e107 0.7.8 : /fpw.php source

[Sommaire] [Imprimer]
   1  <?php
   2  /*
   3  + ----------------------------------------------------------------------------+
   4  |     e107 website system
   5  |
   6  |     ©Steve Dunstan 2001-2002
   7  |     http://e107.org
   8  |     jalist@e107.org
   9  |
  10  |     Released under the terms and conditions of the
  11  |     GNU General Public License (http://gnu.org).
  12  |
  13  |     $Source: /cvsroot/e107/e107_0.7/fpw.php,v $
  14  |     $Revision: 1.22 $
  15  |     $Date: 2007/01/18 00:49:58 $
  16  |     $Author: mrpete $
  17  +----------------------------------------------------------------------------+
  18  */
  19  require_once ("class2.php");
  20  
  21  if(USER){
  22      header("location:".e_BASE."index.php");
  23      exit;
  24  }
  25  
  26  if($pref['fpwcode'] && extension_loaded("gd")){
  27      define("USE_IMAGECODE",TRUE);
  28  }else{
  29      define("USE_IMAGECODE",FALSE);
  30  }
  31  
  32  
  33  if (USE_IMAGECODE) {
  34      require_once(e_HANDLER."secure_img_handler.php");
  35      $sec_img = new secure_image;
  36  }
  37  
  38  
  39  
  40  if ($pref['membersonly_enabled']) {
  41      if (!$FPW_TABLE_HEADER) {
  42          if (file_exists(THEME."fpw_template.php")) {
  43              require_once(THEME."fpw_template.php");
  44          } else {
  45              require_once(e_BASE.$THEMES_DIRECTORY."templates/fpw_template.php");
  46          }
  47      }
  48      $HEADER = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE_HEADER);
  49      $FOOTER = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE_FOOTER);
  50  }
  51  
  52  require_once(HEADERF);
  53  
  54  function fpw_error($txt) {
  55      global $ns;
  56      $ns->tablerender(LAN_03, "<div style='text-align:center'>".$txt."</div>");
  57      require_once(FOOTERF);
  58      exit;
  59  }
  60  
  61  //the seperator character used
  62  $fpw_sep = "#";
  63  
  64  if (e_QUERY) {
  65      define("FPW_ACTIVE","TRUE");
  66      $tmp = explode($fpw_sep, e_QUERY);
  67      $tmpinfo = preg_replace("#[\W_]#", "", $tp -> toDB($tmp[0], true));
  68      if ($sql->db_Select("tmp", "*", "tmp_info LIKE '%{$fpw_sep}{$tmpinfo}' ")) {
  69          $row = $sql->db_Fetch();
  70          extract($row);
  71          $sql->db_Delete("tmp", "tmp_info LIKE '%{$fpw_sep}{$tmpinfo}' ");
  72          $newpw = "";
  73          $pwlen = rand(8, 12);
  74          for($a = 0; $a <= $pwlen; $a++) {
  75              $newpw .= chr(rand(97, 122));
  76          }
  77          $mdnewpw = md5($newpw);
  78  
  79          list($username, $md5) = explode($fpw_sep, $tmp_info);
  80          $sql->db_Update("user", "user_password='$mdnewpw', user_viewed='' WHERE user_name='".$tp -> toDB($username, true)."' ");
  81          cookie($pref['cookie_name'], "", (time()-2592000));
  82          $_SESSION[$pref['cookie_name']] = "";
  83  
  84          $txt = LAN_FPW8." {$username} ".LAN_FPW9." {$newpw}<br /><br />".LAN_FPW10." <a href='".e_BASE."login.php'>".LAN_FPW11."</a> ".LAN_FPW12;
  85          fpw_error($txt);
  86  
  87      } else {
  88          fpw_error(LAN_FPW7);
  89      }
  90  }
  91  
  92  if (isset($_POST['pwsubmit'])) {
  93      require_once(e_HANDLER."mail.php");
  94      $email = $_POST['email'];
  95  
  96      if ($pref['fpwcode'] && extension_loaded("gd")) {
  97          if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) {
  98              fpw_error(LAN_FPW3);
  99          }
 100      }
 101  
 102      $clean_email = check_email($tp -> toDB($_POST['email']));
 103      $clean_username = $tp -> toDB($_POST['username']);
 104      $query = "user_email='{$clean_email}' ";
 105      // Allow admins to remove 'username' from fpw_template.php if they wish.
