2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2010 */
6 /* Inclusive Design Institute */
8 /* This program is free software. You can redistribute it and/or */
9 /* modify it under the terms of the GNU General Public License */
10 /* as published by the Free Software Foundation. */
11 /************************************************************************/
13 define('TR_INCLUDE_PATH', 'include/');
14 require (TR_INCLUDE_PATH.'vitals.inc.php');
15 require_once(TR_INCLUDE_PATH.'classes/DAO/UsersDAO.class.php');
17 $usersDAO = new UsersDAO();
19 if (isset($_POST['cancel'])) {
20 $msg->addFeedback('CANCELLED');
21 header('Location: login.php');
24 } else if (isset($_POST['form_password_reminder'])) {
25 //get database info to create & email change-password-link
26 $_POST['form_email'] = $addslashes($_POST['form_email']);
28 if ($row = $usersDAO->getUserByEmail($_POST[form_email])) {
30 //date link was generated (# days since epoch)
31 $gen = intval(((time()/60)/60)/24);
33 $hash = sha1($row['user_id'] + $gen + $row['password']);
34 $hash_bit = substr($hash, 5, 15);
36 $change_link = $_base_href.'password_reminder.php?id='.$row['user_id'].'&g='.$gen.'&h='.$hash_bit;
37 if($row['first_name'] != ''){
38 $reply_name = $row['first_name'];
40 $reply_name = $row['login'];
42 $tmp_message = _AT(array('password_request2',$reply_name, $row['login'], TR_PASSWORD_REMINDER_EXPIRY, $change_link));
45 require(TR_INCLUDE_PATH . 'classes/phpmailer/transformablemailer.class.php');
46 $mail = new TransformableMailer;
47 $mail->From = $_config['contact_email'];
48 $mail->AddAddress($row['email']);
49 $mail->Subject = $_config['site_name'] . ': ' . _AT('password_forgot');
50 $mail->Body = $tmp_message;
53 $msg->addError('SENDING_ERROR');
54 $savant->display('password_reminder_feedback.tmpl.php');
58 $msg->addFeedback('CONFIRM_EMAIL2');
61 $savant->display('password_reminder_feedback.tmpl.php');
64 $msg->addError('EMAIL_NOT_FOUND');
65 $savant->display('password_reminder.tmpl.php');
68 } else if (isset($_REQUEST['id']) && isset($_REQUEST['g']) && isset($_REQUEST['h'])) {
69 //coming from an email link
72 $current = intval(((time()/60)/60)/24);
73 $expiry_date = $_REQUEST['g'] + TR_PASSWORD_REMINDER_EXPIRY; //2 days after creation
75 if ($current > $expiry_date) {
76 $msg->addError('INVALID_LINK');
77 $savant->display('password_reminder_feedback.tmpl.php');
81 //check for valid hash
82 if ($row = $usersDAO->getUserByID(intval($_REQUEST['id']))) {
83 $email = $row['email'];
85 $hash = sha1($_REQUEST['id'] + $_REQUEST['g'] + $row['password']);
86 $hash_bit = substr($hash, 5, 15);
88 if ($_REQUEST['h'] != $hash_bit) {
89 $msg->addError('INVALID_LINK');
90 $savant->display('password_reminder_feedback.tmpl.php');
91 } else if (($_REQUEST['h'] == $hash_bit) && !isset($_POST['form_change'])) {
92 $savant->assign('id', $_REQUEST['id']);
93 $savant->assign('g', $_REQUEST['g']);
94 $savant->assign('h', $_REQUEST['h']);
95 $savant->display('password_change.tmpl.php');
98 $msg->addError('INVALID_LINK');
99 $savant->display('password_reminder_feedback.tmpl.php');
103 //changing the password
104 if (isset($_POST['form_change'])) {
106 /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
107 if ($_POST['password_error'] <> "")
109 $pwd_errors = explode(",", $_POST['password_error']);
111 foreach ($pwd_errors as $pwd_error)
113 if ($pwd_error == "missing_password")
114 $missing_fields[] = _AT('password');
116 $msg->addError($pwd_error);
120 if (!$msg->containsErrors()) {
122 $password = $addslashes($_POST['form_password_hidden']);
123 $usersDAO->UpdateField(intval($_REQUEST['id']), 'password', $password);
125 //send confirmation email
126 require(TR_INCLUDE_PATH . 'classes/phpmailer/transformablemailer.class.php');
128 $tmp_message = _AT(array('password_change_confirm', $_config['site_name'], $_base_href))."\n\n";
130 $mail = new TransformableMailer;
131 $mail->From = $_config['contact_email'];
132 $mail->AddAddress($email);
133 $mail->Subject = $_config['site_name'] . ': ' . _AT('password_forgot');
134 $mail->Body = $tmp_message;
137 $msg->printErrors('SENDING_ERROR');
141 $msg->addFeedback('PASSWORD_CHANGED');
144 header('Location:index.php');
147 $savant->assign('id', $_REQUEST['id']);
148 $savant->assign('g', $_REQUEST['g']);
149 $savant->assign('h', $_REQUEST['h']);
150 $savant->display('password_change.tmpl.php');
155 $savant->display('password_reminder.tmpl.php');