diff options
| -rw-r--r-- | phpBB/language/email/admin_welcome_activated_english.tpl | 2 | ||||
| -rw-r--r-- | phpBB/language/email/user_activate_passwd_english.tpl | 15 | ||||
| -rwxr-xr-x | phpBB/language/lang_english.php | 46 | ||||
| -rw-r--r-- | phpBB/login.php | 2 | ||||
| -rw-r--r-- | phpBB/profile.php | 186 | ||||
| -rw-r--r-- | phpBB/templates/subSilver/profile_add_body.tpl | 13 | ||||
| -rw-r--r-- | phpBB/templates/subSilver/profile_send_pass.tpl | 35 |
7 files changed, 249 insertions, 50 deletions
diff --git a/phpBB/language/email/admin_welcome_activated_english.tpl b/phpBB/language/email/admin_welcome_activated_english.tpl index 1fbed221ba..f467754474 100644 --- a/phpBB/language/email/admin_welcome_activated_english.tpl +++ b/phpBB/language/email/admin_welcome_activated_english.tpl @@ -1,5 +1,5 @@ Hello {USERNAME}, -Your account has now been activated, you may login using the username and password you received in a previous email. +Your account on "{SITENAME}" has now been activated, you may login using the username and password you received in a previous email. {EMAIL_SIG}
\ No newline at end of file diff --git a/phpBB/language/email/user_activate_passwd_english.tpl b/phpBB/language/email/user_activate_passwd_english.tpl new file mode 100644 index 0000000000..2b79f4f1dd --- /dev/null +++ b/phpBB/language/email/user_activate_passwd_english.tpl @@ -0,0 +1,15 @@ +Hello {USERNAME} + +You are receiving this email because you have (or someone pretending to be you has) requested a new password be sent for your account on {SITENAME}. If you did not request this email then please ignore it, if you keep receiving it please contact the board administrator. + +To use the new password you need to activate it. To do this click the link provided below. + +Activation: {U_ACTIVATE} + +If sucessful you will be able to login using the following password: + +Password: {PASSWORD} + +You can of course change this password yourself via the profile page. If you have any difficulties please contact the board administrator. + +{EMAIL_SIG}
\ No newline at end of file diff --git a/phpBB/language/lang_english.php b/phpBB/language/lang_english.php index 7a4a42483c..5abec9f15a 100755 --- a/phpBB/language/lang_english.php +++ b/phpBB/language/lang_english.php @@ -450,6 +450,9 @@ $lang['Signature'] = "Signature"; $lang['Signature_explain'] = "This is a block of text that can be added to posts you make. There is a 255 character limit"; $lang['Public_view_email'] = "Always show my Email Address"; +$lang['Current_password'] = "Current password"; +$lang['New_password'] = "New password"; +$lang['Confirm_password'] = "Confirm password"; $lang['password_if_changed'] = "You only need to supply a password if you want to change it"; $lang['password_confirm_if_changed'] = "You only need to confirm your password if you changed it above"; @@ -480,6 +483,7 @@ $lang['Profile_updated'] = "Your profile has been updated"; $lang['to_return_index'] = "to return to the index"; $lang['Password_mismatch'] = "The passwords you entered did not match"; +$lang['Current_password_mismatch'] = "The current password you supplied does not match that stored in the database"; $lang['Invalid_username'] = "The username you requested has been taken or disallowed"; $lang['Signature_too_long'] = "Your signature is too long"; $lang['Fields_empty'] = "You must fill in the required fields"; @@ -501,6 +505,13 @@ $lang['Reactivate'] = "Reactivate your account!"; $lang['COPPA'] = "Your account has been created but has to be approved, please check your email for details."; $lang['Welcome_COPPA'] = "Your account has been created, however in complance with the COPPA act you must print out this page and have you parent or guardian mail it to: <br />" . $lang['Mailing_address'] . "<br />Or fax it to: <br />" . $lang['Fax_info'] . "<br /> Once this information has been received your account will be activated by the administrator and you will receive an email notification."; +$lang['Wrong_activation'] = "The activation key you supplied does not match any in the database"; +$lang['Send_password'] = "Send me a new password"; +$lang['Password_updated'] = "A new password has been created, please check your email for details on how to activate it"; +$lang['No_email_match'] = "The email address you supplied does not match the one listed for that username"; +$lang['New_password_activation'] = "New password activation"; +$lang['Password_activated'] = "Your account has been re-activated. To logon please use the password supplied in the email you received"; + // // Memberslist // @@ -994,39 +1005,4 @@ $lang['Download_config'] = "Download Config"; // End // ------------------------------------------------- -// ------------------------------------------------- -// Old format ... _DON'T_add_any_ new entries here!! -// - -// Sendpasswd -$l_wrongactiv = "The activation key you provided is not correct. Please check email $l_message you recived and make sure you have copied the activation key exactly."; -$l_passchange = "Your password has been successfully changed. You may now goto your <a href=\"bb_profile.