl, $db_prefix;
global $ID_MEMBER, $user_info;
global $context, $newpassemail, $user_profile, $validationCode;
loadLanguage('Profile');
/* Set allowed sub-actions.
The format of $sa_allowed is as follows:
$sa_allowed = array(
'sub-action' => array(permission_array_for_editing_OWN_profile, permission_array_for_editing_ANY_profile, session_validation_method[, require_password]),
...
);
*/
$sa_allowed = array('account' => array(array('manage_membergroups', 'profile_identity_any', 'profile_identity_own'), array('manage_membergroups', 'profile_identity_any'), 'post', true), 'forumProfile' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'theme' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'notification' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'pmprefs' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'deleteAccount' => array(array('profile_remove_any', 'profile_remove_own'), array('profile_remove_any'), 'post', true), 'activateAccount' => array(array(), array('moderate_forum'), 'get'));
// Is the current sub-action allowed?
if (empty($_REQUEST['sa']) || !isset($sa_allowed[$_REQUEST['sa']])) {
fatal_lang_error(453, false);
}
checkSession($sa_allowed[$_REQUEST['sa']][2]);
// Start with no updates and no errors.
$profile_vars = array();
$post_errors = array();
// Normally, don't send an email.
$newpassemail = false;
// Clean up the POST variables.
$_POST = htmltrim__recursive($_POST);
$_POST = stripslashes__recursive($_POST);
$_POST = htmlspecialchars__recursive($_POST);
$_POST = addslashes__recursive($_POST);
// Search for the member being edited and put the information in $user_profile.
$memberResult = loadMemberData((int) $_REQUEST['userID'], false, 'profile');
if (!is_array($memberResult)) {
fatal_lang_error(453, false);
}
list($memID) = $memberResult;
// Are you modifying your own, or someone else's?
if ($ID_MEMBER == $memID) {
$context['user']['is_owner'] = true;
} else {
$context['user']['is_owner'] = false;
validateSession();
}
// Check profile editing permissions.
isAllowedTo($sa_allowed[$_REQUEST['sa']][$context['user']['is_owner'] ? 0 : 1]);
// If this is yours, check the password.
if ($context['user']['is_owner'] && !empty($sa_allowed[$_REQUEST['sa']][3])) {
// You didn't even enter a password!
if (trim($_POST['oldpasswrd']) == '') {
$post_errors[] = 'no_password';
}
// Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password
$_POST['oldpasswrd'] = addslashes(un_htmlspecialchars(stripslashes($_POST['oldpasswrd'])));
// Does the integration want to check passwords?
$good_password = false;
if (isset($modSettings['integrate_verify_password']) && function_exists($modSettings['integrate_verify_password'])) {
if (call_user_func($modSettings['integrate_verify_password'], $user_profile[$memID]['memberName'], $_POST['oldpasswrd'], false) === true) {
$good_password = true;
}
}
// Bad password!!!
if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['oldpasswrd'])) {
$post_errors[] = 'bad_password';
}
}
// No need for the sub action array.
unset($sa_allowed);
// If the user is an admin - see if they are resetting someones username.
if ($user_info['is_admin'] && isset($_POST['memberName'])) {
// We'll need this...
require_once $sourcedir . '/Subs-Auth.php';
// Do the reset... this will send them an email too.
resetPassword($memID, $_POST['memberName']);
}
// Change the IP address in the database.
if ($context['user']['is_owner']) {
$profile_vars['memberIP'] = "'{$user_info['ip']}'";
}
// Now call the sub-action function...
if (isset($_POST['sa']) && $_POST['sa'] == 'deleteAccount') {
deleteAccount2($profile_vars, $post_errors, $memID);
if (empty($post_errors)) {
redirectexit();
}
} else {
saveProfileChanges($profile_vars, $post_errors, $memID);
}
// There was a problem, let them try to re-enter.
if (!empty($post_errors)) {
// Load the language file so we can give a nice explanation of the errors.
loadLanguage('Errors');
$context['post_errors'] = $post_errors;
$_REQUEST['sa'] = $_POST['sa'];
$_REQUEST['u'] = $memID;
return ModifyProfile($post_errors);
}
if (!empty($profile_vars)) {
// If we've changed the password, notify any integration that may be listening in.
if (isset($profile_vars['passwd']) && isset($modSettings['integrate_reset_pass']) && function_exists($modSettings['integrate_reset_pass'])) {
call_user_func($modSettings['integrate_reset_pass'], $user_profile[$memID]['memberName'], $user_profile[$memID]['memberName'], $_POST['passwrd1']);
}
updateMemberData($memID, $profile_vars);
}
// What if this is the newest member?
if ($modSettings['latestMember'] == $memID) {
updateStats('member');
} elseif (isset($profile_vars['realName'])) {
updateSettings(array('memberlist_updated' => time()));
}
// If the member changed his/her birthdate, update calendar statistics.
