Added Send New Password functions + added check for current password when changing

git-svn-id: file:///svn/phpbb/trunk@1155 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 06:08:52 +00:00 · 2001-10-10 17:27:34 +00:00 · 2001-10-10 17:27:34 +00:00 · e5a8bda3ff
commit e5a8bda3ff
parent b408676555
7 changed files with 249 additions and 50 deletions
--- a/phpBB/language/email/admin_welcome_activated_english.tpl
+++ b/phpBB/language/email/admin_welcome_activated_english.tpl
@ -1,5 +1,5 @@
 Hello {USERNAME},
-Your account has now been activated, you may login using the username and password you received in a previous email.
+Your account on "{SITENAME}" has now been activated, you may login using the username and password you received in a previous email.
 {EMAIL_SIG}
--- a/phpBB/language/email/user_activate_passwd_english.tpl
+++ b/phpBB/language/email/user_activate_passwd_english.tpl
@ -0,0 +1,15 @@
 Hello {USERNAME}
 You are receiving this email because you have (or someone pretending to be you has) requested a new password be sent for your account on {SITENAME}. If you did not request this email then please ignore it, if you keep receiving it please contact the board administrator.
 To use the new password you need to activate it. To do this click the link provided below.
 Activation: {U_ACTIVATE}
 If sucessful you will be able to login using the following password:
 Password: {PASSWORD}
 You can of course change this password yourself via the profile page. If you have any difficulties please contact the board administrator.
 {EMAIL_SIG}
--- a/phpBB/language/lang_english.php
+++ b/phpBB/language/lang_english.php
@ -450,6 +450,9 @@ $lang['Signature'] = "Signature";
 $lang['Signature_explain'] = "This is a block of text that can be added to posts you make. There is a 255 character limit";
 $lang['Public_view_email'] = "Always show my Email Address";
 $lang['Current_password'] = "Current password";
 $lang['New_password'] = "New password";
 $lang['Confirm_password'] = "Confirm password";
 $lang['password_if_changed'] = "You only need to supply a password if you want to change it";
 $lang['password_confirm_if_changed'] = "You only need to confirm your password if you changed it above";
@ -480,6 +483,7 @@ $lang['Profile_updated'] = "Your profile has been updated";
 $lang['to_return_index'] = "to return to the index";
 $lang['Password_mismatch'] = "The passwords you entered did not match";
 $lang['Current_password_mismatch'] = "The current password you supplied does not match that stored in the database";
 $lang['Invalid_username'] = "The username you requested has been taken or disallowed";
 $lang['Signature_too_long'] = "Your signature is too long";
 $lang['Fields_empty'] = "You must fill in the required fields";
@ -501,6 +505,13 @@ $lang['Reactivate'] = "Reactivate your account!";
 $lang['COPPA'] = "Your account has been created but has to be approved, please check your email for details.";
 $lang['Welcome_COPPA'] = "Your account has been created, however in complance with the COPPA act you must print out this page and have you parent or guardian mail it to: <br />" . $lang['Mailing_address'] . "<br />Or fax it to: <br />" . $lang['Fax_info'] . "<br /> Once this information has been received your account will be activated by the administrator and you will receive an email notification.";
 $lang['Wrong_activation'] = "The activation key you supplied does not match any in the database";
 $lang['Send_password'] = "Send me a new password"; 
 $lang['Password_updated'] = "A new password has been created, please check your email for details on how to activate it";
 $lang['No_email_match'] = "The email address you supplied does not match the one listed for that username";
 $lang['New_password_activation'] = "New password activation";
 $lang['Password_activated'] = "Your account has been re-activated. To logon please use the password supplied in the email you received";
 //
 // Memberslist
 //
@ -994,39 +1005,4 @@ $lang['Download_config'] = "Download Config";
 // End
 // -------------------------------------------------
 // -------------------------------------------------
 // Old format ... _DON'T_add_any_ new entries here!!
 //
 // Sendpasswd
 $l_wrongactiv	= "The activation key you provided is not correct. Please check email $l_message you recived and make sure you have copied the activation key exactly.";
 $l_passchange	= "Your password has been successfully changed. You may now goto your <a href=\"bb_profile.$phpEx?mode=edit\">profile</a> and change your password to a more suitable one.";
 $l_wrongmail	= "The email address you entered does not match the one stored in our database.";
 $l_passsubj	= "$sitename Forums Password Change";
 $l_pwdmessage	= "Dear $checkinfo[username],
 You are receiving this email because you (or someone pretending to be you)
 has requested a passwordchange on $sitename forums. If you believe you have
 received this message in error simply delete it and your password will remain
 the same.
