PageRenderTime 25ms CodeModel.GetById 35ms RepoModel.GetById 1ms app.codeStats 0ms

/reset_password.php

https://github.com/davidma/ICRO-Web-Tool
PHP | 88 lines | 69 code | 16 blank | 3 comment | 11 complexity | 532a5f102e713a5b80d1fee58a0c18bc MD5 | raw file
    

  1. <?php    
    2. 

  2. 

  3.  // Start the page
    4. 

  4.  require("template/header.php");
    5. 

  5.  echo "<div class='newsbox'>";
    6. 

  6.  echo "<div class='newstitle'>Modify a user</div>";
    7. 

  7.  echo "<div class='newscontent'>";
    8. 

  8. 

  9.  // If its a non-logged in user, display public text
    10. 

  10.  if (!$theSentry->login())
    11. 

  11.  {
    12. 

  12.      echo "You need to be logged in to view this page"; 
    13. 

  13.  }
    14. 

  14.  else
    15. 

  15.  {
    16. 

  16.      if ($theSentry->hasPermission(2))
    17. 

  17.      {
    18. 

  18.          if (isset($_POST['user_id']))
    19. 

  19.          {
    20. 

  20.               $characters = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
    21. 

  21.               $pw_random = "";
    22. 

  22. 

  23.               for ($p = 0; $p < 12; $p++) 
    24. 

  24.               {
    25. 

  25.                   $pw_random .= $characters[mt_rand(0, strlen($characters))];
    26. 

  26.               }
    27. 

  27. 

  28.               $password = sha1($pw_random);
    29. 

  29. 

  30.               $insert = "update users set password = '$password' where user_id = '".$_POST['user_id']."';"; 
    31. 

  31. 

  32.               $result = $theDB->doQuery($insert);
    33. 

  33. 

  34.               if (!result)
    35. 

  35.               {
    36. 

  36.                    print 'Error adding user to DB - '.$theDB->lasterror().' - <a href="user_add.php">try again?</a>';
    37. 

  37.               }
    38. 

  38.               else
    39. 

  39.               {
    40. 

  40.                   $res = $theDB->fetchQuery("select * from users where user_id = '".$_POST['user_id']."';");
    41. 

  41. 

  42.                   $to = $res[0]['email'];
    43. 

  43.                   $subject = "[ICRO] Password Reset for Website";
    44. 

  44.                   $from = "ICRO Mailer <no-reply@icro.ie>";
    45. 

  45.                   $headers = "From: $from";
    46. 

  46.                   $url = "http://www.icro.ie/";
    47. 

  47.                   $message = "Hello ".$res[0]['first_name'].",\n\nYour password has been reset for $url\nYou can now log in with the following details:\n\nUsername: ".$res[0]['username']."\nPassword: ".$pw_random."\n\nOnce you log in, you can change your password from the main menu page. Please take a moment to ensure the rest of your profile details (especially mobile phone) are correct - these will be used in the event of a callout.\n\nHave a good day!,\n\nICRO Web Team";
    48. 

  48. 

  49.                   mail($to,$subject,$message,$headers);
    50. 

  50.                   
    51. 

  51.                   $theLogger->log("Password reset for user ".$res[0]['username']." and email sent");
    52. 

  52.                   echo "Password changed for user - email sent to ".$res[0]['email']."<br/>";
    53. 

  53.               }
    54. 

  54.          }
    55. 

  55.          else
    56. 

  56.          {
    57. 

  57.              echo "Select a User to modify:<br/><br/>";
    58. 

  58.              echo "<form action='reset_password.php' method='post'>";
    59. 

  59. 

  60.              $res = $theDB->fetchQuery("select user_id,first_name,last_name from users order by last_name;");
    61. 

  61. 

  62.              if (!$res)
    63. 

  63.              {
    64. 

  64.                  echo "No Users found!";
    65. 

  65.                  die();
    66. 

  66.              }
    67. 

  67.              else
    68. 

  68.              {
    69. 

  69.                  echo "<select name=user_id>";
    70. 

  70. 

  71.                  for ($i=0; $i<count($res); $i++)
    72. 

  72.                  {
    73. 

  73.                      echo "<option value='".$res[$i]['user_id']."'>".$res[$i]['last_name'].", ".$res[$i]['first_name']."</option>";
    74. 

  74.                  }
    75. 

  75. 

  76.                  echo "</select>";
    77. 

  77.              }
    78. 

  78. 

  79.              echo "<INPUT TYPE='submit' onClick='javascript:return confirm('Are you sure you want to reset this users password?')' value='Reset Password'/>";
    80. 

  80.              echo "</form>";
    81. 

  81.          }
    82. 

  82.      }
    83. 

  83.  }
    84. 

  84.  
    85. 

  85.  // End the page
    86. 

  86.  echo "<div id='clear_both' style='clear:both;'></div></div>";
    87. 

  87.  require("template/footer.html");
    88. 

  88. ?>
    89. 

  89.