$phpEx?mode=edit\">profile</a> and change your password to a more suitable one."; -$l_wrongmail = "The email address you entered does not match the one stored in our database."; - -$l_passsubj = "$sitename Forums Password Change"; - -$l_pwdmessage = "Dear $checkinfo[username], -You are receiving this email because you (or someone pretending to be you) -has requested a passwordchange on $sitename forums. If you believe you have -received this message in error simply delete it and your password will remain -the same. - -Your new password as generated by the forums is: $newpw - -In order for this change to take effect you must visit this page: - - http://$SERVER_NAME$PHP_SELF?actkey=$key - -Once you have visited the page your password will be changed in our database, -and you may login to the profile section and change it as desired. - -Thank you for using $sitename Forums - -"; - -$l_passsent = "Your password has changed to a new, random, password. Please check your email on how to complete the password change procedure."; -$l_emailpass = "Email Lost Password"; -$l_passexplain = "Please fill out the form, a new password will be sent to your Email address"; -$l_sendpass = "Send Password"; - ?>
\ No newline at end of file diff --git a/phpBB/login.php b/phpBB/login.php index b560073137..155b15b548 100644 --- a/phpBB/login.php +++ b/phpBB/login.php @@ -169,7 +169,7 @@ else "L_SEND_PASSWORD" => $lang['Forgotten_password'], - "U_SEND_PASSWORD" => append_sid("sendpassword.$phpEx") + "U_SEND_PASSWORD" => append_sid("profile.$phpEx?mode=sendpassword") ) ); diff --git a/phpBB/profile.php b/phpBB/profile.php index 8e64555980..07bb40a8a4 100644 --- a/phpBB/profile.php +++ b/phpBB/profile.php @@ -92,7 +92,6 @@ function validate_email($email) } } - // // Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags() // to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail. @@ -165,9 +164,25 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca return; } +function generate_password() +{ + $chars = array( + "a","A","b","B","c","C","d","D","e","E","f","F","g","G","h","H","i","I","j","J", "k","K","l","L","m","M","n","N","o","O","p","P","q","Q","r","R","s","S","t","T", "u","U","v","V","w","W","x","X","y","Y","z","Z","1","2","3","4","5","6","7","8", + "9","0"); + + $max_chars = count($chars) - 1; + srand((double)microtime()*1000000); + + for($i = 0; $i < 8; $i++) + { + $new_passwd = ($i == 0) ? $chars[rand(0, $max_chars)] : $new_passwd . $chars[rand(0, $max_chars)]; + } + + return($new_passwd); +} // // End page specific functions -// +// --------------------------- // @@ -524,7 +539,32 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) else { $password = md5($password); - $passwd_sql = "user_password = '$password', "; + + if( $mode == "editprofile" ) + { + $sql = "SELECT user_password + FROM " . USERS_TABLE . " + WHERE user_id = $user_id"; + if($result = $db->sql_query($sql)) + { + $row = $db->sql_fetchrow($result); + + if( $row['user_password'] != $password ) + { + $error = TRUE; + $error_msg = $lang['Current_password_mismatch']; + } + } + else + { + message_die(GENERAL_ERROR, "Couldn't obtain user_password information.", "", __LINE__, __FILE__, $sql); + } + } + + if( !$error ) + { + $passwd_sql = "user_password = '$password', "; + } } } else if( ( $password && !$password_confirm ) || ( !