php-e107/fpw.php

<?php
/*
* e107 website system
*
* Copyright 2008-2010 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Interface for users who have forgotten their password
*
* $URL$
* $Id$
*
*/
require_once('class2.php');
include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_'.e_PAGE);

if (USER)
{
	header('location:'.e_BASE.'index.php');
	exit;
}

if($pref['fpwcode'] && extension_loaded('gd'))
{
	define('USE_IMAGECODE',TRUE);
	require_once(e_HANDLER.'secure_img_handler.php');
	$sec_img = new secure_image;
}
else
{
	define('USE_IMAGECODE',FALSE);
}


if ($pref['membersonly_enabled']) 
{
	if (!$FPW_TABLE_HEADER) 
	{
		require_once (e107::coreTemplatePath('fpw')); //correct way to load a core template. 
	}
	$HEADER = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE_HEADER);
	$FOOTER = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE_FOOTER);
}

$user_info = e107::getUserSession();

require_once(HEADERF);

function fpw_error($txt)
{
	global $ns;
	$ns->tablerender(LAN_03, "<div style='text-align:center'>".$txt."</div>");
	require_once(FOOTERF);
	exit;
}


//the separator character used
define('FPW_SEPARATOR', '#');
//$fpw_sep = '#';


if (e_QUERY) 
{	// User has clicked on the emailed link
	define('FPW_ACTIVE','TRUE');
	$tmpinfo = preg_replace("#[\W_]#", "", e107::getParser()->toDB(e_QUERY, true));			// query part is a 'random' number
	if ($tmpinfo != e_QUERY)
	{
		die();			// Shouldn't be any characters that toDB() changes
	}
	if ($sql->db_Select('tmp', '*', "`tmp_ip`='pwreset' AND `tmp_info` LIKE '%".FPW_SEPARATOR.$tmpinfo."' ")) 
	{
		$row = $sql->db_Fetch();
		$sql->db_Delete('tmp', "`tmp_time` = ".$row['tmp_time']." AND `tmp_info` = '".$row['tmp_info']."' ");

		list($loginName, $md5) = explode(FPW_SEPARATOR, $row['tmp_info']);
		$loginName = $tp -> toDB($loginName, true);

		if ($md5 != $tmpinfo)
		{
			die('Random mismatch!');			// This should never happen!
		}

		$newpw = $user_info->generateRandomString(str_repeat('*', rand(8, 12)));		// Generate new temporary password
		$mdnewpw = $user_info->HashPassword($newpw,$loginName);

		// Details for admin log
		$do_log['password_action'] = LAN_FPW21;
		//$do_log['user_name'] = $tp -> toDB($username, true);
		$do_log['user_loginname'] = $loginName;
		$do_log['activation_code'] = $tmpinfo;
		$do_log['user_password'] = $mdnewpw;
		$admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,0,$do_log['user_name']);

		$sql->db_Update('user', "`user_password`='{$mdnewpw}' WHERE `user_loginname`='".$loginName."' ");

		cookie($pref['cookie_name'], '', (time()-2592000));
		$_SESSION[$pref['cookie_name']] = '';

		$txt = "<div>".LAN_FPW8."<br /><br />
		<table style='width:70%'>
		<tr><td>".LAN_218."</td><td style='font-weight:bold'>{$loginName}</td></tr>
		<tr><td>".LAN_FPW9."</td><td style='font-weight:bold'>{$newpw}</td></tr>
		</table>
		<br /><br />".LAN_FPW10." <a href='".e_LOGIN."'>".LAN_FPW11."</a> ".LAN_FPW12."</div>";
		fpw_error($txt);

	} 
	else 
	{
		fpw_error(LAN_FPW7);		// No 'forgot password' entry found
	}
}


// Request to reset password
//--------------------------
if (isset($_POST['pwsubmit'])) 
{	// Request for password reset submitted
	require_once(e_HANDLER.'mail.php');
	$email = $_POST['email'];

	if ($pref['fpwcode'] && extension_loaded('gd')) 
	{
		if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) 
		{
			fpw_error(LAN_FPW3);
		}
	}

