* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* ucp_remind
* Sending password reminders
*/
class ucp_remind
{
var $u_action;
function main($id, $mode)
{
global $config, $phpbb_root_path, $phpEx, $request;
global $db, $user, $template, $phpbb_container, $phpbb_dispatcher;
if (!$config['allow_password_reset'])
{
trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '', ''));
}
$username = $request->variable('username', '', true);
$email = strtolower($request->variable('email', ''));
$submit = (isset($_POST['submit'])) ? true : false;
add_form_key('ucp_remind');
if ($submit)
{
if (!check_form_key('ucp_remind'))
{
trigger_error('FORM_INVALID');
}
if (empty($email))
{
trigger_error('NO_EMAIL_USER');
}
$sql_array = array(
'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason',
'FROM' => array(USERS_TABLE => 'u'),
'WHERE' => "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'" .
(!empty($username) ? " AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : ''),
);
/**
* Change SQL query for fetching user data
*
* @event core.ucp_remind_modify_select_sql
* @var string email User's email from the form
* @var string username User's username from the form
* @var array sql_array Fully assembled SQL query with keys SELECT, FROM, WHERE
* @since 3.1.11-RC1
*/
$vars = array(
'email',
'username',
'sql_array',
);
extract($phpbb_dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars)));
$sql = $db->sql_build_query('SELECT', $sql_array);
$result = $db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need
$rowset = $db->sql_fetchrowset($result);
if (count($rowset) > 1)
{
$db->sql_freeresult($result);
$template->assign_vars(array(
'USERNAME_REQUIRED' => true,
'EMAIL' => $email,
));
}
else
{
$message = $user->lang['PASSWORD_UPDATED_IF_EXISTED'] . '
' . sprintf($user->lang['RETURN_INDEX'], '', '');
if (empty($rowset))
{
trigger_error($message);
}
$user_row = $rowset[0];
$db->sql_freeresult($result);
if (!$user_row)
{
trigger_error($message);
}
if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE)
{
trigger_error($message);
}
// Check users permissions
$auth2 = new \phpbb\auth\auth();
$auth2->acl($user_row);
if (!$auth2->acl_get('u_chgpasswd'))
{
trigger_error($message);
}
$server_url = generate_board_url();
// Make password at least 8 characters long, make it longer if admin wants to.
// gen_rand_string() however has a limit of 12 or 13.
$user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
// For the activation key a random length between 6 and 10 will do.
$user_actkey = gen_rand_string(mt_rand(6, 10));
// Instantiate passwords manager
/* @var $manager \phpbb\passwords\manager */
$passwords_manager = $phpbb_container->get('passwords.manager');
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
WHERE user_id = " . $user_row['user_id'];
$db->sql_query($sql);
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
$messenger = new messenger(false);
$messenger->template('user_activate_passwd', $user_row['user_lang']);
$messenger->set_addresses($user_row);
$messenger->anti_abuse_headers($config, $user);
$messenger->assign_vars(array(
'USERNAME' => htmlspecialchars_decode($user_row['username']),
'PASSWORD' => htmlspecialchars_decode($user_password),
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
);
$messenger->send($user_row['user_notify_type']);
trigger_error($message);
}
}
$template->assign_vars(array(
'USERNAME' => $username,
'EMAIL' => $email,
'S_PROFILE_ACTION' => append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword'))
);
$this->tpl_name = 'ucp_remind';
$this->page_title = 'UCP_REMIND';
}
}