/phpBB/includes/ucp/ucp_remind.php
PHP | 135 lines | 85 code | 27 blank | 23 comment | 11 complexity | 0d01230062df1b0eccf8eb72da2df7b2 MD5 | raw file
Possible License(s): AGPL-1.0
- <?php
- /**
- *
- * This file is part of the phpBB Forum Software package.
- *
- * @copyright (c) phpBB Limited <https://www.phpbb.com>
- * @license GNU General Public License, version 2 (GPL-2.0)
- *
- * For full copyright and license information, please see
- * the docs/CREDITS.txt file.
- *
- */
- /**
- * @ignore
- */
- if (!defined('IN_PHPBB'))
- {
- exit;
- }
- /**
- * ucp_remind
- * Sending password reminders
- */
- class ucp_remind
- {
- var $u_action;
- function main($id, $mode)
- {
- global $config, $phpbb_root_path, $phpEx;
- global $db, $user, $auth, $template, $phpbb_container;
- if (!$config['allow_password_reset'])
- {
- trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'));
- }
- $username = request_var('username', '', true);
- $email = strtolower(request_var('email', ''));
- $submit = (isset($_POST['submit'])) ? true : false;
- if ($submit)
- {
- $sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason
- FROM ' . USERS_TABLE . "
- WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'
- AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
- $result = $db->sql_query($sql);
- $user_row = $db->sql_fetchrow($result);
- $db->sql_freeresult($result);
- if (!$user_row)
- {
- trigger_error('NO_EMAIL_USER');
- }
- if ($user_row['user_type'] == USER_IGNORE)
- {
- trigger_error('NO_USER');
- }
- if ($user_row['user_type'] == USER_INACTIVE)
- {
- if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL)
- {
- trigger_error('ACCOUNT_DEACTIVATED');
- }
- else
- {
- trigger_error('ACCOUNT_NOT_ACTIVATED');
- }
- }
- // Check users permissions
- $auth2 = new \phpbb\auth\auth();
- $auth2->acl($user_row);
- if (!$auth2->acl_get('u_chgpasswd'))
- {
- trigger_error('NO_AUTH_PASSWORD_REMINDER');
- }
- $server_url = generate_board_url();
- // Make password at least 8 characters long, make it longer if admin wants to.
- // gen_rand_string() however has a limit of 12 or 13.
- $user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
- // For the activation key a random length between 6 and 10 will do.
- $user_actkey = gen_rand_string(mt_rand(6, 10));
- // Instantiate passwords manager
- $passwords_manager = $phpbb_container->get('passwords.manager');
- $sql = 'UPDATE ' . USERS_TABLE . "
- SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
- WHERE user_id = " . $user_row['user_id'];
- $db->sql_query($sql);
- include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
- $messenger = new messenger(false);
- $messenger->template('user_activate_passwd', $user_row['user_lang']);
- $messenger->set_addresses($user_row);
- $messenger->anti_abuse_headers($config, $user);
- $messenger->assign_vars(array(
- 'USERNAME' => htmlspecialchars_decode($user_row['username']),
- 'PASSWORD' => htmlspecialchars_decode($user_password),
- 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
- );
- $messenger->send($user_row['user_notify_type']);
- meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
- $message = $user->lang['PASSWORD_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
- trigger_error($message);
- }
- $template->assign_vars(array(
- 'USERNAME' => $username,
- 'EMAIL' => $email,
- 'S_PROFILE_ACTION' => append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword'))
- );
- $this->tpl_name = 'ucp_remind';
- $this->page_title = 'UCP_REMIND';
- }
- }