if (isset($profile_vars['birthdate']) || isset($profile_vars['realName'])) {
updateStats('calendar');
}
// Send an email?
if ($newpassemail) {
require_once $sourcedir . '/Subs-Post.php';
// Send off the email.
sendmail($_POST['emailAddress'], $txt['activate_reactivate_title'] . ' ' . $context['forum_name'], "{$txt['activate_reactivate_mail']}\n\n" . "{$scripturl}?action=activate;u={$memID};code={$validationCode}\n\n" . "{$txt['activate_code']}: {$validationCode}\n\n" . $txt[130]);
// Log the user out.
db_query("\n\t\t\tDELETE FROM {$db_prefix}log_online\n\t\t\tWHERE ID_MEMBER = {$memID}", __FILE__, __LINE__);
$_SESSION['log_time'] = 0;
$_SESSION['login_' . $cookiename] = serialize(array(0, '', 0));
if (isset($_COOKIE[$cookiename])) {
$_COOKIE[$cookiename] = '';
}
loadUserSettings();
$context['user']['is_logged'] = false;
$context['user']['is_guest'] = true;
// Send them to the done-with-registration-login screen.
loadTemplate('Register');
$context += array('page_title' => &$txt[79], 'sub_template' => 'after', 'description' => &$txt['activate_changed_email']);
return;
} elseif ($context['user']['is_owner']) {
// Log them back in.
if (isset($_POST['passwrd1']) && $_POST['passwrd1'] != '') {
require_once $sourcedir . '/Subs-Auth.php';
setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . $user_profile[$memID]['passwordSalt']));
}
loadUserSettings();
writeLog();
}
// Back to same subaction page..
redirectexit('action=profile;u=' . $memID . ';sa=' . $_REQUEST['sa'], isset($_POST['passwrd1']) && $context['server']['needs_login_fix'] || $context['browser']['is_ie'] && isset($_FILES['attachment']));
}
global $sourcedir, $smcFunc, $boardurl;
require_once $sourcedir . '/Subs-Auth.php';
$start = isset($_GET['start']) ? (int) $_GET['start'] : 0;
$request = $smcFunc['db_query']('', '
SELECT COUNT(*)
FROM {db_prefix}members', array());
list($usercount) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
echo 'Users to process: ', $usercount - $start . '<br />';
$time = time();
// Let's do 5 seconds
while (time() < $time + 5) {
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}members
LIMIT {int:start}, 10', array('start' => $start));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
resetPassword($row['id_member']);
}
$smcFunc['db_free_result']($request);
$start += 10;
}
if ($usercount >= $start) {
echo '<a id="cont" href="', $boardurl, '/resetpwds.php?start=', $start, '">click here to continue</a><script>
var href = document.getElementById("cont").href;
document.getElementById("cont").innerHTML="wait...";
setTimeout(function(){window.location = href;},3000);
</script>';
die;
}
echo 'nothing left!';
return getTag();
break;
case 'mobileadd':
mobileAdd();
break;
case 'mobile_addstoredtitles':
mobileAddStoredTitles();
break;
case 'admin_register':
adminRegister();
break;
case 'activate':
activate();
break;
case 'reset_password':
resetPassword();
break;
case 'change_password':
changePassword();
break;
case 'add_user':
addUser();
break;
case 'get_profile':
getProfile();
break;
case 'save_profile':
saveProfile();
break;
case 'get_settings':
getSettings();
function loadProfileFields($force_reload = false)
{
global $context, $profile_fields, $txt, $scripturl, $modSettings, $user_info, $old_profile, $smcFunc, $cur_profile, $language;
// Don't load this twice!
if (!empty($profile_fields) && !$force_reload) {
return;
}
/* This horrific array defines all the profile fields in the whole world!
In general each "field" has one array - the key of which is the database column name associated with said field. Each item
can have the following attributes:
string $type: The type of field this is - valid types are:
- callback: This is a field which has its own callback mechanism for templating.
- check: A simple checkbox.
- hidden: This doesn't have any visual aspects but may have some validity.
- password: A password box.
- select: A select box.
- text: A string of some description.
string $label: The label for this item - default will be $txt[$key] if this isn't set.
string $subtext: The subtext (Small label) for this item.
int $size: Optional size for a text area.
array $input_attr: An array of text strings to be added to the input box for this item.
string $value: The value of the item. If not set $cur_profile[$key] is assumed.
string $permission: Permission required for this item (Excluded _any/_own subfix which is applied automatically).
function $input_validate: A runtime function which validates the element before going to the database. It is passed
the relevant $_POST element if it exists and should be treated like a reference.
Return types:
- true: Element can be stored.
- false: Skip this element.