	$clean_email = check_email($tp -> toDB($_POST['email']));
	$clean_username = $tp -> toDB(varset($_POST['username'], ''));
 	$query = "`user_email`='{$clean_email}' ";
	// Allow admins to remove 'username' from fpw_template.php if they wish.
	$query .= (isset($_POST['username'])) ? " AND `user_loginname`='{$clean_username}'" : "";

	if ($sql->db_Select('user', '*', $query)) 
	{	// Found user in DB
		$row = $sql->db_Fetch();
		
		if (($row['user_admin'] == 1) && (($row['user_perms'] == '0')  OR ($row['user_perms'] == '0.')))
		{	// Main admin expected to be competent enough to never forget password! (And its a security check - so warn them)
			sendemail($pref['siteadminemail'], LAN_06, LAN_07.' '.$e107->getip().' '.LAN_08);
			echo "<script type='text/javascript'>document.location.href='index.php'</script>\n";
			die();
		}

		switch ($row['user_ban'])
		{	// Banned user, or not validated
			case USER_BANNED :
				die();
			case USER_VALIDATED :
				break;
			default :
				fpw_error(LAN_FPW22.':'.$row['user_ban']);		// Intentionally rather a vague message
				exit;
		}

		if ($result = $sql->db_Select('tmp', '*', "`tmp_ip` = 'pwreset' AND `tmp_info` LIKE '".$row['user_loginname'].FPW_SEPARATOR."%'")) 
		{
			fpw_error(LAN_FPW4);		// Password reset already requested
			exit;
		}

		mt_srand ((double)microtime() * 1000000);
		$maxran = 1000000;
		$rand_num = mt_rand(0, $maxran);
		$datekey = date('r');
		$rcode = md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey);

		$link = SITEURL.'fpw.php?'.$rcode;
		$message = LAN_FPW5.' '.SITENAME.' '.LAN_FPW14.' : '.$e107->getip().".\n\n".LAN_FPW15."\n\n".LAN_FPW16."\n\n".LAN_FPW17."\n\n{$link}";

		$deltime = time()+86400 * 2;			//Set timestamp two days ahead so it doesn't get auto-deleted
		$sql->db_Insert('tmp', "'pwreset',{$deltime},'".$row['user_loginname'].FPW_SEPARATOR.$rcode."'");

		$do_log['password_action'] = LAN_FPW18;
		$do_log['user_id'] = $row['user_id'];
		$do_log['user_name'] = $row['user_name'];
		$do_log['user_loginname'] = $row['user_loginname'];
		$do_log['activation_code'] = $rcode;

		if (sendemail($_POST['email'], "".LAN_09."".SITENAME, $message)) 
		{
		  $text = "<div style='text-align:center'>".LAN_FPW6."</div>";
		  $do_log['password_result'] = LAN_FPW20;
		} 
		else 
		{
		  $text = "<div style='text-align:center'>".LAN_02."</div>";
		  $do_log['password_result'] = LAN_FPW19;
		}
		$admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,$row['user_id'],$row['user_name']);

		$ns->tablerender(LAN_03, $text);
		require_once(FOOTERF);
		exit;
	} 
	else 
	{
		$text = LAN_213;
		$ns->tablerender(LAN_214, "<div style='text-align:center'>".$text."</div>");
	}
}


if (USE_IMAGECODE) 
{
	$FPW_TABLE_SECIMG_LAN = LAN_FPW2;
	$FPW_TABLE_SECIMG_HIDDEN = "<input type='hidden' name='rand_num' value='".$sec_img->random_number."' />";
	$FPW_TABLE_SECIMG_SECIMG = $sec_img->r_image();
	$FPW_TABLE_SECIMG_TEXTBOC = "<input class='tbox' type='text' name='code_verify' size='15' maxlength='20' />";
}

if (!$FPW_TABLE) 
{
	if (file_exists(THEME.'fpw_template.php')) 
	{
		require_once(THEME.'fpw_template.php');
	} 
	else 
	{
		require_once(e_THEME.'templates/fpw_template.php');
	}
}
$text = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE);

