/passwd.php
PHP | 438 lines | 388 code | 13 blank | 37 comment | 13 complexity | 5bf1cee384a2184d78896ad0a40b6610 MD5 | raw file
- <? /* $Id$ */
- require("objects/objects.inc.php");
- ob_start();
- session_start();
- // include all necessary files
- include("includes.inc.php");
- //printpre ($_REQUEST);
- /******************************************************************************
- * actions:
- * login -> auth
- * register -> newuser,
- * reset -> send,
- * change -> newpassword
- ******************************************************************************/
- if ($_REQUEST[reset] == "reset") $reset = $_REQUEST[reset];
- //if ($_REQUEST[email]) $email = $_REQUEST[email];
- //if ($_REQUEST[uname]) $uname = $_REQUEST[uname];
- /******************************************************************************
- * newpassword - changes password
- ******************************************************************************/
- if ($_REQUEST[action] == "newpassword") {
- $authtype = db_get_value("user","user_authtype","user_uname = '".addslashes($_SESSION[auser])."'");
- $db_pass = db_get_value("user","user_pass","user_uname = '".addslashes($_SESSION[auser])."'");
- if ($authtype != "db") {
- $message = "<div align='center'>This password cannot be reset here.</div>";
- } else {
- $origPassValid = !strcmp($_REQUEST[oldpass],$db_pass);
- if ($origPassValid) {
- $oldpass = $_REQUEST[oldpass];
- $passwordsMatch = !strcmp($_REQUEST[newpass1],$_REQUEST[newpass2]);
- if ($passwordsMatch) {
- $validLength = ereg(".{8,200}",$_REQUEST[newpass1]);
- if ($validLength) {
- $validChars = !ereg("[\'\"]",$_REQUEST[newpass1]);
- if ($validChars) {
- $passwordGood = 1;
- $query = "UPDATE user SET user_pass='".addslashes($_REQUEST[newpass1])."' where user_uname='".addslashes($_SESSION[auser])."'";
- db_query($query);
- } else {
- unset($newpass1);
- unset($newpass2);
- $message = "<div align='center'>New password contains prohibited characters</div>";
- }
- } else {
- unset($newpass1);
- unset($newpass2);
- $message = "<div align='center'>New password is not between 8 and 200 characters</div>";
- }
- } else {
- unset($newpass1);
- unset($newpass2);
- $message = "<div align='center'>New passwords don't match</div>";
- }
- } else {
- unset($oldpass);
- $message = "<div align='center'>Your old password is invalid</div>";
- } // end origPassValid
- }// end authtype
-
- if ($passwordGood) {
- $message = "<div align='center'>Your password has been changed<br /><br /></div>";
- $message .= "<div align='center'><input type='button' value='Return' onclick='window.close()' /></div>";
- }
- /******************************************************************************
- * send || newuser - generates a password and sends to existing or new user
- ******************************************************************************/
-
- } else if ($_REQUEST[action] == "send" || $_REQUEST[action] == "newuser") {
- $name = $_REQUEST['uname'];
- $email = $_REQUEST['email'];
-
- $error = FALSE;
- if ($_REQUEST[action] == "newuser" && !$_REQUEST['uname']) {
- $message .= "<div align='center'>You must enter a Name.<br /></div>";
- $error = TRUE;
- }
- if (!$_REQUEST['email'] || !ereg("@", $_REQUEST['email'])) {
- $message .= "<div align='center'>You must enter a valid email address.<br /></div>";
- $error = TRUE;
- }
-
- foreach ($cfg[visitor_email_excludes] as $visitor_email_exclude) {
- if ($exclude = ereg($visitor_email_exclude, $email)) {
- if ($_REQUEST[action] == "send") {
- $message = "<div align='left'>You cannot reset your $cfg[inst_name] account password here.<br /></div>";
- if ($cfg['auth_help_on']) $message .= "<br />(".$cfg[auth_help].")<br /><br />";
- } else {
- $message = "You cannot register your $cfg[inst_name] account here.<br /></div>";
- if ($cfg['auth_help_on']) $message .= "<br />(".$cfg[auth_help].")<br /><br />";
- }
- $id = 0;
- $error = TRUE;
- break;
- }
- }
-
- $id = db_get_value("user","user_id","user_email='".addslashes($email)."'");
- if ($id) $authtype = db_get_value("user", "user_authtype", "user_id = '".addslashes($id)."'");
- if ($id && $authtype != "db") {
- $error=TRUE;
- $message = "<div align='left'>This user account is not authenticated by Segue and so you cannot reset this account's password here.<br /></div>";
- }
-
- /******************************************************************************
- * a matching user was found and email not excluded
- ******************************************************************************/
-
- if ($id > 0 && $error != TRUE) {
-
- if ($_REQUEST[action] == "send") {
- $obj =& new user();
- $obj->fetchUserID($id);
- $obj->randpass(5,3);
- $obj->updateDB();
- $obj->sendemail(1);
- $message = "<div align='left'>A new random password has been sent to the email address you entered above.<br /></div>";
- } else {
- $message = "<div align='left'>Your email address is already in our database.<br /></div>";
- //$message .= " (<a href='passwd.php?$sid&action=reset&email=$email'>Forgot your password?</a>).</div>";
- }
-
- /******************************************************************************
- * reset password (send) no matching user found ...
