| 130 |
kaklik |
1 |
<?php |
|
|
2 |
/*************************************************************************** |
|
|
3 |
* usercp_sendpasswd.php |
|
|
4 |
* ------------------- |
|
|
5 |
* begin : Saturday, Feb 13, 2001 |
|
|
6 |
* copyright : (C) 2001 The phpBB Group |
|
|
7 |
* email : support@phpbb.com |
|
|
8 |
* |
|
|
9 |
* $Id: usercp_sendpasswd.php,v 1.6.2.13 2005/09/14 18:14:30 acydburn Exp $ |
|
|
10 |
* |
|
|
11 |
* |
|
|
12 |
***************************************************************************/ |
|
|
13 |
|
|
|
14 |
/*************************************************************************** |
|
|
15 |
* |
|
|
16 |
* This program is free software; you can redistribute it and/or modify |
|
|
17 |
* it under the terms of the GNU General Public License as published by |
|
|
18 |
* the Free Software Foundation; either version 2 of the License, or |
|
|
19 |
* (at your option) any later version. |
|
|
20 |
* |
|
|
21 |
* |
|
|
22 |
***************************************************************************/ |
|
|
23 |
|
|
|
24 |
if ( !defined('IN_PHPBB') ) |
|
|
25 |
{ |
|
|
26 |
die('Hacking attempt'); |
|
|
27 |
exit; |
|
|
28 |
} |
|
|
29 |
|
|
|
30 |
if ( isset($HTTP_POST_VARS['submit']) ) |
|
|
31 |
{ |
|
|
32 |
$username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; |
|
|
33 |
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : ''; |
|
|
34 |
|
|
|
35 |
$sql = "SELECT user_id, username, user_email, user_active, user_lang |
|
|
36 |
FROM " . USERS_TABLE . " |
|
|
37 |
WHERE user_email = '" . str_replace("\'", "''", $email) . "' |
|
|
38 |
AND username = '" . str_replace("\'", "''", $username) . "'"; |
|
|
39 |
if ( $result = $db->sql_query($sql) ) |
|
|
40 |
{ |
|
|
41 |
if ( $row = $db->sql_fetchrow($result) ) |
|
|
42 |
{ |
|
|
43 |
if ( !$row['user_active'] ) |
|
|
44 |
{ |
|
|
45 |
message_die(GENERAL_MESSAGE, $lang['No_send_account_inactive']); |
|
|
46 |
} |
|
|
47 |
|
|
|
48 |
$username = $row['username']; |
|
|
49 |
$user_id = $row['user_id']; |
|
|
50 |
|
|
|
51 |
$user_actkey = gen_rand_string(true); |
|
|
52 |
$key_len = 54 - strlen($server_url); |
|
|
53 |
$key_len = ($key_len > 6) ? $key_len : 6; |
|
|
54 |
$user_actkey = substr($user_actkey, 0, $key_len); |
|
|
55 |
$user_password = gen_rand_string(false); |
|
|
56 |
|
|
|
57 |
$sql = "UPDATE " . USERS_TABLE . " |
|
|
58 |
SET user_newpasswd = '" . md5($user_password) . "', user_actkey = '$user_actkey' |
|
|
59 |
WHERE user_id = " . $row['user_id']; |
|
|
60 |
if ( !$db->sql_query($sql) ) |
|
|
61 |
{ |
|
|
62 |
message_die(GENERAL_ERROR, 'Could not update new password information', '', __LINE__, __FILE__, $sql); |
|
|
63 |
} |
|
|
64 |
|
|
|
65 |
include($phpbb_root_path . 'includes/emailer.'.$phpEx); |
|
|
66 |
$emailer = new emailer($board_config['smtp_delivery']); |
|
|
67 |
|
|
|
68 |
$emailer->from($board_config['board_email']); |
|
|
69 |
$emailer->replyto($board_config['board_email']); |
|
|
70 |
|
|
|
71 |
$emailer->use_template('user_activate_passwd', $row['user_lang']); |
|
|
72 |
$emailer->email_address($row['user_email']); |
|
|
73 |
$emailer->set_subject($lang['New_password_activation']); |
|
|
74 |
|
|
|
75 |
$emailer->assign_vars(array( |
|
|
76 |
'SITENAME' => $board_config['sitename'], |
|
|
77 |
'USERNAME' => $username, |
|
|
78 |
'PASSWORD' => $user_password, |
|
|
79 |
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '', |
|
|
80 |
|
|
|
81 |
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) |
|
|
82 |
); |
|
|
83 |
$emailer->send(); |
|
|
84 |
$emailer->reset(); |
|
|
85 |
|
|
|
86 |
$template->assign_vars(array( |
|
|
87 |
'META' => '<meta http-equiv="refresh" content="15;url=' . append_sid("index.$phpEx") . '">') |
|
|
88 |
); |
|
|
89 |
|
|
|
90 |
$message = $lang['Password_updated'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>'); |
|
|
91 |
|
|
|
92 |
message_die(GENERAL_MESSAGE, $message); |
|
|
93 |
} |
|
|
94 |
else |
|
|
95 |
{ |
|
|
96 |
message_die(GENERAL_MESSAGE, $lang['No_email_match']); |
|
|
97 |
} |
|
|
98 |
} |
|
|
99 |
else |
|
|
100 |
{ |
|
|
101 |
message_die(GENERAL_ERROR, 'Could not obtain user information for sendpassword', '', __LINE__, __FILE__, $sql); |
|
|
102 |
} |
|
|
103 |
} |
|
|
104 |
else |
|
|
105 |
{ |
|
|
106 |
$username = ''; |
|
|
107 |
$email = ''; |
|
|
108 |
} |
|
|
109 |
|
|
|
110 |
// |
|
|
111 |
// Output basic page |
|
|
112 |
// |
|
|
113 |
include($phpbb_root_path . 'includes/page_header.'.$phpEx); |
|
|
114 |
|
|
|
115 |
$template->set_filenames(array( |
|
|
116 |
'body' => 'profile_send_pass.tpl') |
|
|
117 |
); |
|
|
118 |
make_jumpbox('viewforum.'.$phpEx); |
|
|
119 |
|
|
|
120 |
$template->assign_vars(array( |
|
|
121 |
'USERNAME' => $username, |
|
|
122 |
'EMAIL' => $email, |
|
|
123 |
|
|
|
124 |
'L_SEND_PASSWORD' => $lang['Send_password'], |
|
|
125 |
'L_ITEMS_REQUIRED' => $lang['Items_required'], |
|
|
126 |
'L_EMAIL_ADDRESS' => $lang['Email_address'], |
|
|
127 |
'L_SUBMIT' => $lang['Submit'], |
|
|
128 |
'L_RESET' => $lang['Reset'], |
|
|
129 |
|
|
|
130 |
'S_HIDDEN_FIELDS' => '', |
|
|
131 |
'S_PROFILE_ACTION' => append_sid("profile.$phpEx?mode=sendpassword")) |
|
|
132 |
); |
|
|
133 |
|
|
|
134 |
$template->pparse('body'); |
|
|
135 |
|
|
|
136 |
include($phpbb_root_path . 'includes/page_tail.'.$phpEx); |
|
|
137 |
|
|
|
138 |
?> |