$ns->tablerender(LAN_03, $text);
require_once(FOOTERF);

?>
new module creation 2006-12-02 04:36:16 +00:00			`<?php`
			`/*`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`* e107 website system`
			`*`
			`* Copyright 2008-2010 e107 Inc (e107.org)`
			`* Released under the terms and conditions of the`
			`* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)`
			`*`
			`* Interface for users who have forgotten their password`
			`*`
			`* $URL$`
			`* $Id$`
			`*`
new module creation 2006-12-02 04:36:16 +00:00			`*/`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`require_once('class2.php');`
Add include_lan() to fornt 2009-08-28 15:30:25 +00:00			`include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_'.e_PAGE);`
new module creation 2006-12-02 04:36:16 +00:00
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`if (USER)`
Password options for logon, email login option, random user name/PW generation, Bugtracker #4393 and possibly others previously added to 0.7 2008-06-13 20:20:23 +00:00			`{`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`header('location:'.e_BASE.'index.php');`
new module creation 2006-12-02 04:36:16 +00:00			`exit;`
			`}`

EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`if($pref['fpwcode'] && extension_loaded('gd'))`
Password options for logon, email login option, random user name/PW generation, Bugtracker #4393 and possibly others previously added to 0.7 2008-06-13 20:20:23 +00:00			`{`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`define('USE_IMAGECODE',TRUE);`
			`require_once(e_HANDLER.'secure_img_handler.php');`
			`$sec_img = new secure_image;`
Password options for logon, email login option, random user name/PW generation, Bugtracker #4393 and possibly others previously added to 0.7 2008-06-13 20:20:23 +00:00			`}`
			`else`
			`{`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`define('USE_IMAGECODE',FALSE);`
new module creation 2006-12-02 04:36:16 +00:00			`}`



Password options for logon, email login option, random user name/PW generation, Bugtracker #4393 and possibly others previously added to 0.7 2008-06-13 20:20:23 +00:00			`if ($pref['membersonly_enabled'])`
			`{`
Bugtracker #4490 - show username (login name) rather than display name after password reset 2008-08-29 21:16:39 +00:00			`if (!$FPW_TABLE_HEADER)`
			`{`
Some code cleanup. auto-redirection to previous admin page if log back in within 5 mins. 2009-11-22 14:10:09 +00:00			`require_once (e107::coreTemplatePath('fpw')); //correct way to load a core template.`
new module creation 2006-12-02 04:36:16 +00:00			`}`
			`$HEADER = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE_HEADER);`
			`$FOOTER = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE_FOOTER);`
			`}`

Mass changes (work in progress - related beta testing and feedback highly appreciated) - New session handler - appropriate changes made at important core areas (language handler, chap login related) - Overall better COOKIE handling (on both server and client side) - cookies respect now installation path, domain (based on language settings) - Introduced Security Levels (see session handler constants/docs), security level option could be added to install routine now - Security level printed on Administration info panel, appropriate lans added (subject of discussion) - e_TOKEN security part of session handling now - logic depends depends on security level (TODO - POST_REFERER removal) - e_print, e_dump debug functions added (for quick and nice debug view via site output), native overall FirePhp support planned - a lot of minor bugfixes 2010-10-26 07:41:20 +00:00			`$user_info = e107::getUserSession();`
Password options for logon, email login option, random user name/PW generation, Bugtracker #4393 and possibly others previously added to 0.7 2008-06-13 20:20:23 +00:00
new module creation 2006-12-02 04:36:16 +00:00			`require_once(HEADERF);`

testing commit IRC logging 2008-02-18 02:12:06 +00:00			`function fpw_error($txt)`
			`{`
new module creation 2006-12-02 04:36:16 +00:00			`global $ns;`
			`$ns->tablerender(LAN_03, "<div style='text-align:center'>".$txt."</div>");`
			`require_once(FOOTERF);`
			`exit;`
			`}`

EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00

System logging core upgrade - admin section, viewer, user audit functions 2007-12-15 15:06:40 +00:00			`//the separator character used`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`define('FPW_SEPARATOR', '#');`
			`//$fpw_sep = '#';`
new module creation 2006-12-02 04:36:16 +00:00
System logging core upgrade - admin section, viewer, user audit functions 2007-12-15 15:06:40 +00:00

			`if (e_QUERY)`
Bugtracker #4490 - show username (login name) rather than display name after password reset 2008-08-29 21:16:39 +00:00			`{ // User has clicked on the emailed link`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`define('FPW_ACTIVE','TRUE');`
			`$tmpinfo = preg_replace("#[\W_]#", "", e107::getParser()->toDB(e_QUERY, true)); // query part is a 'random' number`
			`if ($tmpinfo != e_QUERY)`
			`{`
			`die(); // Shouldn't be any characters that toDB() changes`
			`}`
			if ($sql->db_Select('tmp', '*', "`tmp_ip`='pwreset' AND `tmp_info` LIKE '%".FPW_SEPARATOR.$tmpinfo."' "))
System logging core upgrade - admin section, viewer, user audit functions 2007-12-15 15:06:40 +00:00			`{`
new module creation 2006-12-02 04:36:16 +00:00			`$row = $sql->db_Fetch();`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			$sql->db_Delete('tmp', "`tmp_time` = ".$row['tmp_time']." AND `tmp_info` = '".$row['tmp_info']."' ");

			`list($loginName, $md5) = explode(FPW_SEPARATOR, $row['tmp_info']);`
			`$loginName = $tp -> toDB($loginName, true);`

			`if ($md5 != $tmpinfo)`
Bugtracker #4490 - show username (login name) rather than display name after password reset 2008-08-29 21:16:39 +00:00			`{`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`die('Random mismatch!'); // This should never happen!`
new module creation 2006-12-02 04:36:16 +00:00			`}`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00
			`$newpw = $user_info->generateRandomString(str_repeat('*', rand(8, 12))); // Generate new temporary password`
			`$mdnewpw = $user_info->HashPassword($newpw,$loginName);`
new module creation 2006-12-02 04:36:16 +00:00
System logging core upgrade - admin section, viewer, user audit functions 2007-12-15 15:06:40 +00:00			`// Details for admin log`
			`$do_log['password_action'] = LAN_FPW21;`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`//$do_log['user_name'] = $tp -> toDB($username, true);`
			`$do_log['user_loginname'] = $loginName;`
System logging core upgrade - admin section, viewer, user audit functions 2007-12-15 15:06:40 +00:00			`$do_log['activation_code'] = $tmpinfo;`
			`$do_log['user_password'] = $mdnewpw;`
			`$admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,0,$do_log['user_name']);`

EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			$sql->db_Update('user', "`user_password`='{$mdnewpw}' WHERE `user_loginname`='".$loginName."' ");
Bugtracker #4490 - show username (login name) rather than display name after password reset 2008-08-29 21:16:39 +00:00
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`cookie($pref['cookie_name'], '', (time()-2592000));`
			`$_SESSION[$pref['cookie_name']] = '';`
new module creation 2006-12-02 04:36:16 +00:00
Bugfix: login link after resetting of password was ignoring e_SIGNUP. (customsignup.php). Also changed the layout of the response slightly, to really spell-out the login info and help to avoid recurring problems associated with human errors. 2007-12-13 01:01:35 +00:00			`$txt = "<div>".LAN_FPW8."<br /><br />`
			`<table style='width:70%'>`
Bugtracker #4490 - show username (login name) rather than display name after password reset 2008-08-29 21:16:39 +00:00			`<tr><td>".LAN_218."</td><td style='font-weight:bold'>{$loginName}</td></tr>`
Bugfix: login link after resetting of password was ignoring e_SIGNUP. (customsignup.php). Also changed the layout of the response slightly, to really spell-out the login info and help to avoid recurring problems associated with human errors. 2007-12-13 01:01:35 +00:00			`<tr><td>".LAN_FPW9."</td><td style='font-weight:bold'>{$newpw}</td></tr>`
			`</table>`
			`<br /><br />".LAN_FPW10." <a href='".e_LOGIN."'>".LAN_FPW11."</a> ".LAN_FPW12."</div>";`
new module creation 2006-12-02 04:36:16 +00:00			`fpw_error($txt);`