 Your new password as generated by the forums is: $newpw
 In order for this change to take effect you must visit this page:
   http://$SERVER_NAME$PHP_SELF?actkey=$key
 Once you have visited the page your password will be changed in our database,
 and you may login to the profile section and change it as desired.
 Thank you for using $sitename Forums
 ";
 $l_passsent	= "Your password has changed to a new, random, password. Please check your email on how to complete the password change procedure.";
 $l_emailpass	= "Email Lost Password";
 $l_passexplain	= "Please fill out the form, a new password will be sent to your Email address";
 $l_sendpass	= "Send Password";
 ?>
--- a/phpBB/login.php
+++ b/phpBB/login.php
@ -169,7 +169,7 @@ else
 			"L_SEND_PASSWORD" => $lang['Forgotten_password'],
-			"U_SEND_PASSWORD" => append_sid("sendpassword.$phpEx")
+			"U_SEND_PASSWORD" => append_sid("profile.$phpEx?mode=sendpassword")
 			)
 		);
--- a/phpBB/profile.php
+++ b/phpBB/profile.php
@ -92,7 +92,6 @@ function validate_email($email)
 	}
 }
 //
 // Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags()
 // to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail.
@ -165,9 +164,25 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca
 	return;
 }
 function generate_password()
 {
 	$chars = array( 
 		"a","A","b","B","c","C","d","D","e","E","f","F","g","G","h","H","i","I","j","J", "k","K","l","L","m","M","n","N","o","O","p","P","q","Q","r","R","s","S","t","T", "u","U","v","V","w","W","x","X","y","Y","z","Z","1","2","3","4","5","6","7","8", 
 		"9","0");
 	$max_chars = count($chars) - 1;
 	srand((double)microtime()*1000000);
 	for($i = 0; $i < 8; $i++)
 	{
 		$new_passwd = ($i == 0) ? $chars[rand(0, $max_chars)] : $new_passwd . $chars[rand(0, $max_chars)];
 	}
 	return($new_passwd);
 }
 //
 // End page specific functions
-//
+// ---------------------------
 //
@ -524,7 +539,32 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 				else
 				{
 					$password = md5($password);
-					$passwd_sql = "user_password = '$password', ";
+
 					if( $mode == "editprofile" )
 					{
 						$sql = "SELECT user_password 
 							FROM " . USERS_TABLE . " 
 							WHERE user_id = $user_id";
 						if($result = $db->sql_query($sql))
 						{
 							$row = $db->sql_fetchrow($result);
 							if( $row['user_password'] != $password )
 							{
 								$error = TRUE;
 								$error_msg = $lang['Current_password_mismatch'];
 							}
 						}
 						else
 						{
 							message_die(GENERAL_ERROR, "Couldn't obtain user_password information.", "", __LINE__, __FILE__, $sql);
 						}
 					}
 					if( !$error )
 					{
 						$passwd_sql = "user_password = '$password', ";
 					}
 				}
 			}
 			else if( ( $password && !$password_confirm ) || ( !$password && $password_confirm ) )
@ -538,7 +578,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 			//
 			if($email != $userdata['user_email'] || $mode == "register")
 			{
-				if(!validate_email($email))
+				if( !validate_email($email) )
 				{
 					$error = TRUE;
 					if(isset($error_msg))
@ -624,7 +664,6 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 				{
 					message_die(GENERAL_ERROR, "Couldn't obtained next user_id information.", "", __LINE__, __FILE__, $sql);
 				}
 			}
 			$avatar_sql = "";
@ -1231,6 +1270,11 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 		);
 		$template->assign_var_from_handle("JUMPBOX", "jumpbox");
 		if( $mode == "editprofile" )
 		{
 			$template->assign_block_vars("edit_profile", array());
 		}
 		$template->assign_vars(array(
 			"USERNAME" => $username,
 			"EMAIL" => $email,
@ -1270,6 +1314,9 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 			"BBCODE_STATUS" => $bbcode_status,
 			"SMILIES_STATUS" => $smilies_status,
 			"L_CURRENT_PASSWORD" => $lang['Current_password'], 