$password && $password_confirm ) ) @@ -538,7 +578,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) // if($email != $userdata['user_email'] || $mode == "register") { - if(!validate_email($email)) + if( !validate_email($email) ) { $error = TRUE; if(isset($error_msg)) @@ -624,7 +664,6 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { message_die(GENERAL_ERROR, "Couldn't obtained next user_id information.", "", __LINE__, __FILE__, $sql); } - } $avatar_sql = ""; @@ -1231,6 +1270,11 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) ); $template->assign_var_from_handle("JUMPBOX", "jumpbox"); + if( $mode == "editprofile" ) + { + $template->assign_block_vars("edit_profile", array()); + } + $template->assign_vars(array( "USERNAME" => $username, "EMAIL" => $email, @@ -1270,6 +1314,9 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) "BBCODE_STATUS" => $bbcode_status, "SMILIES_STATUS" => $smilies_status, + "L_CURRENT_PASSWORD" => $lang['Current_password'], + "L_NEW_PASSWORD" => ( $mode == "register" ) ? $lang['Password'] : $lang['New_password'], + "L_CONFIRM_PASSWORD" => $lang['Confirm_password'], "L_PASSWORD_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_if_changed'] : "", "L_PASSWORD_CONFIRM_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_confirm_if_changed'] : "", "L_SUBMIT" => $lang['Submit'], @@ -1318,7 +1365,6 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) "L_REGISTRATION_INFO" => $lang['Registration_info'], "L_PROFILE_INFO" => $lang['Profile_info'], "L_PROFILE_INFO_NOTICE" => $lang['Profile_info_warn'], - "L_CONFIRM" => $lang['Confirm'], "L_EMAIL_ADDRESS" => $lang['Email_address'], "L_HTML_IS" => $lang['HTML'] . " " . $lang['is'], @@ -1360,21 +1406,138 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) include($phpbb_root_path . 'includes/page_tail.'.$phpEx); } + else if($mode == "sendpassword") + { + if( isset($HTTP_POST_VARS['submit']) ) + { + $username = (!empty($HTTP_POST_VARS['username'])) ? trim(strip_tags($HTTP_POST_VARS['username'])) : ""; + $email = (!empty($HTTP_POST_VARS['email'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : ""; + + $sql = "SELECT user_id, username, user_email + FROM " . USERS_TABLE . " + WHERE user_email = '$email' + AND username = '$username'"; + if( $result = $db->sql_query($sql) ) + { + if( !$db->sql_numrows($result) ) + { + message_die(GENERAL_MESSAGE, $lang['No_email_match']); + } + + $row = $db->sql_fetchrow($result); + + $username = $row['username']; + $user_actkey = generate_activation_key(); + $user_password = generate_password(); + + $sql = "UPDATE " . USERS_TABLE . " + SET user_active = 0, user_newpasswd = '" .md5($user_password) . "', user_actkey = '$user_actkey' + WHERE user_id = " . $row['user_id']; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't update new password information", "", __LINE__, __FILE__, $sql); + } + + include($phpbb_root_path . 'includes/emailer.'.$phpEx); + $emailer = new emailer($board_config['smtp_delivery']); + + $email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n"; + + $path = (dirname($HTTP_SERVER_VARS['REQUEST_URI']) == "/") ? "" : dirname($HTTP_SERVER_VARS['REQUEST_URI']); + + $emailer->use_template("user_activate_passwd"); + $emailer->email_address($row['user_email']); + $emailer->set_subject($lang['New_password_activation']); + $emailer->extra_headers($email_headers); + + $emailer->assign_vars(array( + "USERNAME" => $username, + "PASSWORD" => $user_password, + "EMAIL_SIG" => str_replace("<br />", "\n", "-- \n" . $board_config['board_email_sig']), + + "U_ACTIVATE" => "http://" . $HTTP_SERVER_VARS['SERVER_NAME'] . $path . "/profile.$phpEx?mode=activate&act_key=$user_actkey") + ); + $emailer->send(); + $emailer->reset(); + + $template->assign_vars(array( + "META" => '<meta http-equiv="refresh" content="5;url=index.' . $phpEx . '">') + ); + + $message = $lang['Password_updated'] . "<br /><br />" . $lang['Click'] . " <a href=\"" . append_sid("index.$phpEx") . "\">" . $lang['Here'] . "</a> " . $lang['to_return_index']; + + message_die(GENERAL_MESSAGE, $message); + } + else + { + message_die(GENERAL_ERROR, "Couldn't obtain user information for sendpassword", "", __LINE__, __FILE__, $sql); + } + } + else + { + $username = ""; + $email = ""; + } + + // + // Output basic page + // + include($phpbb_root_path . 'includes/page_header.'.$phpEx); + + $template->set_filenames(array( + "body" => "profile_send_pass.tpl", + "jumpbox" => "jumpbox.tpl") + ); + + $jumpbox = make_jumpbox(); + $template->assign_vars(array( + "L_GO" => $lang['Go'], + "L_JUMP_TO" => $lang['Jump_to'], + "L_SELECT_FORUM" => $lang['Select_forum'], + + "S_JUMPBOX_LIST" => $jumpbox, + "S_JUMPBOX_ACTION" => append_sid("viewforum.$phpEx")) + ); + $template->assign_var_from_handle("JUMPBOX", "jumpbox"); + + $template->assign_vars(array( + "USERNAME" => $username, + "EMAIL" => $email, + + "L_SEND_PASSWORD" => $lang['Send_password'], + "L_ITEMS_REQUIRED" => $lang['Items_required'], + "L_EMAIL_ADDRESS" => $lang['Email_address'], + "L_SUBMIT" => $lang['Submit'], + "L_RESET" => $lang['Reset']) + ); + + $template->pparse("body"); + + include($phpbb_root_path . 