Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
ATutor/password_reminder.php /
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
180 lines (140 sloc)
5.67 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /****************************************************************/ | |
| /* ATutor */ | |
| /****************************************************************/ | |
| /* Copyright (c) 2002-2010 */ | |
| /* Inclusive Design Institute */ | |
| /* http://atutor.ca */ | |
| /* */ | |
| /* This program is free software. You can redistribute it and/or*/ | |
| /* modify it under the terms of the GNU General Public License */ | |
| /* as published by the Free Software Foundation. */ | |
| /****************************************************************/ | |
| // $Id$ | |
| $_user_location = 'public'; | |
| define('AT_INCLUDE_PATH', 'include/'); | |
| require (AT_INCLUDE_PATH.'vitals.inc.php'); | |
| if (isset($_POST['cancel'])) { | |
| $msg->addFeedback('CANCELLED'); | |
| header('Location: login.php'); | |
| exit; | |
| } else if (isset($_POST['form_password_reminder'])) { | |
| //get database info to create & email change-password-link | |
| $_POST['form_email'] = $addslashes($_POST['form_email']); | |
| $sql = "SELECT member_id, login, first_name, password, email FROM %smembers WHERE email='%s'"; | |
| $row = queryDB($sql,array(TABLE_PREFIX, $_POST['form_email']), TRUE); | |
| if (isset($row['member_id']) && $row['member_id'] != '') { | |
| //date link was generated (# days since epoch) | |
| $gen = intval(((time()/60)/60)/24); | |
| $hash = sha1($row['member_id'] . $gen . $row['password']); | |
| $hash_bit = substr($hash, 5, 15); | |
| $change_link = $_base_href.'password_reminder.php?id='.$row['member_id'].'&g='.$gen.'&h='.$hash_bit; | |
| if($row['first_name'] != ''){ | |
| $reply_name = $row['first_name']; | |
| }else{ | |
| $reply_name = $row['login']; | |
| } | |
| $tmp_message = _AT(array('password_request2',$reply_name, $row['login'], AT_PASSWORD_REMINDER_EXPIRY, $change_link)); | |
| //send email | |
| require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php'); | |
| $mail = new ATutorMailer; | |
| $mail->From = $_config['contact_email']; | |
| $mail->AddAddress($row['email']); | |
| $mail->Subject = $_config['site_name'] . ': ' . _AT('password_forgot'); | |
| $mail->Body = $tmp_message; | |
| if(!$mail->Send()) { | |
| $msg->addError('SENDING_ERROR'); | |
| $savant->display('password_reminder_feedback.tmpl.php'); | |
| exit; | |
| } | |
| $msg->addFeedback('CONFIRM_EMAIL2'); | |
| unset($mail); | |
| header('Location:index.php'); | |
| //$savant->display('password_reminder_feedback.tmpl.php'); | |
| } else { | |
| $msg->addError('EMAIL_NOT_FOUND'); | |
| $savant->display('password_reminder.tmpl.php'); | |
| } | |
| } else if (isset($_REQUEST['id']) && isset($_REQUEST['g']) && isset($_REQUEST['h'])) { | |
| //coming from an email link | |
| //check if expired | |
| $current = intval(((time()/60)/60)/24); | |
| $expiry_date = $_REQUEST['g'] + AT_PASSWORD_REMINDER_EXPIRY; //2 days after creation | |
| if ($current > $expiry_date) { | |
| $msg->addError('INVALID_LINK'); | |
| $savant->display('password_reminder_feedback.tmpl.php'); | |
| exit; | |
| } | |
| /* check if already visited (possibley add a "last login" field to members table)... if password was changed, won't work anyway. do later. */ | |
| //check for valid hash | |
| $sql = "SELECT password, email FROM %smembers WHERE member_id=%d"; | |
| $row = queryDB($sql, array(TABLE_PREFIX, $_REQUEST['id']), TRUE); | |
| if (isset($row['email']) && $row['email'] != '') { | |
| $email = $row['email']; | |
| $hash = sha1($_REQUEST['id'] . $_REQUEST['g'] . $row['password']); | |
| $hash_bit = substr($hash, 5, 15); | |
| if ($_REQUEST['h'] !== $hash_bit) { | |
| $msg->addError('INVALID_LINK'); | |
| } else if (($_REQUEST['h'] == $hash_bit) && !isset($_POST['form_change'])) { | |
| $savant->assign('id', $_REQUEST['id']); | |
| $savant->assign('g', $_REQUEST['g']); | |
| $savant->assign('h', $_REQUEST['h']); | |
| $savant->display('password_change.tmpl.php'); | |
| } | |
| } else { | |
| $msg->addError('INVALID_LINK'); | |
| $savant->display('password_reminder_feedback.tmpl.php'); | |
| exit; | |
| } | |
| //changing the password | |
| if (isset($_POST['form_change'])) { | |
| /* password check: password is verified front end by javascript. here is to handle the errors from javascript */ | |
| if ($_POST['password_error'] <> "") | |
| { | |
| $pwd_errors = explode(",", $_POST['password_error']); | |
| foreach ($pwd_errors as $pwd_error) | |
| { | |
| if ($pwd_error == "missing_password") | |
| $missing_fields[] = _AT('password'); | |
| else | |
| $msg->addError($pwd_error); | |
| } | |
| } | |
| if (!$msg->containsErrors()) { | |
| //save data | |
| $password = $addslashes($_POST['form_password_hidden']); | |
| $sql = "UPDATE %smembers SET password='%s', last_login=last_login, creation_date=creation_date WHERE member_id=%d"; | |
| $result = queryDB($sql,array(TABLE_PREFIX, $password, $_REQUEST['id'])); | |
| //reset login attempts | |
| if (isset($result)){ | |
| $sql = "SELECT login FROM %smembers WHERE member_id=%d"; | |
| $row = queryDB($sql, array(TABLE_PREFIX, $_REQUEST['id']), TRUE); | |
| $sql = "DELETE FROM %smember_login_attempt WHERE login='%s'"; | |
| queryDB($sql, array(TABLE_PREFIX, $row['login'])); | |
| } | |
| //send confirmation email | |
| require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php'); | |
| $tmp_message = _AT(array('password_change_confirm', $_config['site_name'], $_base_href))."\n\n"; | |
| $mail = new ATutorMailer; | |
| $mail->From = $_config['contact_email']; | |
| $mail->AddAddress($email); | |
| $mail->Subject = $_config['site_name'] . ': ' . _AT('password_forgot'); | |
| $mail->Body = $tmp_message; | |
| if(!$mail->Send()) { | |
| $msg->printErrors('SENDING_ERROR'); | |
| exit; | |
| } | |
| $msg->addFeedback('PASSWORD_CHANGED'); | |
| unset($mail); | |
| header('Location:index.php'); | |
| } else { | |
| $savant->assign('id', $_REQUEST['id']); | |
| $savant->assign('g', $_REQUEST['g']); | |
| $savant->assign('h', $_REQUEST['h']); | |
| $savant->display('password_change.tmpl.php'); | |
| } | |
| } | |
| } else { | |
| $savant->display('password_reminder.tmpl.php'); | |
| } | |
| ?> |