- a text string: An error occured - this is the error message.
function $preload: A function that is used to load data required for this element to be displayed. Must return
true to be displayed at all.
string $cast_type: If set casts the element to a certain type. Valid types (bool, int, float).
string $save_key: If the index of this element isn't the database column name it can be overriden
with this string.
bool $is_dummy: If set then nothing is acted upon for this element.
bool $enabled: A test to determine whether this is even available - if not is unset.
string $link_with: Key which links this field to an overall set.
Note that all elements that have a custom input_validate must ensure they set the value of $cur_profile correct to enable
the changes to be displayed correctly on submit of the form.
*/
$profile_fields = array('avatar_choice' => array('type' => 'callback_template', 'callback_name' => 'profile/avatar_select', 'preload' => 'profileLoadAvatarData', 'input_validate' => 'profileSaveAvatarData', 'save_key' => 'avatar'), 'bday1' => array('type' => 'callback_template', 'callback_name' => 'profile/birthdate_select', 'permission' => 'profile_extra', 'preload' => function () {
global $cur_profile, $context;
// Split up the birthdate....
list($uyear, $umonth, $uday) = explode('-', empty($cur_profile['birthdate']) || $cur_profile['birthdate'] == '0001-01-01' ? '0000-00-00' : $cur_profile['birthdate']);
$context['member']['birth_date'] = array('year' => $uyear == '0004' ? '0000' : $uyear, 'month' => $umonth, 'day' => $uday);
return true;
}, 'input_validate' => function (&$value) {
global $profile_vars, $cur_profile;
if (isset($_POST['bday2'], $_POST['bday3']) && $value > 0 && $_POST['bday2'] > 0) {
// Set to blank?
if ((int) $_POST['bday3'] == 1 && (int) $_POST['bday2'] == 1 && (int) $value == 1) {
$value = '0001-01-01';
} else {
$value = checkdate($value, $_POST['bday2'], $_POST['bday3'] < 4 ? 4 : $_POST['bday3']) ? sprintf('%04d-%02d-%02d', $_POST['bday3'] < 4 ? 4 : $_POST['bday3'], $_POST['bday1'], $_POST['bday2']) : '0001-01-01';
}
} else {
$value = '0001-01-01';
}
$profile_vars['birthdate'] = $value;
$cur_profile['birthdate'] = $value;
return false;
}), 'birthdate' => array('type' => 'hidden', 'permission' => 'profile_extra', 'input_validate' => function (&$value) {
global $cur_profile;
// !!! Should we check for this year and tell them they made a mistake :P? (based on coppa at least?)
if (preg_match('/(\\d{4})[\\-\\., ](\\d{2})[\\-\\., ](\\d{2})/', $value, $dates) === 1) {
$value = checkdate($dates[2], $dates[3], $dates[1] < 4 ? 4 : $dates[1]) ? sprintf('%04d-%02d-%02d', $dates[1] < 4 ? 4 : $dates[1], $dates[2], $dates[3]) : '0001-01-01';
return true;
} else {
$value = empty($cur_profile['birthdate']) ? '0001-01-01' : $cur_profile['birthdate'];
return false;
}
}), 'date_registered' => array('type' => 'text', 'value' => empty($cur_profile['date_registered']) ? $txt['not_applicable'] : strftime('%Y-%m-%d', $cur_profile['date_registered'] + ($user_info['time_offset'] + $modSettings['time_offset']) * 3600), 'label' => $txt['date_registered'], 'log_change' => true, 'permission' => 'moderate_forum', 'input_validate' => function (&$value) {
global $txt, $user_info, $modSettings, $cur_profile, $context;
// Bad date! Go try again - please?
if (($value = strtotime($value)) === -1) {
$value = $cur_profile['date_registered'];
return $txt['invalid_registration'] . ' ' . strftime('%d %b %Y ' . (strpos($user_info['time_format'], '%H') !== false ? '%I:%M:%S %p' : '%H:%M:%S'), forum_time(false));
} elseif ($value != $txt['not_applicable'] && $value != strtotime(strftime('%Y-%m-%d', $cur_profile['date_registered'] + ($user_info['time_offset'] + $modSettings['time_offset']) * 3600))) {
$value = $value - ($user_info['time_offset'] + $modSettings['time_offset']) * 3600;
} else {
$value = $cur_profile['date_registered'];
}
return true;
}), 'email_address' => array('type' => 'text', 'label' => $txt['email'], 'subtext' => $txt['valid_email'], 'log_change' => true, 'permission' => 'profile_identity', 'input_validate' => function (&$value) {
global $context, $old_profile, $context, $profile_vars, $sourcedir, $modSettings;
if (strtolower($value) == strtolower($old_profile['email_address'])) {
return false;
}
$isValid = profileValidateEmail($value, $context['id_member']);
// Do they need to revalidate? If so schedule the function!
