PHPXRef 0.6 : E107 v0.7.22 code documentation : /fpw.php source

[Summary view] [Print] [Text view]
   1  <?php
   2  /*
   3  + ----------------------------------------------------------------------------+
   4  |     e107 website system
   5  |
   6  |     ©Steve Dunstan 2001-2002
   7  |     http://e107.org
   8  |     jalist@e107.org
   9  |
  10  |     Released under the terms and conditions of the
  11  |     GNU General Public License (http://gnu.org).
  12  |
  13  |     $Source: /cvs_backup/e107_0.7/fpw.php,v $
  14  |     $Revision: 11346 $
  15  |     $Date: 2010-02-17 13:56:14 -0500 (Wed, 17 Feb 2010) $
  16  |     $Author: secretr $
  17  +----------------------------------------------------------------------------+
  18  */
  19  require_once ("class2.php");
  20  
  21  if(USER)
  22  {
  23      header("location:".e_BASE."index.php");
  24      exit;
  25  }
  26  
  27  if($pref['fpwcode'] && extension_loaded("gd"))
  28  {
  29      define("USE_IMAGECODE",TRUE);
  30  }
  31  else
  32  {
  33      define("USE_IMAGECODE",FALSE);
  34  }
  35  
  36  
  37  if (USE_IMAGECODE) 
  38  {
  39      require_once(e_HANDLER."secure_img_handler.php");
  40      $sec_img = new secure_image;
  41  }
  42  
  43  
  44  
  45  if ($pref['membersonly_enabled']) 
  46  {
  47      if (!$FPW_TABLE_HEADER) 
  48      {
  49          if (file_exists(THEME."fpw_template.php")) 
  50          {
  51              require_once(THEME."fpw_template.php");
  52          } 
  53          else 
  54          {
  55              require_once(e_BASE.$THEMES_DIRECTORY."templates/fpw_template.php");
  56          }
  57      }
  58      $HEADER = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE_HEADER);
  59      $FOOTER = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE_FOOTER);
  60  }
  61  
  62  require_once(HEADERF);
  63  
  64  
  65  function fpw_error($txt) 
  66  {
  67      global $ns;
  68      $ns->tablerender(LAN_03, "<div style='text-align:center'>".$txt."</div>");
  69      require_once(FOOTERF);
  70      exit;
  71  }
  72  
  73  
  74  //the separator character used
  75  $fpw_sep = "#";
  76  
  77  
  78  
  79  if (e_QUERY) 
  80  {    // User has clicked on the emailed link
  81      define("FPW_ACTIVE","TRUE");
  82      $tmp = explode($fpw_sep, e_QUERY);
  83      $tmpinfo = preg_replace("#[\W_]#", "", $tp -> toDB($tmp[0], true));
  84      if ($sql->db_Select("tmp", "*", "`tmp_info` LIKE '%{$fpw_sep}{$tmpinfo}' ")) 
  85      {
  86          $row = $sql->db_Fetch();
  87          extract($row);
  88          $sql->db_Delete("tmp", "`tmp_info` LIKE '%{$fpw_sep}{$tmpinfo}' ");
  89          $newpw = "";
  90          $pwlen = rand(8, 12);
  91          for($a = 0; $a <= $pwlen; $a++) 
  92          {
  93              $newpw .= chr(rand(97, 122));
  94          }
  95          $mdnewpw = md5($newpw);            // Generate new random password
  96  
  97          list($loginName, $md5) = explode($fpw_sep, $tmp_info);
  98          $sql->db_Update("user", "`user_password`='{$mdnewpw}', `user_viewed`='' WHERE `user_loginname`='".$tp -> toDB($loginName, true)."' ");
  99          cookie($pref['cookie_name'], "", (time()-2592000));
 100          $_SESSION[$pref['cookie_name']] = "";
 101  
 102          $txt = "<div>".LAN_FPW8."<br /><br />
 103          <table style='width:70%'>
 104          <tr><td>".LAN_218."</td><td style='font-weight:bold'>{$loginName}</td></tr>
 105          <tr><td>".LAN_FPW9."</td><td style='font-weight:bold'>{$newpw}</td></tr>
 106          </table>
 107          <br /><br />".LAN_FPW10." <a href='".e_LOGIN."'>".LAN_FPW11."</a> ".LAN_FPW12."</div>";
 108          fpw_error($txt);
 109  
 110      } 
 111      else 
 112      {
 113          fpw_error(LAN_FPW7);
 114      }
 115  }
 116  
 117  
 118  // Request to reset password
 119  //--------------------------
 120  if (isset($_POST['pwsubmit'])) 
 121  {    // Request for password reset submitted
