PageRenderTime 57ms CodeModel.GetById 13ms RepoModel.GetById 1ms app.codeStats 0ms

/htdocs/user/passwordforgotten.php

https://bitbucket.org/speedealing/speedealing
PHP | 230 lines | 159 code | 28 blank | 43 comment | 38 complexity | 4a0b62ff650bc1193ee562e592e9cec2 MD5 | raw file
Possible License(s): LGPL-3.0, LGPL-2.1, GPL-3.0, MIT 
    

  1. <?php
    2. 

  2. /* Copyright (C) 2007-2011	Laurent Destailleur	<eldy@users.sourceforge.net>
    3. 

  3.  * Copyright (C) 2008-2012	Regis Houssin		<regis.houssin@capnetworks.com>
    4. 

  4.  * Copyright (C) 2008-2011	Juanjo Menent		<jmenent@2byte.es>
    5. 

  5.  *
    6. 

  6.  * This program is free software; you can redistribute it and/or modify
    7. 

  7.  * it under the terms of the GNU General Public License as published by
    8. 

  8.  * the Free Software Foundation; either version 3 of the License, or
    9. 

  9.  * (at your option) any later version.
    10. 

  10.  *
    11. 

  11.  * This program is distributed in the hope that it will be useful,
    12. 

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14.  * GNU General Public License for more details.
    15. 

  15.  *
    16. 

  16.  * You should have received a copy of the GNU General Public License
    17. 

  17.  * along with this program. If not, see <http://www.gnu.org/licenses/>.
    18. 

  18.  */
    19. 

  19. 

  20. /**
    21. 

  21.  *       \file       htdocs/user/passwordforgotten.php
    22. 

  22.  *       \brief      Page to ask a new password
    23. 

  23.  */
    24. 

  24. 

  25. define("NOLOGIN",1);	// This means this output page does not require to be logged.
    26. 

  26. 

  27. require '../main.inc.php';
    28. 

  28. require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
    29. 

  29. require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php';
    30. 

  30. if (! empty($conf->ldap->enabled))
    31. 

  31. 	require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php';
    32. 

  32. 

  33. $langs->load("errors");
    34. 

  34. $langs->load("users");
    35. 

  35. $langs->load("companies");
    36. 

  36. $langs->load("ldap");
    37. 

  37. $langs->load("other");
    38. 

  38. 

  39. // Security check
    40. 

  40. if (! empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK))
    41. 

  41. {
    42. 

  42.     header("Location: ".DOL_URL_ROOT.'/');
    43. 

  43.     exit;
    44. 

  44. }
    45. 

  45. 

  46. $action=GETPOST('action', 'alpha');
    47. 

  47. $mode=$dolibarr_main_authentication;
    48. 

  48. if (! $mode) $mode='http';
    49. 

  49. 

  50. $username 		= GETPOST('username');
    51. 

  51. $passwordmd5	= GETPOST('passwordmd5');
    52. 

  52. $conf->entity 	= (GETPOST('entity') ? GETPOST('entity') : 1);
    53. 

  53. 

  54. // Instantiate hooks of thirdparty module only if not already define
    55. 

  55. $hookmanager->initHooks(array('passwordforgottenpage'));
    56. 

  56. 

  57. 

  58. /**
    59. 

  59.  * Actions
    60. 

  60.  */
    61. 

  61. 

  62. // Validate new password
    63. 

  63. if ($action == 'validatenewpassword' && $username && $passwordmd5)
    64. 

  64. {
    65. 

  65.     $edituser = new User($db);
    66. 

  66.     $result=$edituser->fetch('',$_GET["username"]);
    67. 

  67.     if ($result < 0)
    68. 

  68.     {
    69. 

  69.         $message = '<div class="error">'.$langs->trans("ErrorLoginDoesNotExists",$username).'</div>';
    70. 

  70.     }
    71. 

  71.     else
    72. 

  72.     {
    73. 

  73.         if (dol_hash($edituser->pass_temp) == $passwordmd5)
    74. 