Password options for logon, email login option, random user name/PW generation, Bugtracker #4393 and possibly others previously added to 0.7 2008-06-13 20:20:23 +00:00			`}`
			`else`
			`{`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`fpw_error(LAN_FPW7); // No 'forgot password' entry found`
new module creation 2006-12-02 04:36:16 +00:00			`}`
			`}`

System logging core upgrade - admin section, viewer, user audit functions 2007-12-15 15:06:40 +00:00
			`// Request to reset password`
			`//--------------------------`
			`if (isset($_POST['pwsubmit']))`
Bugtracker #4490 - show username (login name) rather than display name after password reset 2008-08-29 21:16:39 +00:00			`{ // Request for password reset submitted`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`require_once(e_HANDLER.'mail.php');`
new module creation 2006-12-02 04:36:16 +00:00			`$email = $_POST['email'];`

EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`if ($pref['fpwcode'] && extension_loaded('gd'))`
System logging core upgrade - admin section, viewer, user audit functions 2007-12-15 15:06:40 +00:00			`{`
Bugtracker #4490 - show username (login name) rather than display name after password reset 2008-08-29 21:16:39 +00:00			`if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify']))`
			`{`
new module creation 2006-12-02 04:36:16 +00:00			`fpw_error(LAN_FPW3);`
			`}`
			`}`

			`$clean_email = check_email($tp -> toDB($_POST['email']));`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`$clean_username = $tp -> toDB(varset($_POST['username'], ''));`
Bugtracker #4490 - show username (login name) rather than display name after password reset 2008-08-29 21:16:39 +00:00			$query = "`user_email`='{$clean_email}' ";
new module creation 2006-12-02 04:36:16 +00:00			`// Allow admins to remove 'username' from fpw_template.php if they wish.`
Bugtracker #4490 - show username (login name) rather than display name after password reset 2008-08-29 21:16:39 +00:00			$query .= (isset($_POST['username'])) ? " AND `user_loginname`='{$clean_username}'" : "";
new module creation 2006-12-02 04:36:16 +00:00
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`if ($sql->db_Select('user', '*', $query))`
Bugtracker #4490 - show username (login name) rather than display name after password reset 2008-08-29 21:16:39 +00:00			`{ // Found user in DB`
new module creation 2006-12-02 04:36:16 +00:00			`$row = $sql->db_Fetch();`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00
			`if (($row['user_admin'] == 1) && (($row['user_perms'] == '0') OR ($row['user_perms'] == '0.')))`
System logging core upgrade - admin section, viewer, user audit functions 2007-12-15 15:06:40 +00:00			`{ // Main admin expected to be competent enough to never forget password! (And its a security check - so warn them)`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`sendemail($pref['siteadminemail'], LAN_06, LAN_07.' '.$e107->getip().' '.LAN_08);`
new module creation 2006-12-02 04:36:16 +00:00			`echo "<script type='text/javascript'>document.location.href='index.php'</script>\n";`
			`die();`
			`}`

EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`switch ($row['user_ban'])`
			`{ // Banned user, or not validated`
			`case USER_BANNED :`
			`die();`
			`case USER_VALIDATED :`
			`break;`
			`default :`
			`fpw_error(LAN_FPW22.':'.$row['user_ban']); // Intentionally rather a vague message`
			`exit;`
			`}`

			if ($result = $sql->db_Select('tmp', '*', "`tmp_ip` = 'pwreset' AND `tmp_info` LIKE '".$row['user_loginname'].FPW_SEPARATOR."%'"))
System logging core upgrade - admin section, viewer, user audit functions 2007-12-15 15:06:40 +00:00			`{`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`fpw_error(LAN_FPW4); // Password reset already requested`
			`exit;`
new module creation 2006-12-02 04:36:16 +00:00			`}`