 			"L_NEW_PASSWORD" => ( $mode == "register" ) ? $lang['Password'] : $lang['New_password'], 
 			"L_CONFIRM_PASSWORD" => $lang['Confirm_password'],
 			"L_PASSWORD_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_if_changed'] : "",
 			"L_PASSWORD_CONFIRM_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_confirm_if_changed'] : "",
 			"L_SUBMIT" => $lang['Submit'],
@ -1318,7 +1365,6 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 			"L_REGISTRATION_INFO" => $lang['Registration_info'],
 			"L_PROFILE_INFO" => $lang['Profile_info'],
 			"L_PROFILE_INFO_NOTICE" => $lang['Profile_info_warn'],
 			"L_CONFIRM" => $lang['Confirm'],
 			"L_EMAIL_ADDRESS" => $lang['Email_address'],
 			"L_HTML_IS" => $lang['HTML'] . " " . $lang['is'],
@ -1360,21 +1406,138 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 		include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
 	}
 	else if($mode == "sendpassword")
 	{
 		if( isset($HTTP_POST_VARS['submit']) )
 		{
 			$username = (!empty($HTTP_POST_VARS['username'])) ? trim(strip_tags($HTTP_POST_VARS['username'])) : "";
 			$email = (!empty($HTTP_POST_VARS['email'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : "";
 			$sql = "SELECT user_id, username, user_email 
 				FROM " . USERS_TABLE . " 
 				WHERE user_email = '$email' 
 					AND username = '$username'";
 			if( $result = $db->sql_query($sql) )
 			{
 				if( !$db->sql_numrows($result) )
 				{
 					message_die(GENERAL_MESSAGE, $lang['No_email_match']);
 				}
 				$row = $db->sql_fetchrow($result); 
 				$username = $row['username'];
 				$user_actkey = generate_activation_key();
 				$user_password = generate_password();
 				$sql = "UPDATE " . USERS_TABLE . " 
 					SET user_active = 0, user_newpasswd = '" .md5($user_password) . "', user_actkey = '$user_actkey' 
 					WHERE user_id = " . $row['user_id'];
 				if( !$result = $db->sql_query($sql) )
 				{
 					message_die(GENERAL_ERROR, "Couldn't update new password information", "", __LINE__, __FILE__, $sql);
 				}
 				include($phpbb_root_path . 'includes/emailer.'.$phpEx);
 				$emailer = new emailer($board_config['smtp_delivery']);
 				$email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n";
 				$path = (dirname($HTTP_SERVER_VARS['REQUEST_URI']) == "/") ? "" : dirname($HTTP_SERVER_VARS['REQUEST_URI']);
 				$emailer->use_template("user_activate_passwd");
 				$emailer->email_address($row['user_email']);
 				$emailer->set_subject($lang['New_password_activation']);
 				$emailer->extra_headers($email_headers);
 				$emailer->assign_vars(array(
 					"USERNAME" => $username,
 					"PASSWORD" => $user_password,
 					"EMAIL_SIG" => str_replace("<br />", "\n", "-- \n" . $board_config['board_email_sig']), 
 					"U_ACTIVATE" => "http://" . $HTTP_SERVER_VARS['SERVER_NAME'] . $path . "/profile.$phpEx?mode=activate&act_key=$user_actkey")
 				);
 				$emailer->send();
 				$emailer->reset();
 				$template->assign_vars(array(
 					"META" => '<meta http-equiv="refresh" content="5;url=index.' . $phpEx . '">')
 				);
 				$message = $lang['Password_updated'] . "<br /><br />" . $lang['Click'] . " <a href=\"" . append_sid("index.$phpEx") . "\">" . $lang['Here'] . "</a> " . $lang['to_return_index'];
 				message_die(GENERAL_MESSAGE, $message);
 			}
 			else
 			{
 				message_die(GENERAL_ERROR, "Couldn't obtain user information for sendpassword", "", __LINE__, __FILE__, $sql);
 			}
 		}
 		else
 		{
 			$username = "";
 			$email = "";
 		}
 		//
 		// Output basic page
 		//
 		include($phpbb_root_path . 'includes/page_header.'.$phpEx);
 		$template->set_filenames(array(
 			"body" => "profile_send_pass.tpl",
 			"jumpbox" => "jumpbox.tpl")
 		);
 		$jumpbox = make_jumpbox();
 		$template->assign_vars(array(
 			"L_GO" => $lang['Go'],
 			"L_JUMP_TO" => $lang['Jump_to'],
 			"L_SELECT_FORUM" => $lang['Select_forum'],
 			"S_JUMPBOX_LIST" => $jumpbox,