  74.         {
    75. 

  75.             $newpassword=$edituser->setPassword($user,$edituser->pass_temp,0);
    76. 

  76.             dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
    77. 

  77.             header("Location: ".DOL_URL_ROOT.'/');
    78. 

  78.             exit;
    79. 

  79.         }
    80. 

  80.         else
    81. 

  81.         {
    82. 

  82.             $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePassword").'</div>';
    83. 

  83.         }
    84. 

  84.     }
    85. 

  85. }
    86. 

  86. // Action modif mot de passe
    87. 

  87. if ($action == 'buildnewpassword' && $username)
    88. 

  88. {
    89. 

  89.     $sessionkey = 'dol_antispam_value';
    90. 

  90.     $ok=(array_key_exists($sessionkey, $_SESSION) === TRUE && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code'])));
    91. 

  91. 

  92.     // Verify code
    93. 

  93.     if (! $ok)
    94. 

  94.     {
    95. 

  95.         $message = '<div class="error">'.$langs->trans("ErrorBadValueForCode").'</div>';
    96. 

  96.     }
    97. 

  97.     else
    98. 

  98.     {
    99. 

  99.         $edituser = new User($db);
    100. 

  100.         $result=$edituser->fetch('',$username,'',1);
    101. 

  101.         if ($result <= 0 && $edituser->error == 'USERNOTFOUND')
    102. 

  102.         {
    103. 

  103.             $message = '<div class="error">'.$langs->trans("ErrorLoginDoesNotExists",$username).'</div>';
    104. 

  104.             $username='';
    105. 

  105.         }
    106. 

  106.         else
    107. 

  107.         {
    108. 

  108.             if (! $edituser->email)
    109. 

  109.             {
    110. 

  110.                 $message = '<div class="error">'.$langs->trans("ErrorLoginHasNoEmail").'</div>';
    111. 

  111.             }
    112. 

  112.             else
    113. 

  113.             {
    114. 

  114.                 $newpassword=$edituser->setPassword($user,'',1);
    115. 

  115.                 if ($newpassword < 0)
    116. 

  116.                 {
    117. 

  117.                     // Failed
    118. 

  118.                     $message = '<div class="error">'.$langs->trans("ErrorFailedToChangePassword").'</div>';
    119. 

  119.                 }
    120. 

  120.                 else
    121. 

  121.                 {
    122. 

  122.                     // Success
    123. 

  123.                     if ($edituser->send_password($user,$newpassword,1) > 0)
    124. 

  124.                     {
    125. 

  125.                         $message = '<div class="ok">'.$langs->trans("PasswordChangeRequestSent",$edituser->login,$edituser->email).'</div>';
    126. 

  126.                         //$message.=$newpassword;
    127. 

  127.                         $username='';
    128. 

  128.                     }
    129. 

  129.                     else
    130. 

  130.                     {
    131. 

  131.                         //$message = '<div class="ok">'.$langs->trans("PasswordChangedTo",$newpassword).'</div>';
    132. 

  132.                         $message.= '<div class="error">'.$edituser->error.'</div>';
    133. 

  133.                     }
    134. 

  134.                 }
    135. 

  135.             }
    136. 

  136.         }
    137. 

  137.     }
    138. 

  138. }
    139. 

  139. 

  140. 

  141. /**
    142. 

  142.  * View
    143. 

  143.  */
    144. 

  144. 

  145. $php_self = $_SERVER['PHP_SELF'];
    146. 

  146. $php_self.= $_SERVER["QUERY_STRING"]?'?'.$_SERVER["QUERY_STRING"]:'';
    147. 

  147. 

  148. $dol_url_root = DOL_URL_ROOT;
    149. 

  149. 

  150. // Title
    151. 

  151. $title='Dolibarr '.DOL_VERSION;
    152. 

  152. if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $title=$conf->global->MAIN_APPLICATION_TITLE;
    153. 

  153. 

  154. // Select templates
    155. 

