PageRenderTime 415ms CodeModel.GetById 141ms app.highlight 143ms RepoModel.GetById 120ms app.codeStats 0ms

/htdocs/user/passwordforgotten.php

https://bitbucket.org/speedealing/speedealing
PHP | 230 lines | 159 code | 28 blank | 43 comment | 38 complexity | 4a0b62ff650bc1193ee562e592e9cec2 MD5 | raw file
  1<?php
  2/* Copyright (C) 2007-2011	Laurent Destailleur	<eldy@users.sourceforge.net>
  3 * Copyright (C) 2008-2012	Regis Houssin		<regis.houssin@capnetworks.com>
  4 * Copyright (C) 2008-2011	Juanjo Menent		<jmenent@2byte.es>
  5 *
  6 * This program is free software; you can redistribute it and/or modify
  7 * it under the terms of the GNU General Public License as published by
  8 * the Free Software Foundation; either version 3 of the License, or
  9 * (at your option) any later version.
 10 *
 11 * This program is distributed in the hope that it will be useful,
 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 * GNU General Public License for more details.
 15 *
 16 * You should have received a copy of the GNU General Public License
 17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 18 */
 19
 20/**
 21 *       \file       htdocs/user/passwordforgotten.php
 22 *       \brief      Page to ask a new password
 23 */
 24
 25define("NOLOGIN",1);	// This means this output page does not require to be logged.
 26
 27require '../main.inc.php';
 28require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
 29require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php';
 30if (! empty($conf->ldap->enabled))
 31	require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php';
 32
 33$langs->load("errors");
 34$langs->load("users");
 35$langs->load("companies");
 36$langs->load("ldap");
 37$langs->load("other");
 38
 39// Security check
 40if (! empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK))
 41{
 42    header("Location: ".DOL_URL_ROOT.'/');
 43    exit;
 44}
 45
 46$action=GETPOST('action', 'alpha');
 47$mode=$dolibarr_main_authentication;
 48if (! $mode) $mode='http';
 49
 50$username 		= GETPOST('username');
 51$passwordmd5	= GETPOST('passwordmd5');
 52$conf->entity 	= (GETPOST('entity') ? GETPOST('entity') : 1);
 53
 54// Instantiate hooks of thirdparty module only if not already define
 55$hookmanager->initHooks(array('passwordforgottenpage'));
 56
 57
 58/**
 59 * Actions
 60 */
 61
 62// Validate new password
 63if ($action == 'validatenewpassword' && $username && $passwordmd5)
 64{
 65    $edituser = new User($db);
 66    $result=$edituser->fetch('',$_GET["username"]);
 67    if ($result < 0)
 68    {
 69        $message = '<div class="error">'.$langs->trans("ErrorLoginDoesNotExists",$username).'</div>';
 70    }
 71    else
 72    {
 73        if (dol_hash($edituser->pass_temp) == $passwordmd5)
 74        {
 75            $newpassword=$edituser->setPassword($user,$edituser->pass_temp,0);
 76            dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
 77            header("Location: ".DOL_URL_ROOT.'/');
 78            exit;
 79        }
 80        else
 81        {
 82            $message = '<div class="error">'.$langs->trans("ErrorFailedToValidatePassword").'</div>';
 83        }
 84    }
 85}
 86// Action modif mot de passe
 87if ($action == 'buildnewpassword' && $username)
 88{
 89    $sessionkey = 'dol_antispam_value';
 90    $ok=(array_key_exists($sessionkey, $_SESSION) === TRUE && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code'])));
 91
 92    // Verify code
 93    if (! $ok)
 94    {
 95        $message = '<div class="error">'.$langs->trans("ErrorBadValueForCode").'</div>';
 96    }
 97    else
 98    {
 99        $edituser = new User($db);
100        $result=$edituser->fetch('',$username,'',1);
101        if ($result <= 0 && $edituser->error == 'USERNOTFOUND')
102        {
103            $message = '<div class="error">'.$langs->trans("ErrorLoginDoesNotExists",$username).'</div>';
104            $username='';
105        }
106        else
107        {
108            if (! $edituser->email)
109            {
110                $message = '<div class="error">'.$langs->trans("ErrorLoginHasNoEmail").'</div>';
111            }
112            else
113            {
114                $newpassword=$edituser->setPassword($user,'',1);