 122      require_once(e_HANDLER."mail.php");
 123      $email = $_POST['email'];
 124  
 125      if ($pref['fpwcode'] && extension_loaded("gd")) 
 126      {
 127          if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) 
 128          {
 129              fpw_error(LAN_FPW3);
 130          }
 131      }
 132  
 133      $clean_email = check_email($tp -> toDB($_POST['email']));
 134      $clean_username = $tp -> toDB($_POST['username']);
 135       $query = "`user_email`='{$clean_email}' ";
 136      // Allow admins to remove 'username' from fpw_template.php if they wish.
 137      $query .= (isset($_POST['username'])) ? " AND `user_loginname`='{$clean_username}'" : "";
 138  
 139      if ($sql->db_Select("user", "*", $query)) 
 140      {    // Found user in DB
 141          $row = $sql->db_Fetch();
 142           extract($row);
 143  
 144          if ($row['user_admin'] == 1 && $row['user_perms'] == "0") 
 145          {    // Main admin expected to be competent enough to never forget password! (And its a security check - so warn them)
 146              sendemail($pref['siteadminemail'], LAN_06, LAN_07."".$e107->getip()." ".LAN_08);
 147              echo "<script type='text/javascript'>document.location.href='index.php'</script>\n";
 148              die();
 149          }
 150  
 151          if ($result = $sql->db_Select("tmp", "*", "`tmp_ip` = 'pwreset' AND `tmp_info` LIKE '{$row['user_loginname']}{$fpw_sep}%'")) 
 152          {
 153              fpw_error(LAN_FPW4);
 154              exit;
 155          }
 156  
 157          mt_srand ((double)microtime() * 1000000);
 158          $maxran = 1000000;
 159          $rand_num = mt_rand(0, $maxran);
 160          $datekey = date("r");
 161          $rcode = md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey);
 162  
 163          $link = SITEURL."fpw.php?{$rcode}";
 164          $message = LAN_FPW5." ".SITENAME." ".LAN_FPW14." : ".$e107->getip().".\n\n".LAN_FPW15."\n\n".LAN_FPW16."\n\n".LAN_FPW17."\n\n{$link}";
 165          //  $message = LAN_FPW5."\n\n{$link}";
 166  
 167          $deltime = time()+86400 * 2;
 168          //Set timestamp two days ahead so it doesn't get auto-deleted
 169          $sql->db_Insert("tmp", "'pwreset',{$deltime},'{$row['user_loginname']}{$fpw_sep}{$rcode}'");
 170  
 171  
 172          if (sendemail($_POST['email'], "".LAN_09."".SITENAME, $message)) 
 173          {
 174              $text = "<div style='text-align:center'>".LAN_FPW6."</div>";
 175          } 
 176          else 
 177          {
 178              $text = "<div style='text-align:center'>".LAN_02."</div>";
 179          }
 180  
 181          $ns->tablerender(LAN_03, $text);
 182          require_once(FOOTERF);
 183          exit;
 184      } 
 185      else 
 186      {
 187          $text = LAN_213;
 188          $ns->tablerender(LAN_214, "<div style='text-align:center'>".$text."</div>");
 189      }
 190  }
 191  
 192  
 193  if (USE_IMAGECODE) 
 194  {
 195      $FPW_TABLE_SECIMG_LAN = LAN_FPW2;
 196      $FPW_TABLE_SECIMG_HIDDEN = "<input type='hidden' name='rand_num' value='".$sec_img->random_number."' />";
 197      $FPW_TABLE_SECIMG_SECIMG = $sec_img->r_image();
 198      $FPW_TABLE_SECIMG_TEXTBOC = "<input class='tbox' type='text' name='code_verify' size='15' maxlength='20' />";
 199  }
 200  
 201  if (!$FPW_TABLE) 
 202  {
 203      if (file_exists(THEME."fpw_template.php")) 
 204      {
 205          require_once(THEME."fpw_template.php");
 206      } 
 207      else 
 208      {
 209          require_once(e_BASE.$THEMES_DIRECTORY."templates/fpw_template.php");
 210      }
 211  }
 212  $text = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE);
 213  
 214  $ns->tablerender(LAN_03, $text);
 215  require_once(FOOTERF);
 216  
 217  ?>
PHP Cross Reference of E107 v0.7.22 code documentation

/ -> fpw.php (source)

[ Index ]	PHP Cross Reference of E107 v0.7.22 code documentation