  155. if (preg_match('/^smartphone/',$conf->smart_menu) && ! empty($conf->browser->phone))
    156. 

  156. {
    157. 

  157.     $template_dir = DOL_DOCUMENT_ROOT.'/theme/phones/smartphone/tpl/';
    158. 

  158. }
    159. 

  159. else
    160. 

  160. {
    161. 

  161.     if (file_exists(DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/tpl/passwordforgotten.tpl.php"))
    162. 

  162.     {
    163. 

  163.         $template_dir = DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/tpl/";
    164. 

  164.     }
    165. 

  165.     else
    166. 

  166.     {
    167. 

  167.         $template_dir = DOL_DOCUMENT_ROOT."/core/tpl/";
    168. 

  168.     }
    169. 

  169. }
    170. 

  170. 

  171. $conf->css  = "/theme/".$conf->theme."/style.css.php?lang=".$langs->defaultlang;
    172. 

  172. $conf_css = DOL_URL_ROOT.$conf->css;
    173. 

  173. 

  174. $jquerytheme = 'smoothness';
    175. 

  175. if (! empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME;
    176. 

  176. 

  177. if (file_exists(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/login_background.png'))
    178. 

  178. {
    179. 

  179.     $login_background = DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/login_background.png';
    180. 

  180. }
    181. 

  181. else
    182. 

  182. {
    183. 

  183.     $login_background = DOL_URL_ROOT.'/theme/login_background.png';
    184. 

  184. }
    185. 

  185. 

  186. if (! $username) $focus_element = 'username';
    187. 

  187. else $focus_element = 'password';
    188. 

  188. 

  189. // Send password button enabled ?
    190. 

  190. $disabled='disabled';
    191. 

  191. if (preg_match('/dolibarr/i',$mode)) $disabled='';
    192. 

  192. if (! empty($conf->global->MAIN_SECURITY_ENABLE_SENDPASSWORD)) $disabled='';	 // To force button enabled
    193. 

  193. 

  194. // Show logo (search in order: small company logo, large company logo, theme logo, common logo)
    195. 

  195. $width=0;
    196. 

  196. $rowspan=2;
    197. 

  197. $urllogo=DOL_URL_ROOT.'/theme/login_logo.png';
    198. 

  198. if (! empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_small))
    199. 

  199. {
    200. 

  200. 	$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=companylogo&amp;file='.urlencode('thumbs/'.$mysoc->logo_small);
    201. 

  201. }
    202. 

  202. elseif (! empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo))
    203. 

  203. {
    204. 

  204. 	$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=companylogo&amp;file='.urlencode($mysoc->logo);
    205. 

  205. 	$width=128;
    206. 

  206. }
    207. 

  207. elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.png'))
    208. 

  208. {
    209. 

  209. 	$urllogo=DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.png';
    210. 

  210. }
    211. 

  211. elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/dolibarr_logo.png'))
    212. 

  212. {
    213. 

  213. 	$urllogo=DOL_URL_ROOT.'/theme/dolibarr_logo.png';
    214. 

  214. }
    215. 

  215. 

  216. // Security graphical code
    217. 

  217. if (function_exists("imagecreatefrompng") && ! $disabled)
    218. 

  218. {
    219. 

  219. 	$captcha = 1;
    220. 

  220. 	$captcha_refresh = img_picto($langs->trans("Refresh"),'refresh','id="captcha_refresh_img"');
    221. 

  221. }
    222. 

  222. 

  223. // Execute hook getPasswordForgottenPageOptions
    224. 

  224. // Should be an array with differents options in $hookmanager->resArray
    225. 

  225. $parameters=array('entity' => GETPOST('entity','int'));
    226. 

  226. $hookmanager->executeHooks('getPasswordForgottenPageOptions',$parameters);    // Note that $action and $object may have been modified by some hooks
    227. 

  227. 

  228. include $template_dir.'passwordforgotten.tpl.php';	// To use native PHP
    229. 

  229. 

  230. ?>
    231.