			`mt_srand ((double)microtime() * 1000000);`
			`$maxran = 1000000;`
			`$rand_num = mt_rand(0, $maxran);`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`$datekey = date('r');`
new module creation 2006-12-02 04:36:16 +00:00			`$rcode = md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey);`

EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`$link = SITEURL.'fpw.php?'.$rcode;`
			`$message = LAN_FPW5.' '.SITENAME.' '.LAN_FPW14.' : '.$e107->getip().".\n\n".LAN_FPW15."\n\n".LAN_FPW16."\n\n".LAN_FPW17."\n\n{$link}";`
new module creation 2006-12-02 04:36:16 +00:00
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`$deltime = time()+86400 * 2; //Set timestamp two days ahead so it doesn't get auto-deleted`
			`$sql->db_Insert('tmp', "'pwreset',{$deltime},'".$row['user_loginname'].FPW_SEPARATOR.$rcode."'");`
new module creation 2006-12-02 04:36:16 +00:00
System logging core upgrade - admin section, viewer, user audit functions 2007-12-15 15:06:40 +00:00			`$do_log['password_action'] = LAN_FPW18;`
			`$do_log['user_id'] = $row['user_id'];`
			`$do_log['user_name'] = $row['user_name'];`
			`$do_log['user_loginname'] = $row['user_loginname'];`
			`$do_log['activation_code'] = $rcode;`

			`if (sendemail($_POST['email'], "".LAN_09."".SITENAME, $message))`
			`{`
			`$text = "<div style='text-align:center'>".LAN_FPW6."</div>";`
			`$do_log['password_result'] = LAN_FPW20;`
			`}`
			`else`
			`{`
			`$text = "<div style='text-align:center'>".LAN_02."</div>";`
			`$do_log['password_result'] = LAN_FPW19;`
new module creation 2006-12-02 04:36:16 +00:00			`}`
System logging core upgrade - admin section, viewer, user audit functions 2007-12-15 15:06:40 +00:00			`$admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,$row['user_id'],$row['user_name']);`
new module creation 2006-12-02 04:36:16 +00:00
			`$ns->tablerender(LAN_03, $text);`
			`require_once(FOOTERF);`
			`exit;`
System logging core upgrade - admin section, viewer, user audit functions 2007-12-15 15:06:40 +00:00			`}`
			`else`
			`{`
new module creation 2006-12-02 04:36:16 +00:00			`$text = LAN_213;`
			`$ns->tablerender(LAN_214, "<div style='text-align:center'>".$text."</div>");`
			`}`
			`}`


Bugtracker #4490 - show username (login name) rather than display name after password reset 2008-08-29 21:16:39 +00:00			`if (USE_IMAGECODE)`
			`{`
new module creation 2006-12-02 04:36:16 +00:00			`$FPW_TABLE_SECIMG_LAN = LAN_FPW2;`
			`$FPW_TABLE_SECIMG_HIDDEN = "<input type='hidden' name='rand_num' value='".$sec_img->random_number."' />";`
			`$FPW_TABLE_SECIMG_SECIMG = $sec_img->r_image();`
			`$FPW_TABLE_SECIMG_TEXTBOC = "<input class='tbox' type='text' name='code_verify' size='15' maxlength='20' />";`
			`}`

Bugtracker #4490 - show username (login name) rather than display name after password reset 2008-08-29 21:16:39 +00:00			`if (!$FPW_TABLE)`
			`{`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`if (file_exists(THEME.'fpw_template.php'))`
Bugtracker #4490 - show username (login name) rather than display name after password reset 2008-08-29 21:16:39 +00:00			`{`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`require_once(THEME.'fpw_template.php');`
Bugtracker #4490 - show username (login name) rather than display name after password reset 2008-08-29 21:16:39 +00:00			`}`
			`else`
			`{`
EONE-99: Bug - user DB wasn't being updated with temporary password 2010-08-10 19:34:17 +00:00			`require_once(e_THEME.'templates/fpw_template.php');`
new module creation 2006-12-02 04:36:16 +00:00			`}`
			`}`
			`$text = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE);`

			`$ns->tablerender(LAN_03, $text);`
			`require_once(FOOTERF);`

			`?>`