secImg = $sec_img; } function sc_fpw_username($parm=null) // used when email login is disabled { // return ""; return e107::getForm()->text('username'); // $frm->userpicker()? } function sc_fpw_useremail($parm=null) { // return ''; // return ""; return e107::getForm()->email('email', '', 200, array('placeholder' => 'Email', 'required' => 'required')); } function sc_fpw_submit($parm=null) { // return ''; // return ""; $label = deftrue('LAN_FPW_102', LAN_SUBMIT); return e107::getForm()->button('pwsubmit', $label); } function sc_fpw_captcha_lan($parm=null) { return LAN_ENTER_CODE; } function sc_fpw_captcha_hidden($parm=null) { return; // no longer required - included in renderInput(); } /** * @param string $parm * @return mixed|null|string */ function sc_fpw_captcha_img($parm='') { if(USE_IMAGECODE) { return $this->secImg->renderImage(); } return null; } /** * @param string $parm * @return mixed|null|string */ function sc_fpw_captcha_input($parm=null) { if(USE_IMAGECODE) { return $this->secImg->renderInput(); } return null; } function sc_fpw_logo($parm='') { // Unused at the moment. } function sc_fpw_text($parm=null) { return deftrue('LAN_FPW_101',"Not to worry. Just enter your email address below and we'll send you an instruction email for recovery."); } } if ($pref['membersonly_enabled']) { $sc = array ( 'FPW_LOGIN_LOGO' => file_exists(THEME."images/login_logo.png") ? "\n" : "\n" ); if(deftrue('BOOTSTRAP')) { $FPW_TABLE_HEADER = e107::getCoreTemplate('fpw','header'); $FPW_TABLE_FOOTER = e107::getCoreTemplate('fpw','footer'); } else { require_once (e107::coreTemplatePath('fpw')); //correct way to load a core template. } define('e_IFRAME', true); $HEAD = $tp->simpleParse($FPW_TABLE_HEADER, $sc); $FOOT = $tp->simpleParse($FPW_TABLE_FOOTER, $sc); define('e_IFRAME_HEADER', $HEAD); define('e_IFRAME_FOOTER' , $FOOT); } $user_info = e107::getUserSession(); require_once(HEADERF); function fpw_error($txt) { if(deftrue('BOOTSTRAP')) { e107::getMessage()->addError($txt); e107::getRender()->tablerender(LAN_03, e107::getMessage()->render()); require_once(FOOTERF); exit; } e107::getRender()->tablerender(LAN_03, "
".$txt."
", 'fpw'); require_once(FOOTERF); exit; } //the separator character used define('FPW_SEPARATOR', '#'); //$fpw_sep = '#'; // User has clicked on the emailed link if(e_QUERY) { // Make sure login menu is not giving any troubles define('FPW_ACTIVE','TRUE'); // Verify the password reset code syntax $tmpinfo = preg_replace("#[\W_]#", "", e107::getParser()->toDB(e_QUERY, true)); // query part is a 'random' number if ($tmpinfo != e_QUERY) { // Shouldn't be any characters that toDB() changes //die(); e107::getRedirect()->redirect(SITEURL); } // Verify the password reset code if ($sql->select('tmp', '*', "`tmp_ip`='pwreset' AND `tmp_info` LIKE '%".FPW_SEPARATOR.$tmpinfo."' ")) { $row = $sql->fetch(); // Delete the record if(time() > (int) $row['tmp_time']) { $sql->delete('tmp', "`tmp_time` = ".$row['tmp_time']." AND `tmp_info` = '".$row['tmp_info']."' "); e107::getMessage()->addDebug("Tmp Password Reset Entry Deleted"); } $sql->delete('tmp', "tmp_time < ".time()); // cleanup table. list($uid, $loginName, $md5) = explode(FPW_SEPARATOR, $row['tmp_info']); $loginName = $tp->toDB($loginName, true); // This should never happen! if($md5 != $tmpinfo) { e107::getRedirect()->redirect(SITEURL); } // Generate new temporary password $pwdArray = e107::getUserSession()->resetPassword($uid,$loginName, array('return'=>'array')); if($pwdArray === false) { fpw_error(LAN_214); } $newpw = $pwdArray['password']; // Details for admin log $do_log = array(); $do_log['password_action'] = LAN_FPW21; $do_log['user_loginname'] = $loginName; $do_log['activation_code'] = $tmpinfo; $do_log['user_password'] = $newpw; $do_log['user_password_hash'] = $pwdArray['hash']; $do_log['expires'] = date(DATE_W3C,$row['tmp_time']); // Prepare new information to display to user if((integer) e107::getPref('allowEmailLogin') > 0) { // always show email when possible $sql->select('user', 'user_email', "user_id=".intval($uid)); $tmp = $sql->fetch(); $loginName = $tmp['user_email']; $do_log['user_email'] = $tmp['user_email']; unset($tmp); } $admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,0,$do_log['user_name']); if(getperms('0')) // Test Mode. { echo "
".print_a($do_log, true)."
"; } else { // Reset login cookie/session (?) cookie($pref['cookie_name'], '', (time()-2592000)); $_SESSION[$pref['cookie_name']] = ''; } // Display success message containing new login information $txt = "
".LAN_FPW8."
