[Sommaire] [Imprimer]

   1  <?php
   2  # Mantis - a php based bugtracking system
   3  
   4  # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
   5  # Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
   6  
   7  # Mantis is free software: you can redistribute it and/or modify
   8  # it under the terms of the GNU General Public License as published by
   9  # the Free Software Foundation, either version 2 of the License, or
  10  # (at your option) any later version.
  11  #
  12  # Mantis is distributed in the hope that it will be useful,
  13  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  # GNU General Public License for more details.
  16  #
  17  # You should have received a copy of the GNU General Public License
  18  # along with Mantis.  If not, see <http://www.gnu.org/licenses/>.
  19  
  20      # --------------------------------------------------------
  21      # $Id: verify.php,v 1.7.2.1 2007-10-13 22:34:47 giallu Exp $
  22      # --------------------------------------------------------
  23  
  24      # ======================================================================
  25      # Author: Marcello Scata' <marcelloscata at users.sourceforge.net> ITALY
  26      # ======================================================================
  27  
  28      require_once ( 'core.php' );
  29  
  30      # lost password feature disabled or reset password via email disabled -> stop here!
  31      if( OFF == config_get( 'lost_password_feature' ) ||
  32          OFF == config_get( 'send_reset_password' ) ||
  33          OFF == config_get( 'enable_email_notification' ) ) {
  34          trigger_error( ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR );
  35      }
  36  
  37      $f_user_id = gpc_get_string('id');
  38      $f_confirm_hash = gpc_get_string('confirm_hash');
  39  
  40      # force logout on the current user if already authenticated
  41      if( auth_is_user_authenticated() ) {
  42          auth_logout();
  43      }
  44  
  45      $t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id );
  46  
  47      if ( $f_confirm_hash != $t_calculated_confirm_hash ) {
  48          trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR );
  49      }
  50  
  51      # set a temporary cookie so the login information is passed between pages.
  52      auth_logout();
  53      auth_set_cookies( $f_user_id, false );
  54  
  55      user_reset_failed_login_count_to_zero( $f_user_id );
  56      user_reset_lost_password_in_progress_count_to_zero( $f_user_id );
  57  
  58      # fake login so the user can set their password
  59      auth_attempt_script_login( user_get_field( $f_user_id, 'username' ) );
  60  
  61      user_increment_failed_login_count( $f_user_id );
  62  
  63      include ( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'account_page.php' );
  64  ?>