'RemindMail', 'secret' => 'secretAnswerInput', 'secret2' => 'secretAnswer2', 'setpassword' =>'setPassword', 'setpassword2' =>'setPassword2' ); // Any subaction? If none, fall through to the main template, which will ask for one. if (isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']])) $subActions[$_REQUEST['sa']](); } // Email a reminder. function RemindMail() { global $db_prefix, $context, $txt, $scripturl, $sourcedir, $user_info, $webmaster_email; checkSession(); // You must enter a username/email address. if (!isset($_POST['user']) || $_POST['user'] == '') fatal_lang_error(40, false); // Find the user! $request = db_query(" SELECT ID_MEMBER, realName, memberName, emailAddress, is_activated, validation_code FROM {$db_prefix}members WHERE memberName = '$_POST[user]' LIMIT 1", __FILE__, __LINE__); if (mysql_num_rows($request) == 0) { mysql_free_result($request); $request = db_query(" SELECT ID_MEMBER, realName, memberName, emailAddress, is_activated, validation_code FROM {$db_prefix}members WHERE emailAddress = '$_POST[user]' LIMIT 1", __FILE__, __LINE__); if (mysql_num_rows($request) == 0) fatal_lang_error(40, false); } $row = mysql_fetch_assoc($request); mysql_free_result($request); // If the user isn't activated/approved, give them some feedback on what to do next. if ($row['is_activated'] != 1) { // Awaiting approval... if (trim($row['validation_code']) == '') fatal_error($txt['registration_not_approved'] . ' ' . $txt[662] . '.', false); else fatal_error($txt['registration_not_activated'] . ' ' . $txt[662] . '.', false); } // You can't get emailed if you have no email address. $row['emailAddress'] = trim($row['emailAddress']); if ($row['emailAddress'] == '') fatal_error('' . $txt[394] . '
' . $txt[395] . ' webmaster ' . $txt[396] . '.'); // Randomly generate a new password, with only alpha numeric characters that is a max length of 10 chars. require_once($sourcedir . '/Subs-Members.php'); $password = generateValidationCode(); // Set the password in the database. updateMemberData($row['ID_MEMBER'], array('validation_code' => "'" . substr(md5($password), 0, 10) . "'")); require_once($sourcedir . '/Subs-Post.php'); sendmail($row['emailAddress'], $txt['reminder_subject'], sprintf($txt['sendtopic_dear'], $row['realName']) . "\n\n" . "$txt[reminder_mail]:\n\n" . "$scripturl?action=reminder;sa=setpassword;u=$row[ID_MEMBER];code=$password\n\n" . "$txt[512]: $user_info[ip]\n\n" . "$txt[35]: $row[memberName]\n\n" . $txt[130]); // Set up the template. $context += array( 'page_title' => &$txt[194], 'sub_template' => 'sent', 'description' => &$txt['reminder_sent'] ); } // Set your new password function setPassword() { global $txt, $context; // You need a code! if (!isset($_REQUEST['code'])) fatal_lang_error(1); // Fill the context array. $context += array( 'page_title' => &$txt['reminder_set_password'], 'sub_template' => 'set_password', 'code' => $_REQUEST['code'], 'memID' => (int) $_REQUEST['u'] ); } function setPassword2() { global $db_prefix, $context, $txt, $modSettings, $sourcedir; if (empty($_POST['u']) || !isset($_POST['passwrd1']) || !isset($_POST['passwrd2'])) fatal_lang_error(1, false); $_POST['u'] = (int) $_POST['u']; if ($_POST['passwrd1'] != $_POST['passwrd2']) fatal_lang_error(213, false); if ($_POST['passwrd1'] == '') fatal_lang_error(91, false); loadLanguage('Login'); // Get the code as it should be from the database. $request = db_query(" SELECT validation_code, memberName, emailAddress FROM {$db_prefix}members WHERE ID_MEMBER = $_POST[u] AND is_activated = 1 AND validation_code != '' LIMIT 1", __FILE__, __LINE__); // Does this user exist at all? if (mysql_num_rows($request) == 0) fatal_lang_error('invalid_userid', false); list ($realCode, $username, $email) = mysql_fetch_row($request); mysql_free_result($request); // Is the password actually valid? require_once($sourcedir . '/Subs-Auth.php'); $passwordError = validatePassword($_POST['passwrd1'], $username, array($email)); // What - it's not? if ($passwordError != null) fatal_lang_error('profile_error_password_' . $passwordError, false); // Quit if this code is not right. if (empty($_POST['code']) || substr($realCode, 0, 10) != substr(md5($_POST['code']), 0, 10)) fatal_error($txt['invalid_activation_code'], false); // User validated. Update the database! updateMemberData($_POST['u'], array('validation_code' => '\'\'', 'passwd' => '\'' . sha1(strtolower($username) . $_POST['passwrd1']) . '\'')); if (isset($modSettings['integrate_reset_pass']) && function_exists($modSettings['integrate_reset_pass'])) call_user_func($modSettings['integrate_reset_pass'], $username, $username, $_POST['passwrd1']); loadTemplate('Login'); $context += array( 'page_title' => &$txt['reminder_password_set'], 'sub_template' => 'login', 'default_username' => $username, 'default_password' => $_POST['passwrd1'], 'never_expire' => false, 'description' => &$txt['reminder_password_set'] ); } // Get the secret answer. function secretAnswerInput() { global $txt, $db_prefix, $context; checkSession(); // Please provide an email or user.... if (!isset($_POST['user']) || $_POST['user'] == '') fatal_lang_error(40, false); // Get the stuff.... $request = db_query(" SELECT realName, memberName, secretQuestion FROM {$db_prefix}members WHERE memberName = '$_POST[user]' LIMIT 1", __FILE__, __LINE__); if (mysql_num_rows($request) == 0) { mysql_free_result($request); $request = db_query(" SELECT realName, memberName, secretQuestion FROM {$db_prefix}members WHERE emailAddress = '$_POST[user]' LIMIT 1", __FILE__, __LINE__); if (mysql_num_rows($request) == 0) fatal_lang_error(40, false); } $row = mysql_fetch_assoc($request); mysql_free_result($request); // If there is NO secret question - then throw an error. if (trim($row['secretQuestion']) == '') fatal_lang_error('registration_no_secret_question', false); // Ask for the answer... $context['remind_user'] = $row['memberName']; $context['remind_type'] = ''; $context['secret_question'] = $row['secretQuestion']; $context['sub_template'] = 'ask'; } function secretAnswer2() { global $txt, $db_prefix, $context, $modSettings; checkSession(); // Hacker? How did you get this far without an email or username? if (!isset($_POST['user']) || $_POST['user'] == '') fatal_lang_error(40, false); loadLanguage('Login'); // Get the information from the database. $request = db_query(" SELECT ID_MEMBER, realName, memberName, secretAnswer, secretQuestion FROM {$db_prefix}members WHERE memberName = '$_POST[user]' LIMIT 1", __FILE__, __LINE__); if (mysql_num_rows($request) == 0) { mysql_free_result($request); $request = db_query(" SELECT ID_MEMBER, realName, memberName, secretAnswer, secretQuestion FROM {$db_prefix}members WHERE emailAddress = '$_POST[user]' LIMIT 1", __FILE__, __LINE__); if (mysql_num_rows($request) == 0) fatal_lang_error(40, false); } $row = mysql_fetch_assoc($request); mysql_free_result($request); // Check if the secret answer is correct. if ($row['secretQuestion'] == '' || $row['secretAnswer'] == '' || md5(stripslashes($_POST['secretAnswer'])) != $row['secretAnswer']) { log_error(sprintf($txt['reminder_error'], $row['memberName'])); fatal_lang_error('pswd7', false); } // You can't use a blank one! if (strlen(trim($_POST['passwrd1'])) === 0) fatal_lang_error(38, false); // They have to be the same too. if ($_POST['passwrd1'] != $_POST['passwrd2']) fatal_lang_error(213, false); // Alright, so long as 'yer sure. updateMemberData($row['ID_MEMBER'], array('passwd' => '\'' . sha1(strtolower($row['memberName']) . $_POST['passwrd1']) . '\'')); if (isset($modSettings['integrate_reset_pass']) && function_exists($modSettings['integrate_reset_pass'])) call_user_func($modSettings['integrate_reset_pass'], $row['memberName'], $row['memberName'], $_POST['passwrd1']); // Tell them it went fine. loadTemplate('Login'); $context += array( 'page_title' => &$txt['reminder_password_set'], 'sub_template' => 'login', 'default_username' => $row['memberName'], 'default_password' => $_POST['passwrd1'], 'never_expire' => false, 'description' => &$txt['reminder_password_set'] ); } ?>