'includes/page_tail.'.$phpEx); + } else if($mode == "activate") { - $sql = "SELECT user_id, user_email + $sql = "SELECT user_id, user_email, user_newpasswd FROM " . USERS_TABLE . " WHERE user_actkey = '$act_key'"; if( $result = $db->sql_query($sql) ) { if( $row = $db->sql_fetchrow($result) ) { + if( $row['user_newpasswd'] != "" ) + { + $sql_update_pass = ", user_password = '" . $row['user_newpasswd'] . "', user_newpasswd = ''"; + } + else + { + $sql_update_pass = ""; + } $sql_update = "UPDATE " . USERS_TABLE . " - SET user_active = 1, user_actkey = '' + SET user_active = 1, user_actkey = ''" . $sql_update_pass . " WHERE user_id = " . $row['user_id']; if($result = $db->sql_query($sql_update)) { - if( $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) + if( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == "" ) { include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); @@ -1400,7 +1563,8 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) } else { - message_die(GENERAL_MESSAGE, $lang['Account_active']); + $message = ( $sql_update_pass == "" ) ? $lang['Account_active'] : $lang['Password_activated']; + message_die(GENERAL_MESSAGE, $message); } } else @@ -1410,7 +1574,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) } else { - message_die(GENERAL_ERROR, $lang['']); //wrongactiv + message_die(GENERAL_ERROR, $lang['Wrong_activation']); //wrongactiv } } else diff --git a/phpBB/templates/subSilver/profile_add_body.tpl b/phpBB/templates/subSilver/profile_add_body.tpl index 9c2ec4bc20..e6cb19b575 100644 --- a/phpBB/templates/subSilver/profile_add_body.tpl +++ b/phpBB/templates/subSilver/profile_add_body.tpl @@ -24,15 +24,24 @@ <input type="text" class="post" style="width: 200px" name="email" size="25" maxlength="255" value="{EMAIL}" /> </td> </tr> + <!-- BEGIN edit_profile --> <tr> - <td class="row1"><span class="gen">{L_PASSWORD}: *</span><br /> + <td class="row1"><span class="gen">{L_CURRENT_PASSWORD}: *</span><br /> <span class="gensmall">{L_PASSWORD_IF_CHANGED}</span></td> <td class="row2"> <input type="password" class="post" style="width: 200px" name="password" size="25" maxlength="100" value="{PASSWORD}" /> </td> </tr> + <!-- END edit_profile --> <tr> - <td class="row1"><span class="gen">{L_CONFIRM} {L_PASSWORD}: * </span><br /> + <td class="row1"><span class="gen">{L_NEW_PASSWORD}: *</span><br /> + <span class="gensmall">{L_PASSWORD_IF_CHANGED}</span></td> + <td class="row2"> + <input type="password" class="post" style="width: 200px" name="password" size="25" maxlength="100" value="{PASSWORD}" /> + </td> + </tr> + <tr> + <td class="row1"><span class="gen">{L_CONFIRM_PASSWORD}: * </span><br /> <span class="gensmall">{L_PASSWORD_CONFIRM_IF_CHANGED}</span></td> <td class="row2"> <input type="password" class="post" style="width: 200px" name="password_confirm" size="25" maxlength="100" value="{PASSWORD_CONFIRM}" /> diff --git a/phpBB/templates/subSilver/profile_send_pass.tpl b/phpBB/templates/subSilver/profile_send_pass.tpl new file mode 100644 index 0000000000..2469a49649 --- /dev/null +++ b/phpBB/templates/subSilver/profile_send_pass.tpl @@ -0,0 +1,35 @@ + +<form action="{S_PROFILE_ACTION}" method="post"> +<table width="100%" cellspacing="2" cellpadding="2" border="0" align="center"> + <tr> + <td align="left"><span class="nav"><a href="{U_INDEX}" class="nav">{SITENAME} {L_INDEX}</a></span></td> + </tr> +</table> + <table border="0" cellpadding="3" cellspacing="1" width="100%" class="forumline"> + <tr> + <th class="thHead" colspan="2" height="25" valign="middle">{L_SEND_PASSWORD}</th> + </tr> + <tr> + <td class="row2" colspan="2"><span class="gensmall">{L_ITEMS_REQUIRED}</span></td> + </tr> + <tr> + <td class="row1" width="38%"><span class="gen">{L_USERNAME}: *</span></td> + <td class="row2"> + <input type="text" class="post" style="width: 200px" name="username" size="25" maxlength="40" value="{USERNAME}" /> + </td> + </tr> + <tr> + <td class="row1"><span class="gen">{L_EMAIL_ADDRESS}: *</span></td> + <td class="row2"> + <input type="text" class="post" style="width: 200px" name="email" size="25" maxlength="255" value="{EMAIL}" /> + </td> + </tr> + <tr> + <td class="catBottom" colspan="2" align="center" height="28">{S_HIDDEN_FIELDS} + <input type="submit" name="submit" value="{L_SUBMIT}" class="mainoption" /> + + <input type="reset" value="{L_RESET}" name="reset" class="liteoption" /> + </td> + </tr> + </table> +</form> |