mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-01 14:30:32 +02:00
Merge pull request #4223 from senky/ticket/10432
[ticket/10432] Don't require username when user forgets password
This commit is contained in:
Marc Alexander
@@ -50,11 +50,16 @@ class ucp_remind
|
||||
trigger_error('FORM_INVALID');
|
||||
}
|
||||
|
||||
if (empty($email))
|
||||
{
|
||||
trigger_error('NO_EMAIL_USER');
|
||||
}
|
||||
|
||||
$sql_array = array(
|
||||
'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason',
|
||||
'FROM' => array(USERS_TABLE => 'u'),
|
||||
'WHERE' => "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'
|
||||
AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"
|
||||
'WHERE' => "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'" .
|
||||
(!empty($username) ? " AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : ''),
|
||||
);
|
||||
|
||||
/**
|
||||
@@ -74,82 +79,87 @@ class ucp_remind
|
||||
extract($phpbb_dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars)));
|
||||
|
||||
$sql = $db->sql_build_query('SELECT', $sql_array);
|
||||
$result = $db->sql_query($sql);
|
||||
$user_row = $db->sql_fetchrow($result);
|
||||
$db->sql_freeresult($result);
|
||||
$result = $db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need
|
||||
$rowset = $db->sql_fetchrowset($result);
|
||||
|
||||
if (!$user_row)
|
||||
if (count($rowset) > 1)
|
||||
{
|
||||
trigger_error('NO_EMAIL_USER');
|
||||
$db->sql_freeresult($result);
|
||||
|
||||
$template->assign_vars(array(
|
||||
'USERNAME_REQUIRED' => true,
|
||||
'EMAIL' => $email,
|
||||
));
|
||||
}
|
||||
|
||||
if ($user_row['user_type'] == USER_IGNORE)
|
||||
else
|
||||
{
|
||||
trigger_error('NO_USER');
|
||||
}
|
||||
$message = $user->lang['PASSWORD_UPDATED_IF_EXISTED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
|
||||
|
||||
if ($user_row['user_type'] == USER_INACTIVE)
|
||||
{
|
||||
if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL)
|
||||
if (empty($rowset))
|
||||
{
|
||||
trigger_error('ACCOUNT_DEACTIVATED');
|
||||
trigger_error($message);
|
||||
}
|
||||
else
|
||||
|
||||
$user_row = $rowset[0];
|
||||
$db->sql_freeresult($result);
|
||||
|
||||
if (!$user_row)
|
||||
{
|
||||
trigger_error('ACCOUNT_NOT_ACTIVATED');
|
||||
trigger_error($message);
|
||||
}
|
||||
|
||||
if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE)
|
||||
{
|
||||
trigger_error($message);
|
||||
}
|
||||
|
||||
// Check users permissions
|
||||
$auth2 = new \phpbb\auth\auth();
|
||||
$auth2->acl($user_row);
|
||||
|
||||
if (!$auth2->acl_get('u_chgpasswd'))
|
||||
{
|
||||
trigger_error($message);
|
||||
}
|
||||
|
||||
$server_url = generate_board_url();
|
||||
|
||||
// Make password at least 8 characters long, make it longer if admin wants to.
|
||||
// gen_rand_string() however has a limit of 12 or 13.
|
||||
$user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
|
||||
|
||||
// For the activation key a random length between 6 and 10 will do.
|
||||
$user_actkey = gen_rand_string(mt_rand(6, 10));
|
||||
|
||||
// Instantiate passwords manager
|
||||
/* @var $manager \phpbb\passwords\manager */
|
||||
$passwords_manager = $phpbb_container->get('passwords.manager');
|
||||
|
||||
$sql = 'UPDATE ' . USERS_TABLE . "
|
||||
SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
|
||||
WHERE user_id = " . $user_row['user_id'];
|
||||
$db->sql_query($sql);
|
||||
|
||||
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
|
||||
|
||||
$messenger = new messenger(false);
|
||||
|
||||
$messenger->template('user_activate_passwd', $user_row['user_lang']);
|
||||
|
||||
$messenger->set_addresses($user_row);
|
||||
|
||||
$messenger->anti_abuse_headers($config, $user);
|
||||
|
||||
$messenger->assign_vars(array(
|
||||
'USERNAME' => htmlspecialchars_decode($user_row['username']),
|
||||
'PASSWORD' => htmlspecialchars_decode($user_password),
|
||||
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
|
||||
);
|
||||
|
||||
$messenger->send($user_row['user_notify_type']);
|
||||
|
||||
trigger_error($message);
|
||||
}
|
||||
|
||||
// Check users permissions
|
||||
$auth2 = new \phpbb\auth\auth();
|
||||
$auth2->acl($user_row);
|
||||
|
||||
if (!$auth2->acl_get('u_chgpasswd'))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error('NO_AUTH_PASSWORD_REMINDER');
|
||||
}
|
||||
|
||||
$server_url = generate_board_url();
|
||||
|
||||
// Make password at least 8 characters long, make it longer if admin wants to.
|
||||
// gen_rand_string() however has a limit of 12 or 13.
|
||||
$user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
|
||||
|
||||
// For the activation key a random length between 6 and 10 will do.
|
||||
$user_actkey = gen_rand_string(mt_rand(6, 10));
|
||||
|
||||
// Instantiate passwords manager
|
||||
/* @var $manager \phpbb\passwords\manager */
|
||||
$passwords_manager = $phpbb_container->get('passwords.manager');
|
||||
|
||||
$sql = 'UPDATE ' . USERS_TABLE . "
|
||||
SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
|
||||
WHERE user_id = " . $user_row['user_id'];
|
||||
$db->sql_query($sql);
|
||||
|
||||
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
|
||||
|
||||
$messenger = new messenger(false);
|
||||
|
||||
$messenger->template('user_activate_passwd', $user_row['user_lang']);
|
||||
|
||||
$messenger->set_addresses($user_row);
|
||||
|
||||
$messenger->anti_abuse_headers($config, $user);
|
||||
|
||||
$messenger->assign_vars(array(
|
||||
'USERNAME' => htmlspecialchars_decode($user_row['username']),
|
||||
'PASSWORD' => htmlspecialchars_decode($user_password),
|
||||
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
|
||||
);
|
||||
|
||||
$messenger->send($user_row['user_notify_type']);
|
||||
|
||||
meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
|
||||
|
||||
$message = $user->lang['PASSWORD_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
|
||||
trigger_error($message);
|
||||
}
|
||||
|
||||
$template->assign_vars(array(
|
||||
|
||||
Reference in New Issue
Block a user