if ($isValid === true && !empty($modSettings['send_validation_onChange']) && !allowedTo('moderate_forum')) {
require_once $sourcedir . '/lib/Subs-Members.php';
$profile_vars['validation_code'] = generateValidationCode();
$profile_vars['is_activated'] = 2;
$context['profile_execute_on_save'][] = 'profileSendActivation';
unset($context['profile_execute_on_save']['reload_user']);
}
return $isValid;
}), 'gender' => array('type' => 'select', 'cast_type' => 'int', 'options' => 'return array(0 => \'\', 1 => $txt[\'male\'], 2 => $txt[\'female\']);', 'label' => $txt['gender'], 'permission' => 'profile_extra'), 'hide_email' => array('type' => 'check', 'value' => empty($cur_profile['hide_email']) ? true : false, 'label' => $txt['allow_user_email'], 'permission' => 'profile_identity', 'input_validate' => function (&$value) {
$value = $value == 0 ? 1 : 0;
return true;
}), 'id_group' => array('type' => 'callback_template', 'callback_name' => 'profile/group_manage', 'permission' => 'manage_membergroups', 'preload' => 'profileLoadGroups', 'log_change' => true, 'input_validate' => 'profileSaveGroups'), 'id_theme' => array('type' => 'callback_template', 'callback_name' => 'profile/theme_pick', 'permission' => 'profile_extra', 'enabled' => $modSettings['theme_allow'] || allowedTo('admin_forum'), 'preload' => function () {
global $context, $cur_profile, $txt;
$request = smf_db_query('SELECT value
FROM {db_prefix}themes
WHERE id_theme = {int:id_theme}
AND variable = {string:variable}
LIMIT 1', array('id_theme' => $cur_profile['id_theme'], 'variable' => 'name'));
list($name) = mysql_fetch_row($request);
mysql_free_result($request);
$context['member']['theme'] = array('id' => $cur_profile['id_theme'], 'name' => empty($cur_profile['id_theme']) ? $txt['theme_forum_default'] : $name);
return true;
}, 'input_validate' => function (&$value) {
$value = (int) $value;
return true;
}), 'karma_good' => array('type' => 'callback_template', 'callback_name' => 'profile/reputation_display', 'permission' => 'admin_forum', 'input_validate' => function (&$value) {
global $profile_vars, $cur_profile;
$value = (int) $value;
if (isset($_POST['karma_bad'])) {
$profile_vars['karma_bad'] = $_POST['karma_bad'] != '' ? (int) $_POST['karma_bad'] : 0;
$cur_profile['karma_bad'] = $_POST['karma_bad'] != '' ? (int) $_POST['karma_bad'] : 0;
}
return true;
}, 'preload' => function () {
global $context, $cur_profile;
//$context['member']['karma']['good'] = $cur_profile['karma_good'];
//$context['member']['karma']['bad'] = $cur_profile['karma_bad'];
return true;
}, 'enabled' => !empty($modSettings['karmaMode'])), 'lngfile' => array('type' => 'select', 'options' => 'return $context[\'profile_languages\'];', 'label' => $txt['preferred_language'], 'permission' => 'profile_identity', 'preload' => 'profileLoadLanguages', 'enabled' => !empty($modSettings['userLanguage']), 'value' => empty($cur_profile['lngfile']) ? $language : $cur_profile['lngfile'], 'input_validate' => function (&$value) {
global $context, $cur_profile;
// Load the languages.
profileLoadLanguages();
if (isset($context['profile_languages'][$value])) {
if ($context['user']['is_owner']) {
$_SESSION['language'] = $value;
}
return true;
} else {
$value = $cur_profile['lngfile'];
return false;
}
}), 'location' => array('type' => 'text', 'label' => $txt['location'], 'log_change' => true, 'size' => 50, 'permission' => 'profile_extra'), 'member_name' => array('type' => allowedTo('admin_forum') && isset($_GET['changeusername']) ? 'text' : 'label', 'label' => $txt['username'], 'subtext' => allowedTo('admin_forum') && !isset($_GET['changeusername']) ? '(<a href="' . $scripturl . '?action=profile;u=' . $context['id_member'] . ';area=account;changeusername" style="font-style: italic;">' . $txt['username_change'] . '</a>)' : '', 'log_change' => true, 'permission' => 'profile_identity', 'prehtml' => allowedTo('admin_forum') && isset($_GET['changeusername']) ? '<div class="alert">' . $txt['username_warning'] . '</div>' : '', 'input_validate' => function (&$value) {
global $sourcedir, $context, $user_info, $cur_profile;
if (allowedTo('admin_forum')) {
// We\'ll need this...
require_once $sourcedir . '/lib/Subs-Auth.php';
// Maybe they are trying to change their password as well?
