XOOPS  2.6.0
lostpass.php
Go to the documentation of this file.
1 <?php
2 /*
3  You may not change or alter any portion of this comment or credits
4  of supporting developers from this source code or any supporting source code
5  which is considered copyrighted (c) material of the original comment or credit authors.
6 
7  This program is distributed in the hope that it will be useful,
8  but WITHOUT ANY WARRANTY; without even the implied warranty of
9  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10 */
11 
13 
24 include __DIR__ . DIRECTORY_SEPARATOR . 'mainfile.php';
26 $xoops->preload()->triggerEvent('core.lostpass.start');
27 
29 
30 $xoops->loadLanguage('user');
31 
32 $email = Request::getEmail('email', null, 'GET');
33 $email = Request::getEmail('email', $email, 'POST');
34 
35 if (empty($email)) {
36  $xoops->redirect("user.php", 2, XoopsLocale::NO_);
37  exit();
38 }
39 
40 $userHandler = Xoops::getInstance()->getHandlerUser();
41 $getuser = $userHandler->getObjects(new Criteria('email', $email));
42 
43 if (empty($getuser)) {
45  $xoops->redirect("user.php", 2, $msg);
46 } else {
47  $userObject = $getuser[0]; // what if there was more than one?
48  $code = Request::getCmd('code', '', 'GET');
49  $areyou = substr(md5($userObject->getVar("pass")), 0, 5);
50  if ($code != '' && $areyou == $code) {
51  $newpass = $xoops->makePass();
52  $xoopsMailer = $xoops->getMailer();
53  $xoopsMailer->useMail();
54  $xoopsMailer->setTemplate("lostpass2.tpl");
55  $xoopsMailer->assign("SITENAME", $xoops->getConfig('sitename'));
56  $xoopsMailer->assign("ADMINMAIL", $xoops->getConfig('adminmail'));
57  $xoopsMailer->assign("SITEURL", $xoops_url . "/");
58  $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
59  $xoopsMailer->assign("NEWPWD", $newpass);
60  $xoopsMailer->setToUsers($userObject);
61  $xoopsMailer->setFromEmail($xoops->getConfig('adminmail'));
62  $xoopsMailer->setFromName($xoops->getConfig('sitename'));
63  $xoopsMailer->setSubject(sprintf(XoopsLocale::F_NEW_PASSWORD_REQUEST_AT, \XoopsBaseConfig::get('url')));
64  if (!$xoopsMailer->send()) {
65  echo $xoopsMailer->getErrors();
66  }
67  // Next step: add the new password to the database
68  $userObject->setVar("pass", password_hash($newpass, PASSWORD_DEFAULT));
69  if (false === $userHandler->insert($userObject)) {
70  $xoops->header();
72  $xoops->footer();
73  }
74  $xoops->redirect("user.php", 3, sprintf(XoopsLocale::SF_PASSWORD_SENT_TO, $userObject->getVar("uname")), false);
75  // If no Code, send it
76  } else {
77  $xoopsMailer = $xoops->getMailer();
78  $xoopsMailer->useMail();
79  $xoopsMailer->setTemplate("lostpass1.tpl");
80  $xoopsMailer->assign("SITENAME", $xoops->getConfig('sitename'));
81  $xoopsMailer->assign("ADMINMAIL", $xoops->getConfig('adminmail'));
82  $xoopsMailer->assign("SITEURL", $xoops_url . "/");
83  $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
84  $xoopsMailer->assign("NEWPWD_LINK", $xoops_url . "/lostpass.php?email=" . $email . "&code=" . $areyou);
85  $xoopsMailer->setToUsers($userObject);
86  $xoopsMailer->setFromEmail($xoops->getConfig('adminmail'));
87  $xoopsMailer->setFromName($xoops->getConfig('sitename'));
88  $xoopsMailer->setSubject(sprintf(XoopsLocale::F_NEW_PASSWORD_REQUEST_AT, $xoops->getConfig('sitename')));
89  $xoops->header();
90  if (!$xoopsMailer->send()) {
91  echo $xoopsMailer->getErrors();
92  }
93  echo "<h4>";
94  printf(XoopsLocale::F_CONFIRMATION_EMAIL_SENT, $userObject->getVar("uname"));
95  echo "</h4>";
96  $xoops->footer();
97  }
98 }
if(empty($email)) $userHandler
Definition: lostpass.php:40
const F_NEW_PASSWORD_REQUEST_AT
Definition: en_US.php:430
static getInstance()
Definition: Xoops.php:160
const E_USER_NOT_UPDATED
Definition: en_US.php:378
$_SERVER['REQUEST_URI']
$xoops
Definition: lostpass.php:25
exit
Definition: browse.php:104
defined('DS') or define('DS' DIRECTORY_SEPARATOR
Definition: common.php:41
$getuser
Definition: lostpass.php:41
const SF_PASSWORD_SENT_TO
Definition: en_US.php:991
$xoops_url
Definition: lostpass.php:28
static get($name)
$areyou
Definition: lostpass.php:49
if(!is_object($module)||!$module->getVar('isactive')) $msg
Definition: groupperm.php:38
const F_CONFIRMATION_EMAIL_SENT
Definition: en_US.php:403
const E_NO_USER_FOUND
Definition: en_US.php:356
$email
Definition: lostpass.php:32
$code
Definition: lostpass.php:48