PageRenderTime 45ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 1ms

/Layer-2__Business_logic/content/forms/Lost_Password_form.php

#
PHP | 161 lines | 98 code | 30 blank | 33 comment | 25 complexity | eeba2db9634e577492380ffdb677f2eb MD5 | raw file
Possible License(s): AGPL-3.0 
    

  1. <?php
    2. 

  2. // Authors: Davi Leal
    3. 

  3. //
    4. 

  4. // Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Davi Leal <davi at leals dot com>
    5. 

  5. //
    6. 

  6. // This program is free software: you can redistribute it and/or modify it under
    7. 

  7. // the terms of the GNU Affero General Public License as published by the Free Software Foundation,
    8. 

  8. // either version 3 of the License, or (at your option) any later version.
    9. 

  9. // 
    10. 

  10. // This program is distributed in the hope that it will be useful,
    11. 

  11. // but WITHOUT ANY WARRANTY; without even the implied
    12. 

  12. // warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero
    13. 

  13. // General Public License for more details.
    14. 

  14. // 
    15. 

  15. // You should have received a copy of the GNU Affero General Public License along with this
    16. 

  16. // program in the COPYING file.  If not, see <http://www.gnu.org/licenses/>.
    17. 

  17. 

  18. 

  19. require_once "../Layer-4__DBManager_etc/DB_Manager.php";
    20. 

  20. 

  21. // Methods take the values from the global $_POST[] array.
    22. 

  22. 

  23. 

  24. class LostPassword
    25. 

  25. {
    26. 

  26. 	private $manager;
    27. 

  27. 	private $checks;
    28. 

  28. 	private $processingResult;
    29. 

  29. 

  30. 

  31. 	function __construct()
    32. 

  32. 	{
    33. 

  33. 		$this->manager = new DBManager();
    34. 

  34. 		$this->processingResult = '';
    35. 

  35. 	}
    36. 

  36. 

  37. 

  38. 	public function processForm()
    39. 

  39. 	{
    40. 

  40. 		// Check the log in state
    41. 

  41. 		if ( $_SESSION['Logged'] == '1' )
    42. 

  42. 		{
    43. 

  43. 			$error = "<p>".gettext("You are already logged!. So we suppose you know your password. Anyway, log out and ask for it again if you want we send it to you.")."</p>";
    44. 

  44. 			throw new Exception($error,false);
    45. 

  45. 		}
    46. 

  46. 

  47. 		// Process each button event
    48. 

  48. 		if ( $_POST['send'] != '' )
    49. 

  49. 		{
    50. 

  50. 			// Checks
    51. 

  51. 			$this->checkLostPasswordForm();
    52. 

  52. 

  53. 			if ($this->checks['result'] == "pass" )
    54. 

  54. 			{
    55. 

  55. 				if ( $this->manager->lookForEntity(trim($_POST['Email'])) == true )
    56. 

  56. 				{
    57. 

  57. 					// Check to avoid spam
    58. 

  58. 					// If we do not send the email, to avoid possible spam, we do not add the 'magic' to the data base because of without that email the user will not be able to use the 'magic' to get a new password.
    59. 

  59. 					if ( $this->manager->allowLostPasswordEmail(trim($_POST['Email'])) == true )
    60. 

  60. 					{
    61. 

  61. 						// Make the 'magic' flag
    62. 

  62. 						$magic = md5( rand().rand().rand().rand().rand().rand().rand().rand().rand().rand().rand() );
    63. 

  63. 

  64. 						// Keep the 'magic' in the data base
    65. 

  65. 						$this->manager->saveLostPasswordMagicForEntity($magic);
    66. 

  66. 

  67. 						// Send the email
    68. 

  68. 						$message = gettext("For security reasons, GNU Herds does not send passwords by electronic mail.")."\n\n";
    69. 

  69. 

  70. 						$message .= gettext("To get your new password follow the below link.")." ".gettext("That link will expire in 2 hours:")."\n\n";
    71. 

  71. 

  72. 						$message .= "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']."?email=".trim($_POST['Email'])."&magic=".$magic;
    73. 

  73. 

  74. 						$message .= "\n\n";
    75. 

  75. 						$message .= gettext("If you have not asked for a new password, ignore it and your password will not be changed.")."\n\n";
    76. 

  76. 