$resetPassword = true;
if (isset($_POST['passwrd1']) && $_POST['passwrd1'] != '' && isset($_POST['passwrd2']) && $_POST['passwrd1'] == $_POST['passwrd2'] && validatePassword($_POST['passwrd1'], $value, array($cur_profile['real_name'], $user_info['username'], $user_info['name'], $user_info['email'])) == null) {
$resetPassword = false;
}
// Do the reset... this will send them an email too.
if ($resetPassword) {
resetPassword($context['id_member'], $value);
} elseif ($value !== null) {
validateUsername($context['id_member'], $value);
updateMemberData($context['id_member'], array('member_name' => $value));
}
}
return false;
}), 'passwrd1' => array('type' => 'password', 'label' => $txt['choose_pass'], 'subtext' => $txt['password_strength'], 'size' => 20, 'value' => '', 'enabled' => empty($cur_profile['openid_uri']), 'permission' => 'profile_identity', 'save_key' => 'passwd', 'input_validate' => function (&$value) {
global $sourcedir, $user_info, $smcFunc, $cur_profile;
// If we didn\'t try it then ignore it!
if ($value == '') {
return false;
}
// Do the two entries for the password even match?
if (!isset($_POST['passwrd2']) || $value != $_POST['passwrd2']) {
return 'bad_new_password';
}
// Let\'s get the validation function into play...
require_once $sourcedir . '/lib/Subs-Auth.php';
$passwordErrors = validatePassword($value, $cur_profile['member_name'], array($cur_profile['real_name'], $user_info['username'], $user_info['name'], $user_info['email']));
// Were there errors?
if ($passwordErrors != null) {
return 'password_' . $passwordErrors;
}
// Set up the new password variable... ready for storage.
$value = sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($value));
return true;
}), 'passwrd2' => array('type' => 'password', 'label' => $txt['verify_pass'], 'enabled' => empty($cur_profile['openid_uri']), 'size' => 20, 'value' => '', 'permission' => 'profile_identity', 'is_dummy' => true), 'personal_text' => array('type' => 'text', 'label' => $txt['personal_text'], 'log_change' => true, 'input_attr' => array('maxlength="50"'), 'size' => 50, 'permission' => 'profile_extra'), 'pm_prefs' => array('type' => 'callback_template', 'callback_name' => 'pm/settings', 'permission' => 'pm_read', 'preload' => function () {
global $context, $cur_profile;
$context['display_mode'] = $cur_profile['pm_prefs'] & 3;
$context['send_email'] = $cur_profile['pm_email_notify'];
$context['receive_from'] = !empty($cur_profile['pm_receive_from']) ? $cur_profile['pm_receive_from'] : 0;
return true;
}, 'input_validate' => function (&$value) {
global $cur_profile, $profile_vars;
// Simple validate and apply the two "sub settings"
$value = max(min($value, 2), 0);
$cur_profile['pm_email_notify'] = $profile_vars['pm_email_notify'] = max(min((int) $_POST['pm_email_notify'], 2), 0);
$cur_profile['pm_receive_from'] = $profile_vars['pm_receive_from'] = max(min((int) $_POST['pm_receive_from'], 4), 0);
return true;
}), 'posts' => array('type' => 'int', 'label' => $txt['profile_posts'], 'log_change' => true, 'size' => 7, 'permission' => 'moderate_forum', 'input_validate' => function (&$value) {
$value = $value != '' ? strtr($value, array(',' => '', '.' => '', ' ' => '')) : 0;
return true;
}), 'real_name' => array('type' => !empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum') ? 'text' : 'label', 'label' => $txt['name'], 'subtext' => $txt['display_name_desc'], 'log_change' => true, 'input_attr' => array('maxlength="60"'), 'permission' => 'profile_identity', 'enabled' => !empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'), 'input_validate' => function (&$value) {
global $context, $smcFunc, $sourcedir, $cur_profile;
$value = trim(preg_replace('~[\\s]~' . ($context['utf8'] ? 'u' : ''), ' ', $value));
if (trim($value) == '') {
return 'no_name';
} elseif (CommonAPI::strlen($value) > 60) {
return 'name_too_long';
} elseif ($cur_profile['real_name'] != $value) {
require_once $sourcedir . '/lib/Subs-Members.php';
if (isReservedName($value, $context['id_member'])) {
return 'name_taken';
}
}
return true;
}), 'secret_question' => array('type' => 'text', 'label' => $txt['secret_question'], 'subtext' => $txt['secret_desc'], 'size' => 50, 'permission' => 'profile_identity'), 'secret_answer' => array('type' => 'text', 'label' => $txt['secret_answer'], 'subtext' => $txt['secret_desc2'], 'size' => 20, 'postinput' => '<span class="smalltext" style="margin-left: 4ex;"><a href="' . $scripturl . '?action=helpadmin;help=secret_why_blank" onclick="return reqWin(this.href);">' . $txt['secret_why_blank'] . '</a></span>', 'value' => '', 'permission' => 'profile_identity', 'input_validate' => function (&$value) {