 106      $query .= (isset($_POST['username'])) ? " AND user_loginname='{$clean_username}'" : "";
 107  
 108      if ($sql->db_Select("user", "*", $query)) {
 109          $row = $sql->db_Fetch();
 110           extract($row);
 111  
 112          if ($user_admin == 1 && $user_perms == "0") {
 113              sendemail($pref['siteadminemail'], LAN_06, LAN_07."".$e107->getip()." ".LAN_08);
 114              echo "<script type='text/javascript'>document.location.href='index.php'</script>\n";
 115              die();
 116          }
 117  
 118          if ($sql->db_Select("tmp", "*", "tmp_ip = 'pwreset' AND tmp_info LIKE '{$user_name}{$fpw_sep}%'")) {
 119              fpw_error(LAN_FPW4);
 120              exit;
 121          }
 122  
 123          mt_srand ((double)microtime() * 1000000);
 124          $maxran = 1000000;
 125          $rand_num = mt_rand(0, $maxran);
 126          $datekey = date("r");
 127          $rcode = md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey);
 128  
 129          $link = SITEURL."fpw.php?{$rcode}";
 130          $message = LAN_FPW5." ".SITENAME." ".LAN_FPW14." : ".$e107->getip().".\n\n".LAN_FPW15."\n\n".LAN_FPW16."\n\n".LAN_FPW17."\n\n{$link}";
 131          //  $message = LAN_FPW5."\n\n{$link}";
 132  
 133          $deltime = time()+86400 * 2;
 134          //Set timestamp two days ahead so it doesn't get auto-deleted
 135          $sql->db_Insert("tmp", "'pwreset',{$deltime},'{$user_name}{$fpw_sep}{$rcode}'");
 136  
 137          if (sendemail($_POST['email'], "".LAN_09."".SITENAME, $message)) {
 138              $text = "<div style='text-align:center'>".LAN_FPW6."</div>";
 139          } else {
 140              $text = "<div style='text-align:center'>".LAN_02."</div>";
 141          }
 142  
 143          $ns->tablerender(LAN_03, $text);
 144          require_once(FOOTERF);
 145          exit;
 146      } else {
 147          $text = LAN_213;
 148          $ns->tablerender(LAN_214, "<div style='text-align:center'>".$text."</div>");
 149      }
 150  }
 151  
 152  
 153  if (USE_IMAGECODE) {
 154  
 155      $FPW_TABLE_SECIMG_LAN = LAN_FPW2;
 156      $FPW_TABLE_SECIMG_HIDDEN = "<input type='hidden' name='rand_num' value='".$sec_img->random_number."' />";
 157      $FPW_TABLE_SECIMG_SECIMG = $sec_img->r_image();
 158      $FPW_TABLE_SECIMG_TEXTBOC = "<input class='tbox' type='text' name='code_verify' size='15' maxlength='20' />";
 159  }
 160  
 161  if (!$FPW_TABLE) {
 162      if (file_exists(THEME."fpw_template.php")) {
 163          require_once(THEME."fpw_template.php");
 164      } else {
 165          require_once(e_BASE.$THEMES_DIRECTORY."templates/fpw_template.php");
 166      }
 167  }
 168  $text = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE);
 169  
 170  $ns->tablerender(LAN_03, $text);
 171  require_once(FOOTERF);
 172  
 173  ?>
Code source de e107 0.7.8

/ -> fpw.php (source)