".LAN_218."{$loginName}
".LAN_FPW9." {$newpw}


".LAN_FPW10." ".LAN_LOGIN.". "; // .LAN_FPW12; e107::getMessage()->addSuccess($txt); e107::getRender()->tablerender(LAN_03, e107::getMessage()->render()); require_once(FOOTERF); exit; } // The password reset code was not found else { fpw_error(LAN_FPW7); } } // Request to reset password if (!empty($_POST['pwsubmit'])) { require_once(e_HANDLER.'mail.php'); if ($pref['fpwcode'] && extension_loaded('gd')) { if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) { fpw_error(LAN_INVALID_CODE); } } $email = $_POST['email']; $clean_email = check_email($tp->toDB($_POST['email'])); $clean_username = $tp->toDB(varset($_POST['username'], '')); $query = "`user_email`='{$clean_email}' "; // Allow admins to remove 'username' from fpw_template.php if they wish. $query .= (isset($_POST['username'])) ? " AND `user_loginname`='{$clean_username}'" : ""; if($sql->select('user', '*', $query)) { // Found user in DB $row = $sql->fetch(); // Main admin expected to be competent enough to never forget password! (And its a security check - so warn them) // Sending email to admin alerting them of attempted admin password reset, and redirect user to homepage. if(!getperms('0')) // disabled when testing as main-admin. { if (($row['user_admin'] == 1) && (($row['user_perms'] == '0') OR ($row['user_perms'] == '0.'))) { sendemail($pref['siteadminemail'], LAN_06, LAN_07.' ['.e107::getIPHandler()->getIP(FALSE).'] '.e107::getIPHandler()->getIP(TRUE).' '.LAN_08); e107::getRedirect()->redirect(SITEURL); } } // Banned user, or not validated switch($row['user_ban']) { case USER_BANNED: e107::getRedirect()->redirect(SITEURL); break; case USER_VALIDATED: break; default: fpw_error(LAN_02.':'.$row['user_ban']); // Intentionally rather a vague message exit; } // Check if password reset was already requested if ($result = $sql->select('tmp', '*', "`tmp_ip` = 'pwreset' AND `tmp_info` LIKE '".$row['user_loginname'].FPW_SEPARATOR."%'")) { fpw_error(LAN_FPW4); exit; } // Set unique reset code $datekey = microtime(true); $rcode = e107::getUserSession()->generateRandomString( '############' ); // $rcode = crypt(($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $clean_email . $datekey), e_TOKEN); // Prepare email $link = SITEURL.'fpw.php?'.$rcode; $message = LAN_FPW5.' '.SITENAME.' '.LAN_FPW14.': '.e107::getIPHandler()->getIP(TRUE).".\n\n".LAN_FPW15."\n\n".LAN_FPW16."\n\n".LAN_FPW17."\n\n{$link}"; // Set timestamp two days ahead so it doesn't get auto-deleted // $deltime = time()+86400 * 2; $deltime = strtotime("+ 10 minutes"); // Insert the password reset request into the database $insertQry = array( 'tmp_ip' => 'pwreset', 'tmp_time' => $deltime, 'tmp_info' => ($row['user_id'].FPW_SEPARATOR.$row['user_loginname'].FPW_SEPARATOR.$rcode) ); $sql->insert('tmp', $insertQry); // Setup the information to log $do_log['password_action'] = LAN_FPW18; $do_log['user_id'] = $row['user_id']; $do_log['user_name'] = $row['user_name']; $do_log['user_loginname'] = $row['user_loginname']; $do_log['activation_code'] = $rcode; if(getperms('0')) { $message .= "\n\n
Caution: If you click the button below, you will follow the link the user receives in their email, and the password will actually be reset!"; // NO LAN $message .= "\n\nClick to Continue with test"; // NO LAN $ns->tablerender("Testing Mode", nl2br($message)); require_once(FOOTERF); exit; } // Try to send the email if(sendemail($clean_email, "".LAN_09."".SITENAME, $message)) { e107::getMessage()->addInfo(LAN_FPW6); $do_log['password_result'] = LAN_FPW20; } else { //$text = "
".LAN_02."
"; $do_log['password_result'] = LAN_FPW19; fpw_error(LAN_02); } // Log to user audit log e107::getAdminLog()->user_audit(USER_AUDIT_PW_RES, $do_log, $row['user_id'], $row['user_name']); $ns->tablerender(LAN_03, $text.e107::getMessage()->render()); require_once(FOOTERF); exit; } else { //$text = LAN_213; //$ns->tablerender(LAN_214, "
".$text."
"); //e107::getMessage()->addError(LAN_213); //$ns->tablerender(LAN_214, e107::getMessage()->render()); fpw_error(LAN_213); } } $sc = array(); // needed? if(deftrue('BOOTSTRAP')) { // TODO do we want the
element outside the template? $FPW_TABLE = ""; if(getperms('0')) { $FPW_TABLE.= "
Logged in as admin
"; } $FPW_TABLE .= e107::getCoreTemplate('fpw','form'); $FPW_TABLE .= "
"; $caption = deftrue('LAN_FPW_100',"Forgot your password?"); } elseif(!$FPW_TABLE) { require_once (e107::coreTemplatePath('fpw')); //correct way to load a core template. $caption = LAN_03; } $sc = new fpw_shortcodes; // New Shortcode names in v2. BC Fix. $bcShortcodes = array('{FPW_TABLE_SECIMG_LAN}', '{FPW_TABLE_SECIMG_HIDDEN}', '{FPW_TABLE_SECIMG_SECIMG}', '{FPW_TABLE_SECIMG_TEXTBOC}'); $nwShortcodes = array('{FPW_CAPTCHA_LAN}', '{FPW_CAPTCHA_HIDDEN}', '{FPW_CAPTCHA_IMG}', '{FPW_CAPTCHA_INPUT}'); $FPW_TABLE = str_replace($bcShortcodes,$nwShortcodes,$FPW_TABLE); $text = $tp->parseTemplate($FPW_TABLE, true, $sc); // $text = $tp->simpleParse($FPW_TABLE, $sc); $ns->tablerender($caption, $text, 'fpw'); require_once(FOOTERF);