diff options
| author | Maat <maat-pub@mageia.biz> | 2020-05-08 18:29:30 +0200 |
|---|---|---|
| committer | Maat <maat-pub@mageia.biz> | 2020-05-08 21:36:04 +0200 |
| commit | 36bc1870f21fac04736a1049c1d5b8e127d729f4 (patch) | |
| tree | 9d102331eeaf1ef3cd23e656320d7c08e65757ed /phpBB/includes/ucp/ucp_remind.php | |
| parent | 8875d385d0579b451dac4d9bda465172b4f69ee0 (diff) | |
| parent | 149375253685b3a38996f63015a74b7a0f53aa14 (diff) | |
| download | forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.tar forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.tar.gz forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.tar.bz2 forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.tar.xz forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.zip | |
Merge remote-tracking branch 'upstream/prep-release-3.1.11'
Diffstat (limited to 'phpBB/includes/ucp/ucp_remind.php')
| -rw-r--r-- | phpBB/includes/ucp/ucp_remind.php | 66 |
1 files changed, 50 insertions, 16 deletions
diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index bcb21cbedc..497bf6a2c4 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -1,10 +1,13 @@ <?php /** * -* @package ucp -* @version $Id$ -* @copyright (c) 2005 phpBB Group -* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. * */ @@ -19,7 +22,6 @@ if (!defined('IN_PHPBB')) /** * ucp_remind * Sending password reminders -* @package ucp */ class ucp_remind { @@ -28,18 +30,50 @@ class ucp_remind function main($id, $mode) { global $config, $phpbb_root_path, $phpEx; - global $db, $user, $auth, $template; + global $db, $user, $auth, $template, $phpbb_container, $phpbb_dispatcher; + + if (!$config['allow_password_reset']) + { + trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>')); + } $username = request_var('username', '', true); $email = strtolower(request_var('email', '')); $submit = (isset($_POST['submit'])) ? true : false; + add_form_key('ucp_remind'); + if ($submit) { - $sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason - FROM ' . USERS_TABLE . " - WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "' - AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; + if (!check_form_key('ucp_remind')) + { + trigger_error('FORM_INVALID'); + } + + $sql_array = array( + 'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason', + 'FROM' => array(USERS_TABLE => 'u'), + 'WHERE' => "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "' + AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" + ); + + /** + * Change SQL query for fetching user data + * + * @event core.ucp_remind_modify_select_sql + * @var string email User's email from the form + * @var string username User's username from the form + * @var array sql_array Fully assembled SQL query with keys SELECT, FROM, WHERE + * @since 3.1.11-RC1 + */ + $vars = array( + 'email', + 'username', + 'sql_array', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars))); + + $sql = $db->sql_build_query('SELECT', $sql_array); $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -67,7 +101,7 @@ class ucp_remind } // Check users permissions - $auth2 = new auth(); + $auth2 = new \phpbb\auth\auth(); $auth2->acl($user_row); if (!$auth2->acl_get('u_chgpasswd')) @@ -84,8 +118,11 @@ class ucp_remind // For the activation key a random length between 6 and 10 will do. $user_actkey = gen_rand_string(mt_rand(6, 10)); + // Instantiate passwords manager + $passwords_manager = $phpbb_container->get('passwords.manager'); + $sql = 'UPDATE ' . USERS_TABLE . " - SET user_newpasswd = '" . $db->sql_escape(phpbb_hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "' + SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "' WHERE user_id = " . $user_row['user_id']; $db->sql_query($sql); @@ -95,8 +132,7 @@ class ucp_remind $messenger->template('user_activate_passwd', $user_row['user_lang']); - $messenger->to($user_row['user_email'], $user_row['username']); - $messenger->im($user_row['user_jabber'], $user_row['username']); + $messenger->set_addresses($user_row); $messenger->anti_abuse_headers($config, $user); @@ -124,5 +160,3 @@ class ucp_remind $this->page_title = 'UCP_REMIND'; } } - -?>
\ No newline at end of file |