$value = $value != '' ? md5($value) : '';
return true;
}), 'signature' => array('type' => 'callback_template', 'callback_name' => allowedTo('profile_signature') ? 'profile/signature_modify' : 'profile/signature_cannot_modify', 'permission' => 'profile_extra', 'enabled' => substr($modSettings['signature_settings'], 0, 1) == 1, 'preload' => 'profileLoadSignatureData', 'input_validate' => 'profileValidateSignature'), 'show_online' => array('type' => 'check', 'label' => $txt['show_online'], 'permission' => 'profile_identity', 'enabled' => !empty($modSettings['allow_hideOnline']) || allowedTo('moderate_forum')), 'smiley_set' => array('type' => 'callback_template', 'callback_name' => 'profile/smiley_pick', 'enabled' => !empty($modSettings['smiley_sets_enable']), 'permission' => 'profile_extra', 'preload' => function () {
global $modSettings, $context, $txt, $cur_profile;
$context['member']['smiley_set']['id'] = empty($cur_profile['smiley_set']) ? '' : $cur_profile['smiley_set'];
$context['smiley_sets'] = explode(',', 'none,,' . $modSettings['smiley_sets_known']);
$set_names = explode("\n", $txt['smileys_none'] . "\n" . $txt['smileys_forum_board_default'] . "\n" . $modSettings['smiley_sets_names']);
foreach ($context['smiley_sets'] as $i => $set) {
$context['smiley_sets'][$i] = array('id' => htmlspecialchars($set), 'name' => htmlspecialchars($set_names[$i]), 'selected' => $set == $context['member']['smiley_set']['id']);
if ($context['smiley_sets'][$i]['selected']) {
$context['member']['smiley_set']['name'] = $set_names[$i];
}
}
return true;
}, 'input_validate' => function (&$value) {
global $modSettings;
$smiley_sets = explode(',', $modSettings['smiley_sets_known']);
if (!in_array($value, $smiley_sets) && $value != 'none') {
$value = '';
}
return true;
}), 'theme_settings' => array('type' => 'callback_template', 'callback_name' => 'profile/theme_settings', 'permission' => 'profile_extra', 'is_dummy' => true, 'preload' => function () {
loadLanguage('Settings');
return true;
}), 'time_format' => array('type' => 'callback_template', 'callback_name' => 'profile/timeformat_modify', 'permission' => 'profile_extra', 'preload' => function () {
global $context, $user_info, $txt, $cur_profile, $modSettings;
$context['easy_timeformats'] = array(array('format' => '', 'title' => $txt['timeformat_default']), array('format' => '%B %d, %Y, %I:%M:%S %p', 'title' => $txt['timeformat_easy1']), array('format' => '%B %d, %Y, %H:%M:%S', 'title' => $txt['timeformat_easy2']), array('format' => '%Y-%m-%d, %H:%M:%S', 'title' => $txt['timeformat_easy3']), array('format' => '%d %B %Y, %H:%M:%S', 'title' => $txt['timeformat_easy4']), array('format' => '%d-%m-%Y, %H:%M:%S', 'title' => $txt['timeformat_easy5']));
$context['member']['time_format'] = $cur_profile['time_format'];
$context['current_forum_time'] = strftime($modSettings['time_format'], forum_time(false)) . ' ' . date_default_timezone_get();
$context['current_forum_time_js'] = strftime('%Y,' . ((int) strftime('%m', time() + $modSettings['time_offset'] * 3600) - 1) . ',%d,%H,%M,%S', time() + $modSettings['time_offset'] * 3600);
$context['current_forum_time_hour'] = (int) strftime('%H', forum_time(false));
return true;
}), 'time_offset' => array('type' => 'callback_template', 'callback_name' => 'profile/timeoffset_modify', 'permission' => 'profile_extra', 'preload' => function () {
global $context, $cur_profile;
$context['member']['time_offset'] = $cur_profile['time_offset'];
return true;
}, 'input_validate' => function (&$value) {
// Validate the time_offset...
$value = (double) strtr($value, ',', '.');
if ($value < -23.5 || $value > 23.5) {
return 'bad_offset';
}
return true;
}), 'usertitle' => array('type' => 'text', 'label' => $txt['custom_title'], 'log_change' => true, 'size' => 50, 'permission' => 'profile_title', 'input_attr' => array('maxlength="50"'), 'enabled' => !empty($modSettings['titlesEnable'])));
$disabled_fields = !empty($modSettings['disabled_profile_fields']) ? explode(',', $modSettings['disabled_profile_fields']) : array();
// For each of the above let's take out the bits which don't apply - to save memory and security!
foreach ($profile_fields as $key => $field) {
// Do we have permission to do this?
