-<?php
-/****************************************************************/
-/* ATutor */
-/****************************************************************/
-/* Copyright (c) 2002-2010 */
-/* Inclusive Design Institute */
-/* http://atutor.ca */
-/* */
-/* This program is free software. You can redistribute it and/or*/
-/* modify it under the terms of the GNU General Public License */
-/* as published by the Free Software Foundation. */
-/****************************************************************/
-// $Id: bounce.php 10055 2010-06-29 20:30:24Z cindy $
-
-$_user_location = 'public';
-define(AT_INCLUDE_PATH, '../../../include/');
-include(AT_INCLUDE_PATH.'vitals.inc.php');
-include(AT_JB_INCLUDE.'classes/Job.class.php');
-
-if (isset($_POST['cancel'])) {
- $msg->addFeedback('CANCELLED');
- header('Location: login.php');
- exit;
-
-} else if (isset($_POST['form_password_reminder'])) {
- //get database info to create & email change-password-link
- $_POST['form_email'] = $addslashes($_POST['form_email']);
- $sql = "SELECT id, username, employer_name, password, email FROM ".TABLE_PREFIX."jb_employers WHERE email='$_POST[form_email]'";
- $result = mysql_query($sql,$db);
- if ($row = mysql_fetch_assoc($result)) {
-
- //date link was generated (# days since epoch)
- $gen = intval(((time()/60)/60)/24);
-
- $hash = sha1($row['id'] + $gen + $row['password']);
- $hash_bit = substr($hash, 5, 15);
-
- $change_link = $_base_href.'password_reminder.php?id='.$row['id'].'&g='.$gen.'&h='.$hash_bit;
- if($row['employer_name'] != ''){
- $reply_name = $row['employer_name'];
- }else{
- $reply_name = $row['employer_name'];
- }
- $tmp_message = _AT(array('password_request2',$reply_name, $row['employer_name'], AT_PASSWORD_REMINDER_EXPIRY, $change_link));
-
- //send email
- require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
- $mail = new ATutorMailer;
- $mail->From = $_config['contact_email'];
- $mail->AddAddress($row['email']);
- $mail->Subject = $_config['site_name'].'-'._AT('job_board') . ': ' . _AT('password_forgot');
- $mail->Body = $tmp_message;
-
- if(!$mail->Send()) {
- $msg->addError('SENDING_ERROR');
- $savant->display('password_reminder_feedback.tmpl.php');
- exit;
- }
-
- $msg->addFeedback('CONFIRM_EMAIL2');
- unset($mail);
-
- $savant->display('password_reminder_feedback.tmpl.php');
-
- } else {
- $msg->addError('EMAIL_NOT_FOUND');
- $savant->display('password_reminder.tmpl.php');
- }
-
-} else if (isset($_REQUEST['id']) && isset($_REQUEST['g']) && isset($_REQUEST['h'])) {
-//coming from an email link
-
- //check if expired
- $current = intval(((time()/60)/60)/24);
- $expiry_date = $_REQUEST['g'] + AT_PASSWORD_REMINDER_EXPIRY; //2 days after creation
-
- if ($current > $expiry_date) {
- $msg->addError('INVALID_LINK');
- $savant->display('password_reminder_feedback.tmpl.php');
- exit;
- }
-
- /* check if already visited (possibley add a "last login" field to members table)... if password was changed, won't work anyway. do later. */
-
- //check for valid hash
- $sql = "SELECT password, email FROM ".TABLE_PREFIX."jb_employers WHERE id=".intval($_REQUEST['id']);
- $result = mysql_query($sql,$db);
- if ($row = mysql_fetch_assoc($result)) {
- $email = $row['email'];
-
- $hash = sha1($_REQUEST['id'] + $_REQUEST['g'] + $row['password']);
- $hash_bit = substr($hash, 5, 15);
-
- if ($_REQUEST['h'] != $hash_bit) {
- $msg->addError('INVALID_LINK');
- $savant->display('password_reminder_feedback.tmpl.php');
- } else if (($_REQUEST['h'] == $hash_bit) && !isset($_POST['form_change'])) {
- $savant->assign('id', $_REQUEST['id']);
- $savant->assign('g', $_REQUEST['g']);
- $savant->assign('h', $_REQUEST['h']);
- $savant->display('employer/password_change.tmpl.php');
- }
- } else {
