$activation_key), array('user_id' => $user_id) ); $userdata['activation_key'] = $activation_key; } set_make_full_url(); $message = l10n('Someone requested that the password be reset for the following user account:') . "\r\n\r\n"; $message.= sprintf( l10n('Username "%s" on gallery %s'), $userdata['username'], get_gallery_home_url() ); $message.= "\r\n\r\n"; $message.= l10n('To reset your password, visit the following address:') . "\r\n"; $message.= get_gallery_home_url().'/password.php?key='.$userdata['activation_key']."\r\n\r\n"; $message.= l10n('If this was a mistake, just ignore this email and nothing will happen.')."\r\n"; unset_make_full_url(); $message = trigger_event('render_lost_password_mail_content', $message); $email_params = array( 'subject' => '['.$conf['gallery_title'].'] '.l10n('Password Reset'), 'content' => $message, 'email_format' => 'text/plain', ); if (pwg_mail($userdata['email'], $email_params)) { array_push($page['infos'], l10n('Check your email for the confirmation link')); return true; } else { array_push($page['errors'], l10n('Error sending email')); return false; } } /** * checks the activation key: does it match the expected pattern? is it * linked to a user? is this user allowed to reset his password? * * @return mixed (user_id if OK, false otherwise) */ function check_password_reset_key($key) { global $page; if (!preg_match('/^[a-z0-9]{20}$/i', $key)) { array_push($page['errors'], l10n('Invalid key')); return false; } $query = ' SELECT user_id, status FROM '.USER_INFOS_TABLE.' WHERE activation_key = \''.$key.'\' ;'; $result = pwg_query($query); if (pwg_db_num_rows($result) == 0) { array_push($page['errors'], l10n('Invalid key')); return false; } $userdata = pwg_db_fetch_assoc($result); if (is_a_guest($userdata['status']) or is_generic($userdata['status'])) { array_push($page['errors'], l10n('Password reset is not allowed for this user')); return false; } return $userdata['user_id']; } /** * checks the passwords, checks that user is allowed to reset his password, * update password, fills $page['errors'] and $page['infos']. * * @return bool (true if password was reset, false otherwise) */ function reset_password() { global $page, $user, $conf; if ($_POST['use_new_pwd'] != $_POST['passwordConf']) { array_push($page['errors'], l10n('The passwords do not match')); return false; } if (isset($_GET['key'])) { $user_id = check_password_reset_key($_GET['key']); if (!is_numeric($user_id)) { array_push($page['errors'], l10n('Invalid key')); return false; } } else { // we check the currently logged in user if (is_a_guest() or is_generic()) { array_push($page['errors'], l10n('Password reset is not allowed for this user')); return false; } $user_id = $user['id']; } single_update( USERS_TABLE, array($conf['user_fields']['password'] => $conf['pass_convert']($_POST['use_new_pwd'])), array($conf['user_fields']['id'] => $user_id) ); array_push($page['infos'], l10n('Your password has been reset')); if (isset($_GET['key'])) { array_push($page['infos'], ''.l10n('Login').''); } else { array_push($page['infos'], ''.l10n('Return to home page').''); } return true; } // +-----------------------------------------------------------------------+ // | Process form | // +-----------------------------------------------------------------------+ if (isset($_POST['submit'])) { check_pwg_token(); if ('lost' == $_GET['action']) { if (process_password_request()) { $page['action'] = 'none'; } } if ('reset' == $_GET['action']) { if (reset_password()) { $page['action'] = 'none'; } } } // +-----------------------------------------------------------------------+ // | key and action | // +-----------------------------------------------------------------------+ // a connected user can't reset the password from a mail if (isset($_GET['key']) and !is_a_guest()) { unset($_GET['key']); } if (isset($_GET['key'])) { $user_id = check_password_reset_key($_GET['key']); if (is_numeric($user_id)) { $userdata = getuserdata($user_id, false); $page['username'] = $userdata['username']; $template->assign('key', $_GET['key']); if (!isset($page['action'])) { $page['action'] = 'reset'; } } else { $page['action'] = 'none'; } } if (!isset($page['action'])) { if (!isset($_GET['action'])) { $page['action'] = 'lost'; } elseif (in_array($_GET['action'], array('lost', 'reset', 'none'))) { $page['action'] = $_GET['action']; } } if ('reset' == $page['action'] and !isset($_GET['key']) and (is_a_guest() or is_generic())) { redirect(get_gallery_home_url()); } if ('lost' == $page['action'] and !is_a_guest()) { redirect(get_gallery_home_url()); } // +-----------------------------------------------------------------------+ // | template initialization | // +-----------------------------------------------------------------------+ $title = l10n('Password Reset'); if ('lost' == $page['action']) { $title = l10n('Forgot your password?'); if (isset($_POST['username_or_email'])) { $template->assign('username_or_email', stripslashes($_POST['username_or_email'])); } } $page['body_id'] = 'thePasswordPage'; $template->set_filenames(array('password'=>'password.tpl')); $template->assign( array( 'title' => $title, 'form_action'=> get_root_url().'password.php', 'action' => $page['action'], 'username' => isset($page['username']) ? $page['username'] : $user['username'], 'PWG_TOKEN' => get_pwg_token(), ) ); // include menubar $themeconf = $template->get_template_vars('themeconf'); if (!isset($themeconf['hide_menu_on']) OR !in_array('thePasswordPage', $themeconf['hide_menu_on'])) { include( PHPWG_ROOT_PATH.'include/menubar.inc.php'); } // +-----------------------------------------------------------------------+ // | html code display | // +-----------------------------------------------------------------------+ include(PHPWG_ROOT_PATH.'include/page_header.php'); $template->pparse('password'); include(PHPWG_ROOT_PATH.'include/page_tail.php'); ?>