projects / acontent.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
add a readme file to the top level AContent directory
[acontent.git] / password_reminder.php
1 <?php
2 /************************************************************************/
3 /* AContent                                                             */
4 /************************************************************************/
5 /* Copyright (c) 2010                                                   */
6 /* Inclusive Design Institute                                           */
7 /*                                                                      */
8 /* This program is free software. You can redistribute it and/or        */
9 /* modify it under the terms of the GNU General Public License          */
10 /* as published by the Free Software Foundation.                        */
11 /************************************************************************/
12
13 define('TR_INCLUDE_PATH', 'include/');
14 require (TR_INCLUDE_PATH.'vitals.inc.php');
15 require_once(TR_INCLUDE_PATH.'classes/DAO/UsersDAO.class.php');
16
17 $usersDAO = new UsersDAO();
18
19 if (isset($_POST['cancel'])) {
20         $msg->addFeedback('CANCELLED');
21         header('Location: login.php');
22         exit;
23
24 } else if (isset($_POST['form_password_reminder'])) {
25         //get database info to create & email change-password-link
26         $_POST['form_email'] = $addslashes($_POST['form_email']);
27
28         if ($row = $usersDAO->getUserByEmail($_POST[form_email])) {
29                 
30                 //date link was generated (# days since epoch)
31                 $gen = intval(((time()/60)/60)/24);
32
33                 $hash = sha1($row['user_id'] + $gen + $row['password']);
34                 $hash_bit = substr($hash, 5, 15);
35                 
36                 $change_link = $_base_href.'password_reminder.php?id='.$row['user_id'].'&g='.$gen.'&h='.$hash_bit;
37                 if($row['first_name'] != ''){
38                         $reply_name = $row['first_name'];
39                 }else{
40                         $reply_name = $row['login'];
41                 }
42                 $tmp_message  = _AT(array('password_request2',$reply_name, $row['login'], TR_PASSWORD_REMINDER_EXPIRY, $change_link));
43
44                 //send email
45                 require(TR_INCLUDE_PATH . 'classes/phpmailer/transformablemailer.class.php');
46                 $mail = new TransformableMailer;
47                 $mail->From     = $_config['contact_email'];
48                 $mail->AddAddress($row['email']);
49                 $mail->Subject = $_config['site_name'] . ': ' . _AT('password_forgot');
50                 $mail->Body    = $tmp_message;
51
52                 if(!$mail->Send()) {
53                    $msg->addError('SENDING_ERROR');
54                    $savant->display('password_reminder_feedback.tmpl.php'); 
55                    exit;
56                 }
57
58                 $msg->addFeedback('CONFIRM_EMAIL2');
59                 unset($mail);
60
61                 $savant->display('password_reminder_feedback.tmpl.php'); 
62
63         } else {
64                 $msg->addError('EMAIL_NOT_FOUND');
65                 $savant->display('password_reminder.tmpl.php'); 
66         }
67
68 } else if (isset($_REQUEST['id']) && isset($_REQUEST['g']) && isset($_REQUEST['h'])) {
69 //coming from an email link
70
71         //check if expired
72         $current = intval(((time()/60)/60)/24);
73         $expiry_date =  $_REQUEST['g'] + TR_PASSWORD_REMINDER_EXPIRY; //2 days after creation
74
75         if ($current > $expiry_date) {
76                 $msg->addError('INVALID_LINK'); 
77                 $savant->display('password_reminder_feedback.tmpl.php'); 
78                 exit;
79         }
80
81         //check for valid hash
82         if ($row = $usersDAO->getUserByID(intval($_REQUEST['id']))) {
83                 $email = $row['email'];
84
85                 $hash = sha1($_REQUEST['id'] + $_REQUEST['g'] + $row['password']);
86                 $hash_bit = substr($hash, 5, 15);
87
88                 if ($_REQUEST['h'] != $hash_bit) {
89                         $msg->addError('INVALID_LINK');
90                         $savant->display('password_reminder_feedback.tmpl.php'); 
91                 } else if (($_REQUEST['h'] == $hash_bit) && !isset($_POST['form_change'])) {
92                         $savant->assign('id', $_REQUEST['id']);
93                         $savant->assign('g', $_REQUEST['g']);
94                         $savant->assign('h', $_REQUEST['h']);
95                         $savant->display('password_change.tmpl.php');
96                 }
97         } else {
98                 $msg->addError('INVALID_LINK');
99                 $savant->display('password_reminder_feedback.tmpl.php'); 
100                 exit;
101         }
102
103         //changing the password
104         if (isset($_POST['form_change'])) {
105
106                 /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
107                 if ($_POST['password_error'] <> "")
108                 {
109                         $pwd_errors = explode(",", $_POST['password_error']);
110         
111                         foreach ($pwd_errors as $pwd_error)
112                         {
113                                 if ($pwd_error == "missing_password")
114                                         $missing_fields[] = _AT('password');
115                                 else
116                                         $msg->addError($pwd_error);
117                         }
118                 }
119
120                 if (!$msg->containsErrors()) {
121                         //save data
122                         $password   = $addslashes($_POST['form_password_hidden']);
123                         $usersDAO->UpdateField(intval($_REQUEST['id']), 'password', $password);
124
125                         //send confirmation email
126                         require(TR_INCLUDE_PATH . 'classes/phpmailer/transformablemailer.class.php');
127
128                         $tmp_message  = _AT(array('password_change_confirm', $_config['site_name'], $_base_href))."\n\n";
129
130                         $mail = new TransformableMailer;
131                         $mail->From     = $_config['contact_email'];
132                         $mail->AddAddress($email);
133                         $mail->Subject = $_config['site_name'] . ': ' . _AT('password_forgot');
134                         $mail->Body    = $tmp_message;
135
136                         if(!$mail->Send()) {
137                            $msg->printErrors('SENDING_ERROR');
138                            exit;
139                         }
140
141                         $msg->addFeedback('PASSWORD_CHANGED');
142                         unset($mail);
143                         
144                         header('Location:index.php');
145
146                 } else {
147                         $savant->assign('id', $_REQUEST['id']);
148                         $savant->assign('g', $_REQUEST['g']);
149                         $savant->assign('h', $_REQUEST['h']);
150                         $savant->display('password_change.tmpl.php');
151                 } 
152         }
153
154 } else {
155         $savant->display('password_reminder.tmpl.php');
156 }
157
158
159 ?>
AContent learning content authoring system