file_exists(THEME."images/login_logo.png") ? "

\n" : "

\n" ); if(deftrue('BOOTSTRAP')) { $FPW_TABLE_HEADER = e107::getCoreTemplate('fpw','header'); $FPW_TABLE_FOOTER = e107::getCoreTemplate('fpw','footer'); } else { $oldDefs = array('LAN_112' => 'LAN_FPW22'); e107::getLanguage()->bcDefs($oldDefs); require_once (e107::coreTemplatePath('fpw')); //correct way to load a core template. } define('e_IFRAME', true); $HEAD = $tp->simpleParse($FPW_TABLE_HEADER, $sc); $FOOT = $tp->simpleParse($FPW_TABLE_FOOTER, $sc); define('e_IFRAME_HEADER', $HEAD); define('e_IFRAME_FOOTER' , $FOOT); } $user_info = e107::getUserSession(); require_once(HEADERF); function fpw_error($txt) { if(deftrue('BOOTSTRAP')) { e107::getMessage()->addError($txt); e107::getRender()->tablerender(LAN_03, e107::getMessage()->render()); require_once(FOOTERF); exit; } e107::getRender()->tablerender(LAN_03, "

".$txt."

", 'fpw'); require_once(FOOTERF); exit; } //the separator character used define('FPW_SEPARATOR', '#'); //$fpw_sep = '#'; // User has clicked on the emailed link if(e_QUERY) { // Make sure login menu is not giving any troubles define('FPW_ACTIVE','TRUE'); // Verify the password reset code syntax $tmpinfo = preg_replace("#[\W_]#", "", e107::getParser()->toDB(e_QUERY, true)); // query part is a 'random' number if ($tmpinfo != e_QUERY) { // Shouldn't be any characters that toDB() changes //die(); e107::getRedirect()->redirect(SITEURL); } // Verify the password reset code if ($sql->select('tmp', '*', "`tmp_ip`='pwreset' AND `tmp_info` LIKE '%".FPW_SEPARATOR.$tmpinfo."' ")) { $row = $sql->fetch(); // Delete the record if(time() > (int) $row['tmp_time']) { $sql->delete('tmp', "`tmp_time` = ".$row['tmp_time']." AND `tmp_info` = '".$row['tmp_info']."' "); e107::getMessage()->addDebug("Tmp Password Reset Entry Deleted"); } $sql->delete('tmp', "tmp_time < ".time()); // cleanup table. list($uid, $loginName, $md5) = explode(FPW_SEPARATOR, $row['tmp_info']); $loginName = $tp->toDB($loginName, true); // This should never happen! if($md5 != $tmpinfo) { e107::getRedirect()->redirect(SITEURL); } // Generate new temporary password $pwdArray = e107::getUserSession()->resetPassword($uid,$loginName, array('return'=>'array')); if($pwdArray === false) { fpw_error(LAN_214); } $newpw = $pwdArray['password']; // Details for admin log $do_log = array(); $do_log['password_action'] = LAN_FPW21; $do_log['user_loginname'] = $loginName; $do_log['activation_code'] = $tmpinfo; $do_log['user_password'] = $newpw; $do_log['user_password_hash'] = $pwdArray['hash']; $do_log['expires'] = date(DATE_W3C,$row['tmp_time']); // Prepare new information to display to user if((integer) e107::getPref('allowEmailLogin') > 0) { // always show email when possible $sql->select('user', 'user_email', "user_id=".intval($uid)); $tmp = $sql->fetch(); $loginName = $tmp['user_email']; $do_log['user_email'] = $tmp['user_email']; unset($tmp); } $admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,0,$do_log['user_name']); if(getperms('0')) // Test Mode. { echo "

".print_a($do_log, true)."

"; } else { // Reset login cookie/session (?) cookie($pref['cookie_name'], '', (time()-2592000)); $_SESSION[$pref['cookie_name']] = ''; } // Display success message containing new login information $txt = "

".LAN_FPW8."