- $msg->addError('INVALID_LINK');
- $savant->display('password_reminder_feedback.tmpl.php');
- exit;
- }
-
- //changing the password
- if (isset($_POST['form_change'])) {
-
- /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
- if ($_POST['password_error'] <> "")
- {
- $pwd_errors = explode(",", $_POST['password_error']);
-
- foreach ($pwd_errors as $pwd_error)
- {
- if ($pwd_error == "missing_password")
- $missing_fields[] = _AT('password');
- else
- $msg->addError($pwd_error);
- }
- }
-
- if (!$msg->containsErrors()) {
- //save data
- $password = $addslashes($_POST['form_password_hidden']);
-
- $sql = "UPDATE ".TABLE_PREFIX."jb_employers SET password='".$password."', last_login=last_login WHERE id=".intval($_REQUEST['id']);
- $result = mysql_query($sql,$db);
-
- //send confirmation email
- require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
-
- $tmp_message = _AT(array('password_change_confirm', $_config['site_name'].': '._AT('job_board'), $_base_href))."\n\n";
-
- $mail = new ATutorMailer;
- $mail->From = $_config['contact_email'];
- $mail->AddAddress($email);
- $mail->Subject = $_config['site_name'] . ': ' . _AT('password_forgot');
- $mail->Body = $tmp_message;
-
- if(!$mail->Send()) {
- $msg->printErrors('SENDING_ERROR');
- exit;
- }
-
- $msg->addFeedback('PASSWORD_CHANGED');
- unset($mail);
-
- header('Location:index.php');
-
- } else {
- $savant->assign('id', $_REQUEST['id']);
- $savant->assign('g', $_REQUEST['g']);
- $savant->assign('h', $_REQUEST['h']);
- $savant->display('password_change.tmpl.php');
- }
- }
-
-} else {
- $savant->display('password_reminder.tmpl.php');
-}
-
-
+<?php\r
+/****************************************************************/\r
+/* ATutor */\r
+/****************************************************************/\r
+/* Copyright (c) 2002-2010 */\r
+/* Inclusive Design Institute */\r
+/* http://atutor.ca */\r
+/* */\r
+/* This program is free software. You can redistribute it and/or*/\r
+/* modify it under the terms of the GNU General Public License */\r
+/* as published by the Free Software Foundation. */\r
+/****************************************************************/\r
+// $Id: bounce.php 10055 2010-06-29 20:30:24Z cindy $\r
+\r
+$_user_location = 'public';\r
+define(AT_INCLUDE_PATH, '../../../include/');\r
+include(AT_INCLUDE_PATH.'vitals.inc.php');\r
+include(AT_JB_INCLUDE.'classes/Job.class.php');\r
+\r
+if (isset($_POST['cancel'])) {\r
+ $msg->addFeedback('CANCELLED');\r
+ header('Location: login.php');\r
+ exit;\r
+\r
+} else if (isset($_POST['form_password_reminder'])) {\r
+ //get database info to create & email change-password-link\r
+ $_POST['form_email'] = $addslashes($_POST['form_email']);\r
+ $sql = "SELECT id, username, employer_name, password, email FROM ".TABLE_PREFIX."jb_employers WHERE email='$_POST[form_email]'";\r
+ $result = mysql_query($sql,$db);\r
+ if ($row = mysql_fetch_assoc($result)) {\r
+ \r
+ //date link was generated (# days since epoch)\r
+ $gen = intval(((time()/60)/60)/24);\r
+\r
+ $hash = sha1($row['id'] + $gen + $row['password']);\r
+ $hash_bit = substr($hash, 5, 15);\r
+ \r
+ $change_link = $_base_href.AT_JB_BASENAME.'employer/password_reminder.php?id='.$row['id'].'&g='.$gen.'&h='.$hash_bit;\r
+ if($row['employer_name'] != ''){\r
+ $reply_name = $row['employer_name'];\r
+ }else{\r
+ $reply_name = $row['employer_name'];\r
+ }\r
+ $tmp_message = _AT(array('password_request2',$reply_name, $row['employer_name'], AT_PASSWORD_REMINDER_EXPIRY, $change_link));\r
+\r
+ //send email\r
+ require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');\r
+ $mail = new ATutorMailer;\r
+ $mail->From = $_config['contact_email'];\r
+ $mail->AddAddress($row['email']);\r
