2 /****************************************************************/
4 /****************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
9 /* This program is free software. You can redistribute it and/or*/
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************/
15 $_user_location = 'public';
16 define('AT_INCLUDE_PATH', 'include/');
17 require (AT_INCLUDE_PATH.'vitals.inc.php');
19 if (isset($_POST['cancel'])) {
20 $msg->addFeedback('CANCELLED');
21 header('Location: login.php');
24 } else if (isset($_POST['form_password_reminder'])) {
26 //get database info to create & email change-password-link
27 $_POST['form_email'] = $addslashes($_POST['form_email']);
28 $sql = "SELECT member_id, login, first_name, password, email FROM ".TABLE_PREFIX."members WHERE email='$_POST[form_email]'";
29 $result = mysql_query($sql,$db);
30 if ($row = mysql_fetch_assoc($result)) {
32 //date link was generated (# days since epoch)
33 $gen = intval(((time()/60)/60)/24);
35 $hash = sha1($row['member_id'] + $gen + $row['password']);
36 $hash_bit = substr($hash, 5, 15);
38 $change_link = $_base_href.'password_reminder.php?id='.$row['member_id'].'&g='.$gen.'&h='.$hash_bit;
39 if($row['first_name'] != ''){
40 $reply_name = $row['first_name'];
42 $reply_name = $row['login'];
44 $tmp_message = _AT(array('password_request2',$reply_name, $row['login'], AT_PASSWORD_REMINDER_EXPIRY, $change_link));
47 require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
48 $mail = new ATutorMailer;
49 $mail->From = $_config['contact_email'];
50 $mail->AddAddress($row['email']);
51 $mail->Subject = $_config['site_name'] . ': ' . _AT('password_forgot');
52 $mail->Body = $tmp_message;
55 $msg->addError('SENDING_ERROR');
56 $savant->display('password_reminder_feedback.tmpl.php');
60 $msg->addFeedback('CONFIRM_EMAIL2');
62 header('Location:index.php');
63 //$savant->display('password_reminder_feedback.tmpl.php');
66 $msg->addError('EMAIL_NOT_FOUND');
67 $savant->display('password_reminder.tmpl.php');
70 } else if (isset($_REQUEST['id']) && isset($_REQUEST['g']) && isset($_REQUEST['h'])) {
71 //coming from an email link
74 $current = intval(((time()/60)/60)/24);
75 $expiry_date = $_REQUEST['g'] + AT_PASSWORD_REMINDER_EXPIRY; //2 days after creation
77 if ($current > $expiry_date) {
78 $msg->addError('INVALID_LINK');
79 $savant->display('password_reminder_feedback.tmpl.php');
83 /* check if already visited (possibley add a "last login" field to members table)... if password was changed, won't work anyway. do later. */
85 //check for valid hash
86 $sql = "SELECT password, email FROM ".TABLE_PREFIX."members WHERE member_id=".intval($_REQUEST['id']);
87 $result = mysql_query($sql,$db);
88 if ($row = mysql_fetch_assoc($result)) {
89 $email = $row['email'];
91 $hash = sha1($_REQUEST['id'] + $_REQUEST['g'] + $row['password']);
92 $hash_bit = substr($hash, 5, 15);
94 if ($_REQUEST['h'] != $hash_bit) {
95 $msg->addError('INVALID_LINK');
96 $savant->display('password_reminder_feedback.tmpl.php');
97 } else if (($_REQUEST['h'] == $hash_bit) && !isset($_POST['form_change'])) {
98 $savant->assign('id', $_REQUEST['id']);
99 $savant->assign('g', $_REQUEST['g']);
100 $savant->assign('h', $_REQUEST['h']);
101 $savant->display('password_change.tmpl.php');
104 $msg->addError('INVALID_LINK');
105 $savant->display('password_reminder_feedback.tmpl.php');
109 //changing the password
110 if (isset($_POST['form_change'])) {
112 /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
113 if ($_POST['password_error'] <> "")
115 $pwd_errors = explode(",", $_POST['password_error']);
117 foreach ($pwd_errors as $pwd_error)
119 if ($pwd_error == "missing_password")
120 $missing_fields[] = _AT('password');
122 $msg->addError($pwd_error);
126 if (!$msg->containsErrors()) {
128 $password = $addslashes($_POST['form_password_hidden']);
130 $sql = "UPDATE ".TABLE_PREFIX."members SET password='".$password."', last_login=last_login, creation_date=creation_date WHERE member_id=".intval($_REQUEST['id']);
131 $result = mysql_query($sql,$db);
133 //reset login attempts
135 $sql = "SELECT login FROM ".TABLE_PREFIX."members WHERE member_id=".intval($_REQUEST['id']);
136 $result = mysql_query($sql, $db);
137 $row = mysql_fetch_array($result);
138 $sql = "DELETE FROM ".TABLE_PREFIX."member_login_attempt WHERE login='$row[login]'";
139 mysql_query($sql, $db);
142 //send confirmation email
143 require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
145 $tmp_message = _AT(array('password_change_confirm', $_config['site_name'], $_base_href))."\n\n";
147 $mail = new ATutorMailer;
148 $mail->From = $_config['contact_email'];
149 $mail->AddAddress($email);
150 $mail->Subject = $_config['site_name'] . ': ' . _AT('password_forgot');
151 $mail->Body = $tmp_message;
154 $msg->printErrors('SENDING_ERROR');
158 $msg->addFeedback('PASSWORD_CHANGED');
161 header('Location:index.php');
164 $savant->assign('id', $_REQUEST['id']);
165 $savant->assign('g', $_REQUEST['g']);
166 $savant->assign('h', $_REQUEST['h']);
167 $savant->display('password_change.tmpl.php');
173 $savant->display('password_reminder.tmpl.php');