- ******************************************************************************/
-
- } else if ($_REQUEST[action] == "send" && $error != TRUE) {
- $message = "<div align='center'>There is no visitor user account for this email address...<br /></div>";
-
- /******************************************************************************
- * register -> newuser: no matching user found therefore create new user
- * and authenticate
- ******************************************************************************/
-
- } else if ($_REQUEST[action] == "newuser" && $error != TRUE) {
- $name = $email;
- $obj =& new user();
- $obj->uname = $_REQUEST['email'];
- $obj->fname = $_REQUEST['uname'];
- $obj->email = $_REQUEST['email'];
- $obj->type = "visitor";
- $obj->authtype = 'db';
- $obj->randpass(5,3);
- $obj->insertDB();
- $obj->sendemail();
- $visitor_id = lastid();
-
- $message = "Thank you for registering. Your user account information has been emailed to you. Use this information to log into Segue.<br /><br />";
- $message .= "<div align='center'><input type='button' value='Return' onclick='refreshParent()' /></div><br />";
- }
- /******************************************************************************
- * log in -> auth
- ******************************************************************************/
- } else if ($_REQUEST[action] == "auth") {
- $name = $_REQUEST['uname'];
- $pass = $_REQUEST['password'];
- $valid = 0;
- foreach ($_auth_mods as $_auth) {
- $func = "_valid_".$_auth;
- //print "<br />AUTH: trying ".$_auth ."..."; //debug
- if ($x = $func($name,$pass)) {
- $valid = 1;
- break;
- }
- }
- if ($valid) {
- $_SESSION[luser] = $x[user];
- $_SESSION[lemail] = $x[email];
- $_SESSION[lfname] = $x[fullname];
- $_SESSION[ltype] = $x[type];
- $_SESSION[lid] = $x[id];
- $_SESSION[lmethod] = $x[method];
- $_SESSION[auser] = $x[user];
- $_SESSION[aemail] = $x[email];
- $_SESSION[afname] = $x[fullname];
- $_SESSION[atype] = $x[type];
- $_SESSION[aid] = $x[id];
- $_SESSION[amethod] = $x[method];
- $message = "<div align='left'>Your login information was correct. Use the Return button below to complete authentication.<br /><br /></div>";
- $message .= "<div align='center'><input type='button' value='Return' onclick='refreshParent()' /></div>";
- } else {
- $message = "<div align='left'>Your password/username was incorrect.</div>";
- }
- }
- ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>
- <?
- if ($_REQUEST[action] == "reset" || $reset) {
- print "Reset Password";
- } else if ($_REQUEST[action] == "login" || $auth) {
- print "Log In";
- } else if ($_REQUEST[action] == "register" || $newuser) {
- print "Register";
- } else if ($_REQUEST[action] == "change" || $change) {
- print "Change My Password";
- }
- ?>
- </title>
- <? include("themes/common/logs_css.inc.php"); ?>
- <script type='text/javascript'>
- // <![CDATA[
- function refreshParent() {
- window.opener.location.href = window.opener.location.href;
- if (window.opener.progressWindow) {
- window.opener.progressWindow.close();
- }
- window.close();
- }
- // ]]>
- </script>
- </head>
- <?
