source: trunk/password.php @ 4423

Revision 4325, 6.2 KB checked in by nikrou, 10 years ago (diff)

Feature 1244 resolved
Replace all mysql functions in core code by ones independant of database engine

Fix small php code synxtax : hash must be accessed with [ ] and not { }.

  • Property svn:eol-style set to LF
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24// +-----------------------------------------------------------------------+
25// |                           initialization                              |
26// +-----------------------------------------------------------------------+
27
28define('PHPWG_ROOT_PATH','./');
29include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
30include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
31
32// +-----------------------------------------------------------------------+
33// | Check Access and exit when user status is not ok                      |
34// +-----------------------------------------------------------------------+
35check_status(ACCESS_FREE);
36
37// +-----------------------------------------------------------------------+
38// |                          send a new password                          |
39// +-----------------------------------------------------------------------+
40
41$page['errors'] = array();
42$page['infos'] = array();
43
44if (isset($_POST['submit']))
45{
46  $mailto =
47    '<a href="mailto:'.get_webmaster_mail_address().'">'
48    .l10n('Contact webmaster')
49    .'</a>'
50    ;
51
52  if (isset($_POST['no_mail_address']) and $_POST['no_mail_address'] == 1)
53  {
54    array_push($page['infos'], l10n('Email address is missing'));
55    array_push($page['infos'], $mailto);
56  }
57  else if (isset($_POST['mail_address']) and !empty($_POST['mail_address']))
58  {
59    $mail_address = pwg_db_real_escape_string($_POST['mail_address']);
60   
61    $query = '
62SELECT '.$conf['user_fields']['id'].' AS id
63     , '.$conf['user_fields']['username'].' AS username
64     , '.$conf['user_fields']['email'].' AS email
65FROM '.USERS_TABLE.' as u
66  INNER JOIN '.USER_INFOS_TABLE.' AS ui
67      ON u.'.$conf['user_fields']['id'].' = ui.user_id
68WHERE '
69  .$conf['user_fields']['email'].' = \''.$mail_address.'\' AND
70  (
71    ui.status = \'normal\' OR
72    (ui.status in (\'admin\', \'webmaster\') AND ui.adviser = \'true\')
73  )
74;';
75    $result = pwg_query($query);
76
77    if (pwg_db_num_rows($result) > 0)
78    {
79      $error_on_mail = false;
80      $datas = array();
81     
82      while ($row = pwg_db_fetch_assoc($result))
83      {
84        $new_password = generate_key(6);
85
86        $infos =
87          l10n('Username').': '.stripslashes($row['username'])
88          ."\n".l10n('Password').': '.$new_password
89          ;
90
91        if (pwg_mail($row['email'],
92              array('subject' => l10n('password updated'), 'content' => $infos)))
93        {
94          $data =
95            array(
96              $conf['user_fields']['id']
97              => $row['id'],
98             
99              $conf['user_fields']['password']
100              => $conf['pass_convert']($new_password)
101              );
102
103          array_push($datas, $data);
104        }
105        else
106        {
107          $error_on_mail = true;
108        }
109      }
110     
111      if ($error_on_mail)
112      {
113        array_push($page['errors'], l10n('Error sending email'));
114        array_push($page['errors'], $mailto);
115      }
116      else
117      {
118        include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
119        mass_updates(
120          USERS_TABLE,
121          array(
122            'primary' => array($conf['user_fields']['id']),
123            'update' => array($conf['user_fields']['password'])
124          ),
125          $datas
126          );
127
128        array_push($page['infos'], l10n('New password sent by email'));
129      }
130    }
131    else
132    {
133      array_push($page['errors'], l10n('No user matches this email address'));
134      array_push($page['errors'], l10n('Administrator, webmaster and special user cannot use this method'));
135      array_push($page['errors'], $mailto);
136    }
137  }
138}
139
140// +-----------------------------------------------------------------------+
141// |                        template initialization                        |
142// +-----------------------------------------------------------------------+
143
144$title = l10n('Forgot your password?');
145$page['body_id'] = 'thePasswordPage';
146
147$template->set_filenames(array('password'=>'password.tpl'));
148$template->assign( array(
149    'F_ACTION'=> get_root_url().'password.php'
150    )
151  );
152// +-----------------------------------------------------------------------+
153// |                        infos & errors display                         |
154// +-----------------------------------------------------------------------+
155$template->assign('errors', $page['errors']);
156$template->assign('infos', $page['infos']);
157
158// +-----------------------------------------------------------------------+
159// |                           html code display                           |
160// +-----------------------------------------------------------------------+
161include(PHPWG_ROOT_PATH.'include/page_header.php');
162$template->pparse('password');
163include(PHPWG_ROOT_PATH.'include/page_tail.php');
164
165?>
Note: See TracBrowser for help on using the repository browser.