if (isset($field['permission']) && !allowedTo($context['user']['is_owner'] ? array($field['permission'] . '_own', $field['permission'] . '_any') : $field['permission'] . '_any') && !allowedTo($field['permission'])) {
unset($profile_fields[$key]);
}
// Is it enabled?
if (isset($field['enabled']) && !$field['enabled']) {
unset($profile_fields[$key]);
}
// Is it specifically disabled?
if (in_array($key, $disabled_fields) || isset($field['link_with']) && in_array($field['link_with'], $disabled_fields)) {
unset($profile_fields[$key]);
}
}
}
}
if ($decoded != null) {
if ($decoded->function == 'login') {
login($decoded->mail, $decoded->password);
} else {
if ($decoded->function == 'checkLastLogin') {
checkLastLogin($decoded->userid);
} else {
if ($decoded->function == 'create') {
create($decoded->user);
} else {
if ($decoded->function == 'getClienteByEmail') {
getClienteByEmail($decoded->email);
} else {
if ($decoded->function == 'resetPassword') {
resetPassword($decoded->cliente_id, $decoded->new_password);
} else {
if ($decoded->function == 'getClienteByEmailAndPassword') {
getClienteByEmailAndPassword($decoded->email, $decoded->password);
} else {
if ($decoded->function == 'existeCliente') {
existeCliente($decoded->username);
} else {
if ($decoded->function == 'changePassword') {
changePassword($decoded->cliente_id, $decoded->pass_old, $decoded->pass_new);
} else {
if ($decoded->function == 'getHistoricoPedidos') {
getHistoricoPedidos($decoded->cliente_id);
} else {
if ($decoded->function == 'update') {
update($decoded->user);
<?php
return function ($site, $pages, $page) {
// Honeypot trap for robots
if (r::is('post') and get('subject') != '') {
go(url('error'));
}
// Process reset form
if (r::is('post') and get('reset') !== null) {
if (resetPassword(get('email'))) {
$reset_message = l::get('reset-success');
} else {
$reset_message = l::get('reset-error');
}
} else {
$reset_message = false;
}
// Pass variables to the template
return ['reset_message' => $reset_message];
};
/**
*
*/
function createNewPassword(&$dbHandler, &$argsObj, &$userObj, $newPasswordSendMethod)
{
$op = new stdClass();
$op->user_feedback = '';
$op->new_password = '';
// Try to validate mail configuration
//
// From Zend Documentation
// You may find you also want to match IP addresses, Local hostnames, or a combination of all allowed types.
// This can be done by passing a parameter to Zend_Validate_Hostname when you instantiate it.
// The paramter should be an integer which determines what types of hostnames are allowed.
// You are encouraged to use the Zend_Validate_Hostname constants to do this.
// The Zend_Validate_Hostname constants are: ALLOW_DNS to allow only DNS hostnames, ALLOW_IP to allow IP addresses,
// ALLOW_LOCAL to allow local network names, and ALLOW_ALL to allow all three types.
//
$validator = new Zend_Validate_Hostname(Zend_Validate_Hostname::ALLOW_ALL);
$smtp_host = config_get('smtp_host');
$password_on_screen = $newPasswordSendMethod == 'display_on_screen';
if ($validator->isValid($smtp_host) || $password_on_screen) {
$dummy = resetPassword($dbHandler, $argsObj->user_id, $newPasswordSendMethod);
$op->user_feedback = $dummy['msg'];
$op->status = $dummy['status'];
$op->new_password = $dummy['password'];
if ($op->status >= tl::OK) {
logAuditEvent(TLS("audit_pwd_reset_requested", $userObj->login), "PWD_RESET", $argsObj->user_id, "users");
$op->user_feedback = lang_get('password_reseted');
if ($password_on_screen) {
$op->user_feedback = lang_get('password_set') . $dummy['password'];
}
} else {
$op->user_feedback = sprintf(lang_get('password_cannot_be_reseted_reason'), $op->user_feedback);
}
} else {
$op->status = tl::ERROR;
$op->user_feedback = lang_get('password_cannot_be_reseted_invalid_smtp_hostname');
}
return $op;
}
<?php
session_start();
include "dbconnection.php";
$userId = clean($_REQUEST['userId']);
$email = clean($_REQUEST['email']);
$password = clean(md5($_REQUEST['password']));
$appaskey = clean($_REQUEST['passkey']);
$verificationcode = generateCode(8);
$result = getUserByEmail($email);
$user = mysql_fetch_array($result);
if ($appaskey == $user['verificationcode']) {
resetPassword($userId, $email, $password, $verificationcode);
header("location:forgot_password.php?reset");
} else {
