| [ Index ] |
PHP Cross Reference of e107 v1 |
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 + ----------------------------------------------------------------------------+ 4 | e107 website system 5 | 6 | Copyright (C) 2001-2002 Steve Dunstan (jalist@e107.org) 7 | Copyright (C) 2008-2010 e107 Inc (e107.org) 8 | 9 | 10 | Released under the terms and conditions of the 11 | GNU General Public License (http://gnu.org). 12 | 13 | $URL: https://e107.svn.sourceforge.net/svnroot/e107/trunk/e107_0.7/fpw.php $ 14 | $Id: fpw.php 12322 2011-07-22 12:32:50Z secretr $ 15 +----------------------------------------------------------------------------+ 16 */ 17 define('e_NOCACHE',TRUE); 18 if(isset($_POST['pwsubmit']) && !isset($_POST['e-token'])) 19 { 20 $_POST['e-token'] = ''; 21 } 22 require_once ("class2.php"); 23 24 if(USER) 25 { 26 header("location:".e_BASE."index.php"); 27 exit; 28 } 29 30 if($pref['fpwcode'] && extension_loaded("gd")) 31 { 32 define("USE_IMAGECODE",TRUE); 33 } 34 else 35 { 36 define("USE_IMAGECODE",FALSE); 37 } 38 39 40 if (USE_IMAGECODE) 41 { 42 require_once(e_HANDLER."secure_img_handler.php"); 43 $sec_img = new secure_image; 44 } 45 46 47 48 if ($pref['membersonly_enabled']) 49 { 50 $sc = array ( 51 'FPW_LOGIN_LOGO' => file_exists(THEME."images/login_logo.png") ? "<img src='".THEME_ABS."images/login_logo.png' alt='' />\n" : "<img src='".e_IMAGE_ABS."logo.png' alt='' />\n" 52 ); 53 54 //if (!$FPW_TABLE_HEADER) 55 { 56 if (file_exists(THEME."fpw_template.php")) 57 { 58 require_once(THEME."fpw_template.php"); 59 } 60 else 61 { 62 require_once(e_THEME."templates/fpw_template.php"); 63 } 64 } 65 $HEADER = $tp->simpleParse($FPW_TABLE_HEADER, $sc); 66 $FOOTER = $tp->simpleParse($FPW_TABLE_FOOTER, $sc); 67 } 68 69 require_once(HEADERF); 70 71 72 function fpw_error($txt) 73 { 74 global $ns; 75 $ns->tablerender(LAN_03, "<div style='text-align:center'>".$txt."</div>"); 76 require_once(FOOTERF); 77 exit; 78 } 79 80 81 //the separator character used 82 $fpw_sep = "#"; 83 84 85 86 if (e_QUERY) 87 { // User has clicked on the emailed link 88 define("FPW_ACTIVE","TRUE"); 89 $tmp = explode($fpw_sep, e_QUERY); 90 $tmpinfo = preg_replace("#[\W_]#", "", $tp -> toDB($tmp[0], true)); 91 if ($sql->db_Select("tmp", "*", "`tmp_info` LIKE '%{$fpw_sep}{$tmpinfo}' ")) 92 { 93 $row = $sql->db_Fetch(); 94 extract($row); 95 $sql->db_Delete("tmp", "`tmp_info` LIKE '%{$fpw_sep}{$tmpinfo}' "); 96 $newpw = ""; 97 $pwlen = rand(8, 12); 98 for($a = 0; $a <= $pwlen; $a++) 99 { 100 $newpw .= chr(rand(97, 122)); 101 } 102 $mdnewpw = md5($newpw); // Generate new random password 103 104 list($loginName, $md5) = explode($fpw_sep, $tmp_info); 105 $sql->db_Update("user", "`user_password`='{$mdnewpw}', `user_viewed`='' WHERE `user_loginname`='".$tp -> toDB($loginName, true)."' "); 106 cookie($pref['cookie_name'], "", (time()-2592000)); 107 $_SESSION[$pref['cookie_name']] = ""; 108 109 $txt = "<div>".LAN_FPW8."<br /><br /> 110 <table style='width:70%'> 111 <tr><td>".LAN_218."</td><td style='font-weight:bold'>{$loginName}</td></tr> 112 <tr><td>".LAN_FPW9."</td><td style='font-weight:bold'>{$newpw}</td></tr> 113 </table> 114 <br /><br />".LAN_FPW10." <a href=\"".e_LOGIN."\">".LAN_FPW11."</a> ".LAN_FPW12."