115                if ($newpassword < 0)
116                {
117                    // Failed
118                    $message = '<div class="error">'.$langs->trans("ErrorFailedToChangePassword").'</div>';
119                }
120                else
121                {
122                    // Success
123                    if ($edituser->send_password($user,$newpassword,1) > 0)
124                    {
125                        $message = '<div class="ok">'.$langs->trans("PasswordChangeRequestSent",$edituser->login,$edituser->email).'</div>';
126                        //$message.=$newpassword;
127                        $username='';
128                    }
129                    else
130                    {
131                        //$message = '<div class="ok">'.$langs->trans("PasswordChangedTo",$newpassword).'</div>';
132                        $message.= '<div class="error">'.$edituser->error.'</div>';
133                    }
134                }
135            }
136        }
137    }
138}
139
140
141/**
142 * View
143 */
144
145$php_self = $_SERVER['PHP_SELF'];
146$php_self.= $_SERVER["QUERY_STRING"]?'?'.$_SERVER["QUERY_STRING"]:'';
147
148$dol_url_root = DOL_URL_ROOT;
149
150// Title
151$title='Dolibarr '.DOL_VERSION;
152if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $title=$conf->global->MAIN_APPLICATION_TITLE;
153
154// Select templates
155if (preg_match('/^smartphone/',$conf->smart_menu) && ! empty($conf->browser->phone))
156{
157    $template_dir = DOL_DOCUMENT_ROOT.'/theme/phones/smartphone/tpl/';
158}
159else
160{
161    if (file_exists(DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/tpl/passwordforgotten.tpl.php"))
162    {
163        $template_dir = DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/tpl/";
164    }
165    else
166    {
167        $template_dir = DOL_DOCUMENT_ROOT."/core/tpl/";
168    }
169}
170
171$conf->css  = "/theme/".$conf->theme."/style.css.php?lang=".$langs->defaultlang;
172$conf_css = DOL_URL_ROOT.$conf->css;
173
174$jquerytheme = 'smoothness';
175if (! empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME;
176
177if (file_exists(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/login_background.png'))
178{
179    $login_background = DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/login_background.png';
180}
181else
182{
183    $login_background = DOL_URL_ROOT.'/theme/login_background.png';
184}
185
186if (! $username) $focus_element = 'username';
187else $focus_element = 'password';
188
189// Send password button enabled ?
190$disabled='disabled';
191if (preg_match('/dolibarr/i',$mode)) $disabled='';
192if (! empty($conf->global->MAIN_SECURITY_ENABLE_SENDPASSWORD)) $disabled='';	 // To force button enabled
193
194// Show logo (search in order: small company logo, large company logo, theme logo, common logo)
195$width=0;
196$rowspan=2;
197$urllogo=DOL_URL_ROOT.'/theme/login_logo.png';
198if (! empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_small))
199{
200	$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=companylogo&amp;file='.urlencode('thumbs/'.$mysoc->logo_small);
201}
202elseif (! empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo))
203{
204	$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=companylogo&amp;file='.urlencode($mysoc->logo);
205	$width=128;
206}
207elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.png'))
208{
209	$urllogo=DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/dolibarr_logo.png';
210}
211elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/dolibarr_logo.png'))
212{
213	$urllogo=DOL_URL_ROOT.'/theme/dolibarr_logo.png';
214}
215
216// Security graphical code
217if (function_exists("imagecreatefrompng") && ! $disabled)
218{
219	$captcha = 1;
220	$captcha_refresh = img_picto($langs->trans("Refresh"),'refresh','id="captcha_refresh_img"');
221}
222
223// Execute hook getPasswordForgottenPageOptions
224// Should be an array with differents options in $hookmanager->resArray
225$parameters=array('entity' => GETPOST('entity','int'));
226$hookmanager->executeHooks('getPasswordForgottenPageOptions',$parameters);    // Note that $action and $object may have been modified by some hooks
227
228include $template_dir.'passwordforgotten.tpl.php';	// To use native PHP
229
230?>