- if ($_SESSION[auser] && $auth)
- print "<body onload='refreshParent()'>";
- else
- print "<body onload='document.passform.oldpass.focus()'>";
- ?>
- <form action="<? echo $PHP_SELF ?>" method='post' name="passform">
- <table cellspacing='1' width='100%'>
- <tr><th colspan='2'>
- <?
- if ($_REQUEST[action] == "reset" || $reset) {
- print "Forgot My Password";
- } else if ($_REQUEST[action] == "login" || $auth) {
- print "Log In";
- } else if ($_REQUEST[action] == "register" || $newuser) {
- print "Visitor Registratoin";
- } else if ($_REQUEST[action] == "change" || $change) {
- print "Change My Password";
- }
- ?>
- </th></tr>
- <?
- /******************************************************************************
- * User Accounts links
- * Login | Forget your Password | Change your Password
- ******************************************************************************/
- print "<tr><td colspan='2' align='center'>";
- print "<br /><div align='center'>";
- if ($_REQUEST[action] == "reset" || $reset) {
- print "Forgot your password?";
- } else {
- if ($_SESSION['auser'])
- print "<span style='color: #aaa'>Forgot your password?</span>";
- else
- print "<a href='passwd.php?$sid&action=reset&email=$email'>Forgot your password?</a>";
- }
- if ($cfg[auth_register_on] == TRUE) {
- if ($_REQUEST[action] == "register" || $newuser) {
- print " | Register";
- } else {
- if ($_SESSION['auser'])
- print " | <span style='color: #aaa'>Register</span>";
- else
- print " | <a href='passwd.php?$sid&action=register&email=$email'>Register</a>";
- }
- }
- if ($_REQUEST[action] == "login" || $auth) {
- print " | Login";
- } else {
- if ($_SESSION['auser'])
- print " | <span style='color: #aaa'>Login</span>";
- else
- print " | <a href='passwd.php?$sid&action=login'>Login</a>";
- }
- if ($_REQUEST[action] == "change" || $change) {
- print " | Change your password";
- } else {
- print " | <a href='passwd.php?$sid&action=change&email=$email'>Change your password</a>";
- }
- print "</div><br />";
- print "</td></tr>";
- /******************************************************************************
- * Change Password UI
- ******************************************************************************/
- //printpre ($_SESSION);
- if ($_REQUEST[action] == "change" || $change) {
- if (!isset($_SESSION[ltype])) {
- print "<tr><td colspan='2' align='left'> You must already be authenticated in order to change your password.<br /><br />";
- if ($cfg['auth_help_on']) print "(".$cfg[auth_help].")<br /><br />";
- print "</td></tr>";
- } else if ($_SESSION[amethod] != "db") {
- print "<tr><td colspan='2' align='left'>This user account is not authenticated by Segue and so you cannot reset this account's password here.";
- if ($cfg['auth_help_on']) print "<br /><br />(".$cfg[auth_help].")<br /><br />";
- print "</td></tr>";
-
- } else {
- print "<tr><td colspan='2' align='center'> Chose a new password below.<br />";
- if ($cfg['auth_help_on'])
- print "<br /><div align='left'>(".$cfg[auth_help].")</div><br />";
- print "<tr><td> User Name: </td>";
- print "<td><input type='text' name='uname' size='30' value='".$_SESSION['auser']."' readonly /></td>";
- print "</tr>";
- print "<tr><td>Full Name: </td>";
- print "<td><input type='text' name='fname' size='30' value='".$_SESSION['afname']."' readonly /></td>";
- print "</tr>";
- //print "<tr><td>Email Address:</td>";
- //print"<td><input type='text' name='email' size='30' value='".$_REQUEST['email']."' readonly /></td> ";
- //print"<tr>";
- print"<td>Old Password:</td>";
- print"<td><input type='password' name='oldpass' size='30' value='".$oldpass."' /></td></tr>";
- print"<tr>";
- print"<td>New Password:</td>";
- print"<td><input type='password' name='newpass1' size='30' value='".$newpass1."' /> <span style='color: #a00'>*</span></td>";
- print"</tr>";
- print"<tr>";
- print"<td>Again:</td>";
- print"<td><input type='password' name='newpass2' size='30' value='".$newpass2."' /> <span style='color: #a00'>*</span></td>";
- print"</tr>";
- print"<tr>";
- print"<td colspan='2'><span style='color: #a00'>* Must be 8-200 characters long and not contain any of the following: \" '</span></td>";
- print"</tr>";