</div>"; 115 fpw_error($txt); 116 117 } 118 else 119 { 120 fpw_error(LAN_FPW7); 121 } 122 } 123 124 125 // Request to reset password 126 //-------------------------- 127 if (isset($_POST['pwsubmit'])) 128 { // Request for password reset submitted 129 require_once(e_HANDLER."mail.php"); 130 $email = $_POST['email']; 131 132 if ($pref['fpwcode'] && extension_loaded("gd")) 133 { 134 if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) 135 { 136 fpw_error(LAN_FPW3); 137 } 138 } 139 140 $clean_email = check_email($tp -> toDB($_POST['email'])); 141 // $clean_username = $tp -> toDB($_POST['username']); 142 $clean_username = $temp_name = str_replace('--', '', trim(preg_replace("/[\^\*\|\/;:#=\$'\"!#`\s\(\)%\?<>\\{}]/", '', $_POST['username']))); 143 144 145 $query = "`user_email`='{$clean_email}' "; 146 // Allow admins to remove 'username' from fpw_template.php if they wish. 147 $query .= (isset($_POST['username'])) ? " AND `user_loginname`='{$clean_username}'" : ""; 148 149 if ($sql->db_Select("user", "*", $query)) 150 { // Found user in DB 151 $row = $sql->db_Fetch(); 152 extract($row); 153 154 if ($row['user_admin'] == 1 && $row['user_perms'] == "0") 155 { // Main admin expected to be competent enough to never forget password! (And its a security check - so warn them) 156 sendemail($pref['siteadminemail'], LAN_06, LAN_07."".$e107->getip()." ".LAN_08); 157 echo "<script type='text/javascript'>document.location.href='index.php'</script>\n"; 158 die(); 159 } 160 161 if ($result = $sql->db_Select("tmp", "*", "`tmp_ip` = 'pwreset' AND `tmp_info` LIKE '{$row['user_loginname']}{$fpw_sep}%'")) 162 { 163 fpw_error(LAN_FPW4); 164 exit; 165 } 166 167 mt_srand ((double)microtime() * 1000000); 168 $maxran = 1000000; 169 $rand_num = mt_rand(0, $maxran); 170 $datekey = date("r"); 171 $rcode = md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey); 172 173 $link = SITEURL."fpw.php?{$rcode}"; 174 $message = LAN_FPW5." ".SITENAME." ".LAN_FPW14." : ".$e107->getip().".\n\n".LAN_FPW15."\n\n".LAN_FPW16."\n\n".LAN_FPW17."\n\n{$link}"; 175 // $message = LAN_FPW5."\n\n{$link}"; 176 177 $deltime = time()+86400 * 2; 178 //Set timestamp two days ahead so it doesn't get auto-deleted 179 $sql->db_Insert("tmp", "'pwreset',{$deltime},'{$row['user_loginname']}{$fpw_sep}{$rcode}'"); 180 181 182 if (sendemail($_POST['email'], "".LAN_09."".SITENAME, $message)) 183 { 184 $text = "<div style='text-align:center'>".LAN_FPW6."</div>"; 185 } 186 else 187 { 188 $text = "<div style='text-align:center'>".LAN_02."</div>"; 189 } 190 191 $ns->tablerender(LAN_03, $text); 192 require_once(FOOTERF); 193 exit; 194 } 195 else 196 { 197 $text = LAN_213; 198 $ns->tablerender(LAN_214, "<div style='text-align:center'>".$text."</div>"); 199 } 200 } 201 202 $sc = array(); 203 if (USE_IMAGECODE) 204 { 205 $sc = array ( 206 'FPW_TABLE_SECIMG_LAN' => LAN_FPW2, 207 'FPW_TABLE_SECIMG_HIDDEN' => "<input type='hidden' name='rand_num' value='".$sec_img->random_number."' />", 208 'FPW_TABLE_SECIMG_SECIMG' => $sec_img->r_image(), 209 'FPW_TABLE_SECIMG_TEXTBOC' => "<input class='tbox' type='text' name='code_verify' size='15' maxlength='20' />" 210 ); 211 } 212 213 if (!$FPW_TABLE) 214 { 215 if (file_exists(THEME."fpw_template.php")) 216 { 217 require_once(THEME."fpw_template.php"); 218 } 219 else 220 { 221 require_once(e_THEME."templates/fpw_template.php"); 222 } 223 } 224 $text = $tp->simpleParse($FPW_TABLE, $sc); 225 226 $ns->tablerender(LAN_03, $text); 227 require_once(FOOTERF); 228 229 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Mar 12 16:28:38 2012 | Cross Reference PHPXref |