Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

110 lines (85 sloc) 3.413 kb
<?php
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# Mantis is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Mantis. If not, see <http://www.gnu.org/licenses/>.
# --------------------------------------------------------
# $Id: lost_pwd.php,v 1.7.2.1 2007-10-13 22:33:21 giallu Exp $
# --------------------------------------------------------
# ======================================================================
# Author: Marcello Scata' <marcelloscata at users.sourceforge.net> ITALY
# ======================================================================
require_once( 'core.php' );
# helper_ensure_post();
# lost password feature disabled or reset password via email disabled -> stop here!
if( OFF == config_get( 'lost_password_feature' ) ||
OFF == config_get( 'send_reset_password' ) ||
OFF == config_get( 'enable_email_notification' ) ) {
trigger_error( ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR );
}
# force logout on the current user if already authenticated
if( auth_is_user_authenticated() ) {
auth_logout();
}
$f_username = gpc_get_string('username');
$f_email = gpc_get_string('email');
$f_email = email_append_domain( $f_email );
email_ensure_valid( $f_email );
$c_username = db_prepare_string( $f_username );
$c_email = db_prepare_string( $f_email );
$t_user_table = config_get( 'mantis_user_table' );
# @@@ Consider moving this query to user_api.php
$query = 'SELECT id FROM ' . $t_user_table . ' WHERE username = \'' . $c_username . '\' AND email = \'' . $c_email . '\' AND enabled=1';
$result = db_query( $query );
if ( 0 == db_num_rows( $result ) ) {
trigger_error( ERROR_LOST_PASSWORD_NOT_MATCHING_DATA, ERROR );
}
if( is_blank( $f_email ) ) {
trigger_error( ERROR_LOST_PASSWORD_NO_EMAIL_SPECIFIED, ERROR );
}
$row = db_fetch_array( $result );
$t_user_id = $row['id'];
if( user_is_protected( $t_user_id ) ) {
trigger_error( ERROR_PROTECTED_ACCOUNT, ERROR );
}
if( !user_is_lost_password_request_allowed( $t_user_id ) ) {
trigger_error( ERROR_LOST_PASSWORD_MAX_IN_PROGRESS_ATTEMPTS_REACHED, ERROR );
}
$t_confirm_hash = auth_generate_confirm_hash( $t_user_id );
email_send_confirm_hash_url( $t_user_id, $t_confirm_hash );
user_increment_lost_password_in_progress_count( $t_user_id );
$t_redirect_url = 'login_page.php';
html_page_top1();
html_page_top2();
?>
<br />
<div align="center">
<table class="width50" cellspacing="1">
<tr>
<td class="center">
<b><?php echo lang_get( 'lost_password_done_title' ) ?></b>
</td>
</tr>
<tr>
<td>
<br/>
<?php echo lang_get( 'reset_request_in_progress_msg' ) ?>
<br/><br/>
</td>
</tr>
</table>
<br />
<?php print_bracket_link( 'login_page.php', lang_get( 'proceed' ) ); ?>
</div>
<?php html_page_bottom1a( __FILE__ ) ?>
Jump to Line
Something went wrong with that request. Please try again.