+++ /dev/null
-<?php\r
-/****************************************************************/\r
-/* ATutor */\r
-/****************************************************************/\r
-/* Copyright (c) 2002-2010 */\r
-/* Inclusive Design Institute */\r
-/* http://atutor.ca */\r
-/* */\r
-/* This program is free software. You can redistribute it and/or*/\r
-/* modify it under the terms of the GNU General Public License */\r
-/* as published by the Free Software Foundation. */\r
-/****************************************************************/\r
-// $Id: bounce.php 10055 2010-06-29 20:30:24Z cindy $\r
-\r
-$_user_location = 'public';\r
-define(AT_INCLUDE_PATH, '../../../include/');\r
-include(AT_INCLUDE_PATH.'vitals.inc.php');\r
-include(AT_JB_INCLUDE.'classes/Job.class.php');\r
-\r
-if (isset($_POST['cancel'])) {\r
- $msg->addFeedback('CANCELLED');\r
- header('Location: login.php');\r
- exit;\r
-\r
-} else if (isset($_POST['form_password_reminder'])) {\r
- //get database info to create & email change-password-link\r
- $_POST['form_email'] = $addslashes($_POST['form_email']);\r
- $sql = "SELECT id, username, employer_name, password, email FROM ".TABLE_PREFIX."jb_employers WHERE email='$_POST[form_email]'";\r
- $result = mysql_query($sql,$db);\r
- if ($row = mysql_fetch_assoc($result)) {\r
- \r
- //date link was generated (# days since epoch)\r
- $gen = intval(((time()/60)/60)/24);\r
-\r
- $hash = sha1($row['id'] + $gen + $row['password']);\r
- $hash_bit = substr($hash, 5, 15);\r
- \r
- $change_link = $_base_href.AT_JB_BASENAME.'employer/password_reminder.php?id='.$row['id'].'&g='.$gen.'&h='.$hash_bit;\r
- if($row['employer_name'] != ''){\r
- $reply_name = $row['employer_name'];\r
- }else{\r
- $reply_name = $row['employer_name'];\r
- }\r
- $tmp_message = _AT(array('password_request2',$reply_name, $row['employer_name'], AT_PASSWORD_REMINDER_EXPIRY, $change_link));\r
-\r
- //send email\r
- require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');\r
- $mail = new ATutorMailer;\r
- $mail->From = $_config['contact_email'];\r
- $mail->AddAddress($row['email']);\r
- $mail->Subject = $_config['site_name'].'-'._AT('job_board') . ': ' . _AT('password_forgot');\r
- $mail->Body = $tmp_message;\r
-\r
- if(!$mail->Send()) {\r
- $msg->addError('SENDING_ERROR');\r
- $savant->display('password_reminder_feedback.tmpl.php'); \r
- exit;\r
- }\r
-\r
- $msg->addFeedback('CONFIRM_EMAIL2');\r
- unset($mail);\r
-\r
- $savant->display('password_reminder_feedback.tmpl.php'); \r
-\r
- } else {\r
- $msg->addError('EMAIL_NOT_FOUND');\r
- $savant->display('password_reminder.tmpl.php'); \r
- }\r
-\r
-} else if (isset($_REQUEST['id']) && isset($_REQUEST['g']) && isset($_REQUEST['h'])) {\r
-//coming from an email link\r
-\r
- //check if expired\r
- $current = intval(((time()/60)/60)/24);\r
- $expiry_date = $_REQUEST['g'] + AT_PASSWORD_REMINDER_EXPIRY; //2 days after creation\r
-\r
- if ($current > $expiry_date) {\r
- $msg->addError('INVALID_LINK'); \r
- $savant->display('password_reminder_feedback.tmpl.php'); \r
- exit;\r
- }\r
-\r
- /* check if already visited (possibley add a "last login" field to members table)... if password was changed, won't work anyway. do later. */\r
-\r
- //check for valid hash\r
- $sql = "SELECT password, email FROM ".TABLE_PREFIX."jb_employers WHERE id=".intval($_REQUEST['id']);\r
- $result = mysql_query($sql,$db);\r
- if ($row = mysql_fetch_assoc($result)) {\r
- $email = $row['email'];\r
-\r
- $hash = sha1($_REQUEST['id'] + $_REQUEST['g'] + $row['password']);\r
- $hash_bit = substr($hash, 5, 15);\r
-\r
- if ($_REQUEST['h'] != $hash_bit) {\r
- $msg->addError('INVALID_LINK');\r
- $savant->display('password_reminder_feedback.tmpl.php'); \r
- } else if (($_REQUEST['h'] == $hash_bit) && !isset($_POST['form_change'])) {\r
- $savant->assign('id', $_REQUEST['id']);\r
- $savant->assign('g', $_REQUEST['g']);\r
- $savant->assign('h', $_REQUEST['h']);\r
- $savant->display('employer/password_change.tmpl.php');\r
- }\r
- } else {\r
- $msg->addError('INVALID_LINK');\r
- $savant->display('password_reminder_feedback.tmpl.php'); \r
- exit;\r
- }\r
-\r
- //changing the password\r
- if (isset($_POST['form_change'])) {\r
-\r
- /* password check: password is verified front end by javascript. here is to handle the errors from javascript */\r
- if ($_POST['password_error'] <> "")\r
- {\r
- $pwd_errors = explode(",", $_POST['password_error']);\r
- \r
- foreach ($pwd_errors as $pwd_error)\r
- {\r
- if ($pwd_error == "missing_password")\r
- $missing_fields[] = _AT('password');\r
- else\r
- $msg->addError($pwd_error);\r
- }\r
- }\r
-\r
- if (!$msg->containsErrors()) {\r
- //save data\r
- $password = $addslashes($_POST['form_password_hidden']);\r
-\r
- $sql = "UPDATE ".TABLE_PREFIX."jb_employers SET password='".$password."', last_login=last_login WHERE id=".intval($_REQUEST['id']);\r
- $result = mysql_query($sql,$db);\r
-\r
- //send confirmation email\r
- require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');\r
-\r
- $tmp_message = _AT(array('password_change_confirm', $_config['site_name'].': '._AT('job_board'), $_base_href.AT_JB_BASENAME.'employer/login.php'))."\n\n";\r
-\r
- $mail = new ATutorMailer;\r
- $mail->From = $_config['contact_email'];\r
- $mail->AddAddress($email);\r
- $mail->Subject = $_config['site_name'] . ': ' . _AT('password_forgot');\r
- $mail->Body = $tmp_message;\r
-\r
- if(!$mail->Send()) {\r
- $msg->printErrors('SENDING_ERROR');\r
- exit;\r
- }\r
-\r
- $msg->addFeedback('PASSWORD_CHANGED');\r
- unset($mail);\r
- \r
- header('Location:login.php');\r
-\r
- } else {\r
- $savant->assign('id', $_REQUEST['id']);\r
- $savant->assign('g', $_REQUEST['g']);\r
- $savant->assign('h', $_REQUEST['h']);\r
- $savant->display('password_change.tmpl.php');\r
- } \r
- }\r
-\r
-} else {\r
- $savant->display('password_reminder.tmpl.php');\r
-}\r
-\r
-\r
-?>
\ No newline at end of file