2 /****************************************************************/
\r
4 /****************************************************************/
\r
5 /* Copyright (c) 2002-2010 */
\r
6 /* Inclusive Design Institute */
\r
7 /* http://atutor.ca */
\r
9 /* This program is free software. You can redistribute it and/or*/
\r
10 /* modify it under the terms of the GNU General Public License */
\r
11 /* as published by the Free Software Foundation. */
\r
12 /****************************************************************/
\r
13 // $Id: bounce.php 10055 2010-06-29 20:30:24Z cindy $
\r
15 $_user_location = 'public';
\r
16 define(AT_INCLUDE_PATH, '../../../include/');
\r
17 include(AT_INCLUDE_PATH.'vitals.inc.php');
\r
18 include(AT_JB_INCLUDE.'classes/Job.class.php');
\r
20 if (isset($_POST['cancel'])) {
\r
21 $msg->addFeedback('CANCELLED');
\r
22 header('Location: login.php');
\r
25 } else if (isset($_POST['form_password_reminder'])) {
\r
26 //get database info to create & email change-password-link
\r
27 $_POST['form_email'] = $addslashes($_POST['form_email']);
\r
28 $sql = "SELECT id, username, employer_name, password, email FROM ".TABLE_PREFIX."jb_employers WHERE email='$_POST[form_email]'";
\r
29 $result = mysql_query($sql,$db);
\r
30 if ($row = mysql_fetch_assoc($result)) {
\r
32 //date link was generated (# days since epoch)
\r
33 $gen = intval(((time()/60)/60)/24);
\r
35 $hash = sha1($row['id'] + $gen + $row['password']);
\r
36 $hash_bit = substr($hash, 5, 15);
\r
38 $change_link = $_base_href.AT_JB_BASENAME.'employer/password_reminder.php?id='.$row['id'].'&g='.$gen.'&h='.$hash_bit;
\r
39 if($row['employer_name'] != ''){
\r
40 $reply_name = $row['employer_name'];
\r
42 $reply_name = $row['employer_name'];
\r
44 $tmp_message = _AT(array('password_request2',$reply_name, $row['employer_name'], AT_PASSWORD_REMINDER_EXPIRY, $change_link));
\r
47 require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
\r
48 $mail = new ATutorMailer;
\r
49 $mail->From = $_config['contact_email'];
\r
50 $mail->AddAddress($row['email']);
\r
51 $mail->Subject = $_config['site_name'].'-'._AT('job_board') . ': ' . _AT('password_forgot');
\r
52 $mail->Body = $tmp_message;
\r
54 if(!$mail->Send()) {
\r
55 $msg->addError('SENDING_ERROR');
\r
56 $savant->display('password_reminder_feedback.tmpl.php');
\r
60 $msg->addFeedback('CONFIRM_EMAIL2');
\r
63 $savant->display('password_reminder_feedback.tmpl.php');
\r
66 $msg->addError('EMAIL_NOT_FOUND');
\r
67 $savant->display('password_reminder.tmpl.php');
\r
70 } else if (isset($_REQUEST['id']) && isset($_REQUEST['g']) && isset($_REQUEST['h'])) {
\r
71 //coming from an email link
\r
74 $current = intval(((time()/60)/60)/24);
\r
75 $expiry_date = $_REQUEST['g'] + AT_PASSWORD_REMINDER_EXPIRY; //2 days after creation
\r
77 if ($current > $expiry_date) {
\r
78 $msg->addError('INVALID_LINK');
\r
79 $savant->display('password_reminder_feedback.tmpl.php');
\r
83 /* check if already visited (possibley add a "last login" field to members table)... if password was changed, won't work anyway. do later. */
\r
85 //check for valid hash
\r
86 $sql = "SELECT password, email FROM ".TABLE_PREFIX."jb_employers WHERE id=".intval($_REQUEST['id']);
\r
87 $result = mysql_query($sql,$db);
\r
88 if ($row = mysql_fetch_assoc($result)) {
\r
89 $email = $row['email'];
\r
91 $hash = sha1($_REQUEST['id'] + $_REQUEST['g'] + $row['password']);
\r
92 $hash_bit = substr($hash, 5, 15);
\r
94 if ($_REQUEST['h'] != $hash_bit) {
\r
95 $msg->addError('INVALID_LINK');
\r
96 $savant->display('password_reminder_feedback.tmpl.php');
\r
97 } else if (($_REQUEST['h'] == $hash_bit) && !isset($_POST['form_change'])) {
\r
98 $savant->assign('id', $_REQUEST['id']);
\r
99 $savant->assign('g', $_REQUEST['g']);
\r
100 $savant->assign('h', $_REQUEST['h']);
\r
101 $savant->display('employer/password_change.tmpl.php');
\r
104 $msg->addError('INVALID_LINK');
\r
105 $savant->display('password_reminder_feedback.tmpl.php');
\r
109 //changing the password
\r
110 if (isset($_POST['form_change'])) {
\r
112 /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
\r
113 if ($_POST['password_error'] <> "")
\r
115 $pwd_errors = explode(",", $_POST['password_error']);
\r
117 foreach ($pwd_errors as $pwd_error)
\r
119 if ($pwd_error == "missing_password")
\r
120 $missing_fields[] = _AT('password');
\r
122 $msg->addError($pwd_error);
\r
126 if (!$msg->containsErrors()) {
\r
128 $password = $addslashes($_POST['form_password_hidden']);
\r
130 $sql = "UPDATE ".TABLE_PREFIX."jb_employers SET password='".$password."', last_login=last_login WHERE id=".intval($_REQUEST['id']);
\r
131 $result = mysql_query($sql,$db);
\r
133 //send confirmation email
\r
134 require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
\r
136 $tmp_message = _AT(array('password_change_confirm', $_config['site_name'].': '._AT('job_board'), $_base_href.AT_JB_BASENAME.'employer/login.php'))."\n\n";
\r
138 $mail = new ATutorMailer;
\r
139 $mail->From = $_config['contact_email'];
\r
140 $mail->AddAddress($email);
\r
141 $mail->Subject = $_config['site_name'] . ': ' . _AT('password_forgot');
\r
142 $mail->Body = $tmp_message;
\r
144 if(!$mail->Send()) {
\r
145 $msg->printErrors('SENDING_ERROR');
\r
149 $msg->addFeedback('PASSWORD_CHANGED');
\r
152 header('Location:login.php');
\r
155 $savant->assign('id', $_REQUEST['id']);
\r
156 $savant->assign('g', $_REQUEST['g']);
\r
157 $savant->assign('h', $_REQUEST['h']);
\r
158 $savant->display('password_change.tmpl.php');
\r
163 $savant->display('password_reminder.tmpl.php');
\r