".LAN_218."	{$loginName}
".LAN_FPW9."	{$newpw}

".LAN_FPW10." ".LAN_LOGIN.". "; // .LAN_FPW12; e107::getMessage()->addSuccess($txt); e107::getRender()->tablerender(LAN_03, e107::getMessage()->render()); require_once(FOOTERF); exit; } // The password reset code was not found else { fpw_error(LAN_FPW7); } } // Request to reset password if (!empty($_POST['pwsubmit'])) { require_once(e_HANDLER.'mail.php'); if ($pref['fpwcode'] && extension_loaded('gd')) { if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) { fpw_error(LAN_INVALID_CODE); } } $email = $_POST['email']; $clean_email = check_email($tp->toDB($_POST['email'])); $clean_username = $tp->toDB(varset($_POST['username'], '')); $query = "`user_email`='{$clean_email}' "; // Allow admins to remove 'username' from fpw_template.php if they wish. $query .= (isset($_POST['username'])) ? " AND `user_loginname`='{$clean_username}'" : ""; if($sql->select('user', '*', $query)) { // Found user in DB $row = $sql->fetch(); // Main admin expected to be competent enough to never forget password! (And its a security check - so warn them) // Sending email to admin alerting them of attempted admin password reset, and redirect user to homepage. if(!getperms('0')) // disabled when testing as main-admin. { if (($row['user_admin'] == 1) && (($row['user_perms'] == '0') OR ($row['user_perms'] == '0.'))) { sendemail($pref['siteadminemail'], LAN_06, LAN_07.' ['.e107::getIPHandler()->getIP(FALSE).'] '.e107::getIPHandler()->getIP(TRUE).' '.LAN_08); e107::getRedirect()->redirect(SITEURL); } } // Banned user, or not validated switch($row['user_ban']) { case USER_BANNED: e107::getRedirect()->redirect(SITEURL); break; case USER_VALIDATED: break; default: fpw_error(LAN_02.':'.$row['user_ban']); // Intentionally rather a vague message exit; } // Check if password reset was already requested if ($result = $sql->select('tmp', '*', "`tmp_ip` = 'pwreset' AND `tmp_info` LIKE '".$row['user_loginname'].FPW_SEPARATOR."%'")) { fpw_error(LAN_FPW4); exit; } // Set unique reset code $datekey = microtime(true); $rcode = e107::getUserSession()->generateRandomString( '############' ); // $rcode = crypt(($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $clean_email . $datekey), e_TOKEN); // Prepare email $link = SITEURL.'fpw.php?'.$rcode; $message = LAN_FPW5.' '.SITENAME.' '.LAN_FPW14.': '.e107::getIPHandler()->getIP(TRUE).".\n\n".LAN_FPW15."\n\n".LAN_FPW16."\n\n".LAN_FPW17."\n\n{$link}"; // Set timestamp two days ahead so it doesn't get auto-deleted // $deltime = time()+86400 * 2; $deltime = strtotime("+ 10 minutes"); // Insert the password reset request into the database $insertQry = array( 'tmp_ip' => 'pwreset', 'tmp_time' => $deltime, 'tmp_info' => ($row['user_id'].FPW_SEPARATOR.$row['user_loginname'].FPW_SEPARATOR.$rcode) ); $sql->insert('tmp', $insertQry); // Setup the information to log $do_log['password_action'] = LAN_FPW18; $do_log['user_id'] = $row['user_id']; $do_log['user_name'] = $row['user_name']; $do_log['user_loginname'] = $row['user_loginname']; $do_log['activation_code'] = $rcode; if(getperms('0')) { $message .= "\n\n

Caution: If you click the button below, you will follow the link the user receives in their email, and the password will actually be reset!"; // NO LAN $message .= "\n\nClick to Continue with test"; // NO LAN $ns->tablerender("Testing Mode", nl2br($message)); require_once(FOOTERF); exit; } // Try to send the email if(sendemail($clean_email, "".LAN_09."".SITENAME, $message)) { e107::getMessage()->addInfo(LAN_FPW6); $do_log['password_result'] = LAN_FPW20; } else { //$text = "

".LAN_02."

"; $do_log['password_result'] = LAN_FPW19; fpw_error(LAN_02); } // Log to user audit log e107::getLog()->user_audit(USER_AUDIT_PW_RES, $do_log, $row['user_id'], $row['user_name']); $ns->tablerender(LAN_03, $text.e107::getMessage()->render()); require_once(FOOTERF); exit; } else { //$text = LAN_213; //$ns->tablerender(LAN_214, "

".$text."

"); //e107::getMessage()->addError(LAN_213); //$ns->tablerender(LAN_214, e107::getMessage()->render()); fpw_error(LAN_213); } } $sc = array(); // needed? if(deftrue('BOOTSTRAP')) { $FPW_TABLE = ""; $caption = deftrue('LAN_FPW_100',"Forgot your password?"); } elseif(!$FPW_TABLE) { require_once (e107::coreTemplatePath('fpw')); //correct way to load a core template. $caption = LAN_03; } $sc = e107::getScBatch('fpw'); // fpw_shortcodes; $sc->wrapper('fpw/form'); // New Shortcode names in v2. BC Fix. $bcShortcodes = array('{FPW_TABLE_SECIMG_LAN}', '{FPW_TABLE_SECIMG_HIDDEN}', '{FPW_TABLE_SECIMG_SECIMG}', '{FPW_TABLE_SECIMG_TEXTBOC}'); $nwShortcodes = array('{FPW_CAPTCHA_LAN}', '{FPW_CAPTCHA_HIDDEN}', '{FPW_CAPTCHA_IMG}', '{FPW_CAPTCHA_INPUT}'); $FPW_TABLE = str_replace($bcShortcodes,$nwShortcodes,$FPW_TABLE); $text = $tp->parseTemplate($FPW_TABLE, true, $sc); $ns->tablerender($caption, $text, 'fpw'); require_once(FOOTERF);