+ $mail->Subject = $_config['site_name'].'-'._AT('job_board') . ': ' . _AT('password_forgot');\r
+ $mail->Body = $tmp_message;\r
+\r
+ if(!$mail->Send()) {\r
+ $msg->addError('SENDING_ERROR');\r
+ $savant->display('password_reminder_feedback.tmpl.php'); \r
+ exit;\r
+ }\r
+\r
+ $msg->addFeedback('CONFIRM_EMAIL2');\r
+ unset($mail);\r
+\r
+ $savant->display('password_reminder_feedback.tmpl.php'); \r
+\r
+ } else {\r
+ $msg->addError('EMAIL_NOT_FOUND');\r
+ $savant->display('password_reminder.tmpl.php'); \r
+ }\r
+\r
+} else if (isset($_REQUEST['id']) && isset($_REQUEST['g']) && isset($_REQUEST['h'])) {\r
+//coming from an email link\r
+\r
+ //check if expired\r
+ $current = intval(((time()/60)/60)/24);\r
+ $expiry_date = $_REQUEST['g'] + AT_PASSWORD_REMINDER_EXPIRY; //2 days after creation\r
+\r
+ if ($current > $expiry_date) {\r
+ $msg->addError('INVALID_LINK'); \r
+ $savant->display('password_reminder_feedback.tmpl.php'); \r
+ exit;\r
+ }\r
+\r
+ /* check if already visited (possibley add a "last login" field to members table)... if password was changed, won't work anyway. do later. */\r
+\r
+ //check for valid hash\r
+ $sql = "SELECT password, email FROM ".TABLE_PREFIX."jb_employers WHERE id=".intval($_REQUEST['id']);\r
+ $result = mysql_query($sql,$db);\r
+ if ($row = mysql_fetch_assoc($result)) {\r
+ $email = $row['email'];\r
+\r
+ $hash = sha1($_REQUEST['id'] + $_REQUEST['g'] + $row['password']);\r
+ $hash_bit = substr($hash, 5, 15);\r
+\r
+ if ($_REQUEST['h'] != $hash_bit) {\r
+ $msg->addError('INVALID_LINK');\r
+ $savant->display('password_reminder_feedback.tmpl.php'); \r
+ } else if (($_REQUEST['h'] == $hash_bit) && !isset($_POST['form_change'])) {\r
+ $savant->assign('id', $_REQUEST['id']);\r
+ $savant->assign('g', $_REQUEST['g']);\r
+ $savant->assign('h', $_REQUEST['h']);\r
+ $savant->display('employer/password_change.tmpl.php');\r
+ }\r
+ } else {\r
+ $msg->addError('INVALID_LINK');\r
+ $savant->display('password_reminder_feedback.tmpl.php'); \r
+ exit;\r
+ }\r
+\r
+ //changing the password\r
+ if (isset($_POST['form_change'])) {\r
+\r
+ /* password check: password is verified front end by javascript. here is to handle the errors from javascript */\r
+ if ($_POST['password_error'] <> "")\r
+ {\r
+ $pwd_errors = explode(",", $_POST['password_error']);\r
+ \r
+ foreach ($pwd_errors as $pwd_error)\r
+ {\r
+ if ($pwd_error == "missing_password")\r
+ $missing_fields[] = _AT('password');\r
+ else\r
+ $msg->addError($pwd_error);\r
+ }\r
+ }\r
+\r
+ if (!$msg->containsErrors()) {\r
+ //save data\r
+ $password = $addslashes($_POST['form_password_hidden']);\r
+\r
+ $sql = "UPDATE ".TABLE_PREFIX."jb_employers SET password='".$password."', last_login=last_login WHERE id=".intval($_REQUEST['id']);\r
+ $result = mysql_query($sql,$db);\r
+\r
+ //send confirmation email\r
+ require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');\r
+\r
+ $tmp_message = _AT(array('password_change_confirm', $_config['site_name'].': '._AT('job_board'), $_base_href.AT_JB_BASENAME.'employer/login.php'))."\n\n";\r
+\r
+ $mail = new ATutorMailer;\r
+ $mail->From = $_config['contact_email'];\r
+ $mail->AddAddress($email);\r
+ $mail->Subject = $_config['site_name'] . ': ' . _AT('password_forgot');\r
+ $mail->Body = $tmp_message;\r
+\r
+ if(!$mail->Send()) {\r
+ $msg->printErrors('SENDING_ERROR');\r
+ exit;\r
+ }\r
+\r
+ $msg->addFeedback('PASSWORD_CHANGED');\r
+ unset($mail);\r
+ \r
+ header('Location:login.php');\r
+\r
+ } else {\r
+ $savant->assign('id', $_REQUEST['id']);\r
+ $savant->assign('g', $_REQUEST['g']);\r
+ $savant->assign('h', $_REQUEST['h']);\r
+ $savant->display('password_change.tmpl.php');\r
+ } \r
+ }\r
+\r
+} else {\r
+ $savant->display('password_reminder.tmpl.php');\r
+}\r
+\r
+\r
?>
\ No newline at end of file