$tpl->set_block("forgotpassword", "success"); $tpl->set_block("forgotpassword", "unknown"); $page = $_REQUEST['page']; if (!isset($page)) { $page = "/"; } /* FIXME: Dumb workaround */ unset($tpl->varkeys["PAGE"]); unset($tpl->varvals["PAGE"]); $tpl->set_var("PAGE", $page); /* forgotpassword might get a POST with submit/email, or a simple GET with email */ if (isset($_REQUEST['email'])) { $email = $_REQUEST['email']; $tpl->set_var("EMAIL", $email); $user = new AccountUser(); $user->find_by_email($email); if (!$user->valid()) { $tpl->set_var("success", ""); } else { $user->forgotpassword(); $user->update(); $tpl->set_var("unknown", ""); $tpl->set_var("form", ""); } } else { $tpl->set_var("EMAIL", ""); $tpl->set_var("unknown", ""); $tpl->set_var("success", ""); } print generate_page('Forgot Password', $tpl->parse("content", "forgotpassword"));
if ($password1 != $password2) { $error .= "Passwords do not match, please check and try again\n"; } else { $user->password($password1); } } } } else { $tpl->set_var(array("error" => "", "name" => "", "email" => "", "password" => "")); } if (empty($error)) { if (($user->status == 'Suspended' || $user->status == 'Deleted') && (isset($user->update['name']) || isset($update_email))) { echo "You are suspended or deleted and not allowed to change your screen name or email address\n"; exit; } if (!$user->update()) { if (!$user->name) { $error .= "The name '{$name}' is taken\n"; } else { if (!$user->shortname) { $error .= "The name '{$name}' is too similar to a name already taken\n"; } } } else { $tpl->set_var("NAME", $name); } } if (isset($update_email) && empty($error)) { $email_tid = $user->verify_email($update_email); if (!$email_tid) { $error .= "The email address '{$update_email}' is already used by another account\n";
$tpl->set_var("COOKIE", $cookie); } else { err_not_found('No cookie'); } } else { $user = new AccountUser(); $user->find_by_aid((int) $pending['aid']); if (!$user->valid()) { $error = "invalid_aid"; } else { db_exec("update u_pending set status = 'Done' where tid = ?", array($pending['tid'])); switch ($pending['type']) { case "NewAccount": if ($user->status == 'Create') { $user->status("Active"); if (!$user->update()) { $error = "activate_failed"; } else { $success = "create"; } } else { $success = "create"; } /* HACK: Workaround lame template engine */ $_domain = $tpl->get_var("DOMAIN"); unset($tpl->varkeys["DOMAIN"]); unset($tpl->varvals["DOMAIN"]); $tpl->set_var("DOMAIN", $_domain); $user->setcookie(); break; case "ChangeEmail":
$user->req("ForumAdmin"); if (!is_valid_integer($_GET['aid'])) { Header("Location: /admin/?message=" . urlencode("No AID!")); exit; } if (!$user->is_valid_token($_REQUEST['token'])) { err_not_found('Invalid token'); } $aid = $_GET['aid']; $uuser = new AccountUser(); $uuser->find_by_aid((int) $aid); if (!$uuser->valid()) { Header("Location: /admin/?message=" . urlencode("Invalid AID {$aid}")); exit; } if (isset($_GET['undo'])) { if ($uuser->status == "Suspended") { $uuser->status("Active"); $uuser->update(); } } else { if ($uuser->status == "Active") { $uuser->status("Suspended"); $uuser->update(); } } if (!isset($_GET['page'])) { Header("Location: /account/{$aid}.phtml"); } else { Header("Location: " . $_GET['page']); }