diff options
author | Marc Alexander <admin@m-a-styles.de> | 2019-10-03 21:01:36 +0200 |
---|---|---|
committer | Marc Alexander <admin@m-a-styles.de> | 2019-10-03 21:01:36 +0200 |
commit | 68c197fd6012b5435a29a288113b957e7957de59 (patch) | |
tree | 6d4ed0af33be2c0ef7aeaf666e13949364fe6248 /phpBB/includes/ucp | |
parent | 1eed2f98c30210d02b8ca3bf5b167fae67dc64dd (diff) | |
parent | 3a443b56233c58df49d15861c1c4add996b7660b (diff) | |
download | forums-68c197fd6012b5435a29a288113b957e7957de59.tar forums-68c197fd6012b5435a29a288113b957e7957de59.tar.gz forums-68c197fd6012b5435a29a288113b957e7957de59.tar.bz2 forums-68c197fd6012b5435a29a288113b957e7957de59.tar.xz forums-68c197fd6012b5435a29a288113b957e7957de59.zip |
Merge pull request #5652 from marc1706/ticket/11327
[ticket/11327] Implement forgot password functionality via form
Diffstat (limited to 'phpBB/includes/ucp')
-rw-r--r-- | phpBB/includes/ucp/ucp_remind.php | 174 |
1 files changed, 0 insertions, 174 deletions
diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php deleted file mode 100644 index e50428bfea..0000000000 --- a/phpBB/includes/ucp/ucp_remind.php +++ /dev/null @@ -1,174 +0,0 @@ -<?php -/** -* -* This file is part of the phpBB Forum Software package. -* -* @copyright (c) phpBB Limited <https://www.phpbb.com> -* @license GNU General Public License, version 2 (GPL-2.0) -* -* For full copyright and license information, please see -* the docs/CREDITS.txt file. -* -*/ - -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - -/** -* ucp_remind -* Sending password reminders -*/ -class ucp_remind -{ - var $u_action; - - function main($id, $mode) - { - global $config, $phpbb_root_path, $phpEx, $request; - global $db, $user, $template, $phpbb_container, $phpbb_dispatcher; - - if (!$config['allow_password_reset']) - { - trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>')); - } - - $username = $request->variable('username', '', true); - $email = strtolower($request->variable('email', '')); - $submit = (isset($_POST['submit'])) ? true : false; - - add_form_key('ucp_remind'); - - if ($submit) - { - if (!check_form_key('ucp_remind')) - { - trigger_error('FORM_INVALID'); - } - - if (empty($email)) - { - trigger_error('NO_EMAIL_USER'); - } - - $sql_array = array( - 'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason', - 'FROM' => array(USERS_TABLE => 'u'), - 'WHERE' => "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'" . - (!empty($username) ? " AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : ''), - ); - - /** - * Change SQL query for fetching user data - * - * @event core.ucp_remind_modify_select_sql - * @var string email User's email from the form - * @var string username User's username from the form - * @var array sql_array Fully assembled SQL query with keys SELECT, FROM, WHERE - * @since 3.1.11-RC1 - */ - $vars = array( - 'email', - 'username', - 'sql_array', - ); - extract($phpbb_dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars))); - - $sql = $db->sql_build_query('SELECT', $sql_array); - $result = $db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need - $rowset = $db->sql_fetchrowset($result); - - if (count($rowset) > 1) - { - $db->sql_freeresult($result); - - $template->assign_vars(array( - 'USERNAME_REQUIRED' => true, - 'EMAIL' => $email, - )); - } - else - { - $message = $user->lang['PASSWORD_UPDATED_IF_EXISTED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>'); - - if (empty($rowset)) - { - trigger_error($message); - } - - $user_row = $rowset[0]; - $db->sql_freeresult($result); - - if (!$user_row) - { - trigger_error($message); - } - - if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE) - { - trigger_error($message); - } - - // Check users permissions - $auth2 = new \phpbb\auth\auth(); - $auth2->acl($user_row); - - if (!$auth2->acl_get('u_chgpasswd')) - { - trigger_error($message); - } - - $server_url = generate_board_url(); - - // Make password at least 8 characters long, make it longer if admin wants to. - // gen_rand_string() however has a limit of 12 or 13. - $user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars']))); - - // For the activation key a random length between 6 and 10 will do. - $user_actkey = gen_rand_string(mt_rand(6, 10)); - - // Instantiate passwords manager - /* @var $manager \phpbb\passwords\manager */ - $passwords_manager = $phpbb_container->get('passwords.manager'); - - $sql = 'UPDATE ' . USERS_TABLE . " - SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "' - WHERE user_id = " . $user_row['user_id']; - $db->sql_query($sql); - - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); - - $messenger = new messenger(false); - - $messenger->template('user_activate_passwd', $user_row['user_lang']); - - $messenger->set_addresses($user_row); - - $messenger->anti_abuse_headers($config, $user); - - $messenger->assign_vars(array( - 'USERNAME' => htmlspecialchars_decode($user_row['username']), - 'PASSWORD' => htmlspecialchars_decode($user_password), - 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey") - ); - - $messenger->send($user_row['user_notify_type']); - - trigger_error($message); - } - } - - $template->assign_vars(array( - 'USERNAME' => $username, - 'EMAIL' => $email, - 'S_PROFILE_ACTION' => append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword')) - ); - - $this->tpl_name = 'ucp_remind'; - $this->page_title = 'UCP_REMIND'; - } -} |