  77. 						mb_language("uni");
    78. 

  78. 						mb_send_mail(trim($_POST['Email']), "GNU Herds: ".gettext("Lost password?"), "$message", "From: association@gnuherds.org");
    79. 

  79. 					}
    80. 

  80. 				}
    81. 

  81. 

  82. 				// Report to the user
    83. 

  83. 				$this->processingResult .= "<p>&nbsp;</p><p>".vsprintf(gettext('An email has been sent to %s with the instructions to change the password.'),"<span class='must'>{$_POST['Email']}</span>")."<p>\n";
    84. 

  84. 			}
    85. 

  85. 		}
    86. 

  86. 		elseif ( isset($_GET['email']) and $_GET['email'] != '' )
    87. 

  87. 		{
    88. 

  88. 			// Get and set a new password for the Entity who has that email
    89. 

  89. 			$new_password = $this->manager->setNewPasswordForEntity();
    90. 

  90. 

  91. 			if ( $new_password != false )
    92. 

  92. 			{
    93. 

  93. 				// Show the new password
    94. 

  94. 				$this->processingResult .= "<p>&nbsp;</p>\n";
    95. 

  95. 				$this->processingResult .= "<p>&nbsp; &nbsp; &nbsp; &nbsp; ".gettext("Your new password is:")." <strong>".$new_password."</strong></p>\n";
    96. 

  96. 				$this->processingResult .= "<p>&nbsp; &nbsp; &nbsp; &nbsp; ".gettext("To improve your security, you should change your password after loging in.")."</p>";
    97. 

  97. 			}
    98. 

  98. 		}
    99. 

  99. 	}
    100. 

  100. 

  101. 

  102. 	public function printOutput()
    103. 

  103. 	{
    104. 

  104. 		if ( $_POST['send'] != '' )
    105. 

  105. 		{
    106. 

  106. 			// Show the form
    107. 

  107. 			$this->printPersonForm();
    108. 

  108. 		}
    109. 

  109. 		elseif ( isset($_GET['email']) and $_GET['email'] != '' )
    110. 

  110. 		{
    111. 

  111. 			// Show just the processingResult
    112. 

  112. 		}
    113. 

  113. 		elseif( isset($_GET['language']) )
    114. 

  114. 		{
    115. 

  115. 			// GET request from the language change form.
    116. 

  116. 

  117. 			// Show the form
    118. 

  118. 			$this->printPersonForm();
    119. 

  119. 		}
    120. 

  120. 		else
    121. 

  121. 		{
    122. 

  122. 			// Show the form
    123. 

  123. 			$this->printPersonForm();
    124. 

  124. 		}
    125. 

  125. 

  126. 		if ( ( $_POST['send'] != '' and $this->checks['result'] == "pass" )  or $_GET['email'] != '' )
    127. 

  127. 			echo $this->processingResult;
    128. 

  128. 	}
    129. 

  129. 

  130. 

  131. 	private function printPersonForm()
    132. 

  132. 	{
    133. 

  133. 		$smarty = new Smarty;
    134. 

  134. 

  135. 		$smarty->assign('checks', $this->checks);
    136. 

  136. 

  137. 		$smarty->display("Lost_Password_form.tpl");
    138. 

  138. 	}
    139. 

  139. 

  140. 

  141. 	private function checkLostPasswordForm()
    142. 

  142. 	{
    143. 

  143. 		$this->checks['result'] = "pass"; // By default the checks pass
    144. 

  144. 

  145. 		if ( trim($_POST['Email'])=='' )
    146. 

  146. 		{
    147. 

  147. 			$this->checks['result'] = "fail";
    148. 

  148. 			$this->checks['Email'] = gettext('Please fill in here');
    149. 

  149. 		}
    150. 

  150. 		else
    151. 

  151. 		{
    152. 

  152. 			// The Email field have to keep the right syntax
    153. 

  153. 			if (!preg_match("/^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/", trim($_POST["Email"])))
    154. 

  154. 			{
    155. 

  155. 				$this->checks['result'] = "fail";
    156. 

  156. 				$this->checks['Email'] = gettext('Invalid email address');
    157. 

  157. 			}
    158. 

  158. 		}
    159. 

  159. 	}
    160. 

  160. }
    161. 

  161. ?>
    162. 

  162.