header("location:forgot_password.php?verfify");
}
$gui->page_title = lang_get('page_title_lost_passwd');
$gui->note = lang_get('your_info_for_passwd');
$op = doDBConnect($db);
if ($op['status'] == 0) {
$smarty = new TLSmarty();
$smarty->assign('title', lang_get('fatal_page_title'));
$smarty->assign('msg', $op['dbms_msg']);
$smarty->display('fatal_error.tpl');
exit;
}
if ($args->login != "" && !$gui->external_password_mgmt) {
$userID = tlUser::doesUserExist($db, $args->login);
if (!$userID) {
$gui->note = lang_get('bad_user');
} else {
$result = resetPassword($db, $userID, $gui->note);
if ($result >= tl::OK) {
$user = new tlUser($userID);
if ($user->readFromDB($db) >= tl::OK) {
logAuditEvent(TLS("audit_pwd_reset_requested", $user->login), "PWD_RESET", $userID, "users");
}
redirect(TL_BASE_HREF . "login.php?note=lost");
exit;
} else {
if ($result == tlUser::E_EMAILLENGTH) {
$gui->note = lang_get('mail_empty_address');
} else {
if ($note != "") {
$gui->note = getUserErrorMessage($result);
}
}
if ($userRows) {
$users = array('success' => TRUE, 'users' => $userRows);
print json_encode($users);
} else {
print json_encode(array('success' => FALSE));
}
} else {
if ($mode == 'add') {
$newUser = array('username' => $_POST['username'], 'domainId' => $_POST['domain'], 'pass' => $_POST['password'], 'repPass' => $_POST['reppassword'], 'name' => $_POST['name'], 'local' => $_POST['local'], 'active' => $_POST['active']);
addUser($newUser);
} else {
if ($mode == 'resetPassword') {
$user = $_POST['user'];
$pass = $_POST['password'];
$reppass = $_POST['password'];
resetPassword($user, $pass, $reppass);
} else {
if ($mode == 'save') {
$update = $_POST['update'];
$remove = $_POST['remove'];
if ($update) {
$updates = json_decode($update);
foreach ($updates as $tmpUser) {
$userId = $tmpUser->user_id;
$description = trim($tmpUser->name);
$local = $tmpUser->local;
$active = $tmpUser->active;
modifyUser($userId, $description, $local, $active);
}
}
if ($remove) {
}
//$nombreDirectorio = "img/";
$profilePicture = $_FILES["profilePicture"]["name"];
$nombreCompletoProfile = $nombreDirectorio . $profilePicture;
if (is_file($nombreCompletoProfile)) {
$idUnico = time();
$profilePicture = $idUnico . "-" . $profilePicture;
} else {
if ($_FILES['profilePicture']['error'] == UPLOAD_ERR_FORM_SIZE) {
$maxsize = $_REQUEST['MAX_FILE_SIZE'];
$errores["profilePicture"] = "El tamaño del archivo supera el limite permitido ({$maxsize} bytes)!";
$error = true;
} else {
if ($_FILES['profilePicture']['name'] == "") {
$profilePicture = '';
}
}
}
// Create
include "../Model/profileUpdateQuery.php";
resetPassword($email, $userName, $age, $birthday, $gender);
move_uploaded_file($_FILES['profilePicture']['tmp_name'], $nombreDirectorio . $profilePicture);
move_uploaded_file($_FILES['profilePicture']['tmp_name'], $nombreDirectorio . $coverPicture);
session_start();
$_SESSION['email'] = $email;
header("location:../View/profileView.php");
/*move_uploaded_file ($_FILES['co']['tmp_name'],
$nombreDirectorio . $coverPicture); */
?>
</body>
</html>
}
}
if (!empty($_GET['refererURI'])) {
$_POST['refererURI'] = $_GET['refererURI'];
} else {
$_POST['refererURI'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
}
$message = '';
$showPasswordReset = false;
if (isset($_GET['session']) && isset($_GET['requestURI'])) {
setcookie(Session::getName(), $_GET['session'], 0, $context->getProperty('service.session_cookie_path'), $context->getProperty('service.session_cookie_domain'));
header('Location: ' . $_GET['requestURI']);
exit;
} else {
if (!empty($_POST['loginid']) && !empty($_POST['reset'])) {
if (resetPassword($blogid, $_POST['loginid'])) {
$message = _text('지정된 이메일로 로그인 정보가 전달되었습니다.');
} else {
$message = _text('권한이 없습니다.');
}
} else {
if (!empty($_POST['loginid']) && !empty($_POST['password'])) {
if (!empty($_POST['autologin'])) {
$isLogin = login($_POST['loginid'], $_POST['password'], Timestamp::getUNIXtime() + $context->getProperty('service.autologinTimeout'));
} else {
$isLogin = login($_POST['loginid'], $_POST['password'], Timestamp::getUNIXtime() + $context->getProperty('service.timeout'));
}
if (!$isLogin) {
$message = _text('아이디 또는 비밀번호가 틀렸습니다.');
if (!doesHaveMembership() && isLoginId(getBlogId(), $_POST['loginid'])) {
$showPasswordReset = true;