- print"<tr><td colspan='2' align='center'><input type='submit' value='Change password' /><br /><br />";
- print"<input type='hidden' name='action' value='newpassword' />";
- print"<input type='hidden' name='change' value='1' />";
- print "</td></tr>";
- }
- /******************************************************************************
- * Log in UI
- ******************************************************************************/
- } else if (($_REQUEST[action] == "login" && !$_SESSION['auser']) || $auth) {
- print "<tr><td colspan='2' align='left'> Please enter your username and password. <br /><br />";
- print "</td><tr><td> User Name: </td>";
- print "<td><input type='text' name='uname' size='30' value='' /></td>";
- print "<tr><td>Password:</td>";
- print"<td><input type='password' name='password' size='30' value='' /> </td>";
- print"<tr><td colspan='2' align='center'><input type='submit' value='Log In' /><br /><br />";
- print "</td></tr>";
- print"<input type='hidden' name='action' value='auth' />";
- print"<input type='hidden' name='auth' value='1' />";
- /******************************************************************************
- * Register UI
- ******************************************************************************/
- } else if ($_REQUEST[action] == "register" || $newuser) {
- print "<tr><td colspan='2' align='left'> Please enter your name and your email address.";
- print " Once you have registered you will be able to post to this and all other $cfg[inst_name] public forums.";
- print " Your username will be your email address and a password will be emailed to you.<br /><br />";
- if ($cfg['auth_help_on'])
- print "(".$cfg[auth_help].")<br /><br />";
- print "</td><tr><td> Name: </td>";
- print "<td><input type='text' name='uname' size='30' value='".$_REQUEST['uname']."' /></td>";
- print "<tr><td>Email Address:</td>";
- print"<td><input type='text' name='email' size='30' value='".$_REQUEST['email']."' /> </td>";
- if (!$newuser || $error == TRUE)
- print"<tr><td colspan='2' align='center'><input type='submit' value='Register' /></td></tr>";
- print"<input type='hidden' name='action' value='newuser' />";
- print"<input type='hidden' name='newuser' value='1' />";
- /******************************************************************************
- * Reset Password UI
- ******************************************************************************/
- } else if ($_REQUEST[action] == "reset" || $reset) {
- if (isset($_SESSION[amethod]) && $_SESSION[amethod] != "db") {
- print "<tr><td colspan='2' align='left'>This user account is not authenticated by Segue and so you cannot reset this account's password here.";
- if ($cfg['auth_help_on'])
- print "<br /><br />(".$cfg[auth_help].")<br /><br />";
- } else {
- print "<tr><td colspan='2' align='left'> Please enter your email address and a new password will be sent to you.<br /><br />";
- if ($cfg['auth_help_on'])
- print "(".$cfg[auth_help].")<br /><br />";
- print "</td><tr><td>Email Address:</td>";
- print"<td><input type='text' name='email' size='30' value='".$_REQUEST['email']."' /></td></tr>";
- print"<tr><td colspan='2' align='center'><input type='submit' name='submit' value='Send new password' /><br /><br />";
- print"<input type='hidden' name='action' value='send' />";
- print"<input type='hidden' name='reset' value='1' />";
- }
- }
- print "</td></tr>";
- print "<tr><td colspan='2'>";
- print"<br />";
- print $message;
- print"<br />";
- print"</td></tr>";
- print "</table><br />";
- //print "<div align='right'><input type='button' value='Close Window' onclick='window.close()' /></div>";
- ?>
- <?
- // debug output -- handy :)
- /* print "<pre>"; */
- /* print "request:\n"; */
- /* print_r($_REQUEST); */
- /* print "\n\n"; */
- /* print "session:\n"; */
- /* print_r($_SESSION); */
- /* print "\n\n"; */
- /* if (is_object($thisPage)) { */
- /* print "\n\n"; */
- /* print "thisPage:\n"; */
- /* print_r($thisPage); */
- /* } else if (is_object($thisSection)) { */
- /* print "\n\n"; */
- /* print "thisSection:\n"; */
- /* print_r($thisSection); */
- /* } else if (is_object($thisSite)) { */
- /* print "\n\n"; */
- /* print "thisSite:\n"; */
- /* print_r($thisSite); */
- /* } */
- /* print "</pre>"; */
- ?>