 			"S_JUMPBOX_ACTION" => append_sid("viewforum.$phpEx"))
 		);
 		$template->assign_var_from_handle("JUMPBOX", "jumpbox");
 		$template->assign_vars(array(
 			"USERNAME" => $username,
 			"EMAIL" => $email,
 			"L_SEND_PASSWORD" => $lang['Send_password'], 
 			"L_ITEMS_REQUIRED" => $lang['Items_required'],
 			"L_EMAIL_ADDRESS" => $lang['Email_address'],
 			"L_SUBMIT" => $lang['Submit'],
 			"L_RESET" => $lang['Reset'])
 		);
 		$template->pparse("body");
 		include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
 	}
 	else if($mode == "activate")
 	{
-		$sql = "SELECT user_id, user_email  
+		$sql = "SELECT user_id, user_email, user_newpasswd 
 			FROM " . USERS_TABLE . "
 			WHERE user_actkey = '$act_key'";
 			if( $result = $db->sql_query($sql) )
 			{
 				if( $row = $db->sql_fetchrow($result) )
 				{
 					if( $row['user_newpasswd'] != "" )
 					{
 						$sql_update_pass = ", user_password = '" . $row['user_newpasswd'] . "', user_newpasswd = ''";
 					}
 					else
 					{
 						$sql_update_pass = "";
 					}
 					$sql_update = "UPDATE " . USERS_TABLE . "
-						SET user_active = 1, user_actkey = ''
+						SET user_active = 1, user_actkey = ''" . $sql_update_pass . " 
 						WHERE user_id = " . $row['user_id'];
 					if($result = $db->sql_query($sql_update))
 					{
-						if( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
+						if( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == "" )
 						{
 							include($phpbb_root_path . 'includes/emailer.'.$phpEx);
 							$emailer = new emailer($board_config['smtp_delivery']);
@ -1400,7 +1563,8 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 						}
 						else
 						{
-							message_die(GENERAL_MESSAGE, $lang['Account_active']);
+							$message = ( $sql_update_pass == "" ) ? $lang['Account_active'] : $lang['Password_activated']; 
 							message_die(GENERAL_MESSAGE, $message);
 						}
 					}
 					else
@ -1410,7 +1574,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 				}
 				else
 				{
-					message_die(GENERAL_ERROR, $lang['']); //wrongactiv
+					message_die(GENERAL_ERROR, $lang['Wrong_activation']); //wrongactiv
 				}
 			}
 			else
--- a/phpBB/templates/subSilver/profile_add_body.tpl
+++ b/phpBB/templates/subSilver/profile_add_body.tpl
@ -24,15 +24,24 @@
 		<input type="text" class="post" style="width: 200px" name="email" size="25" maxlength="255" value="{EMAIL}" />
 	  </td>
 	</tr>
 	<!-- BEGIN edit_profile -->
 	<tr> 
-	  <td class="row1"><span class="gen">{L_PASSWORD}: *</span><br />
+	  <td class="row1"><span class="gen">{L_CURRENT_PASSWORD}: *</span><br />
 		<span class="gensmall">{L_PASSWORD_IF_CHANGED}</span></td>
 	  <td class="row2"> 
 		<input type="password" class="post" style="width: 200px" name="password" size="25" maxlength="100" value="{PASSWORD}" />
 	  </td>
 	</tr>
 	<!-- END edit_profile -->
 	<tr> 
 	  <td class="row1"><span class="gen">{L_NEW_PASSWORD}: *</span><br />
 		<span class="gensmall">{L_PASSWORD_IF_CHANGED}</span></td>
 	  <td class="row2"> 
 		<input type="password" class="post" style="width: 200px" name="password" size="25" maxlength="100" value="{PASSWORD}" />
 	  </td>
 	</tr>
 	<tr> 
-	  <td class="row1"><span class="gen">{L_CONFIRM} {L_PASSWORD}: * </span><br />
+	  <td class="row1"><span class="gen">{L_CONFIRM_PASSWORD}: * </span><br />
 		<span class="gensmall">{L_PASSWORD_CONFIRM_IF_CHANGED}</span></td>
 	  <td class="row2"> 
 		<input type="password" class="post" style="width: 200px" name="password_confirm" size="25" maxlength="100" value="{PASSWORD_CONFIRM}" />
--- a/phpBB/templates/subSilver/profile_send_pass.tpl
+++ b/phpBB/templates/subSilver/profile_send_pass.tpl
@ -0,0 +1,35 @@
 <form action="{S_PROFILE_ACTION}" method="post">
 <table width="100%" cellspacing="2" cellpadding="2" border="0" align="center">
  <tr> 
 	<td align="left"><span class="nav"><a href="{U_INDEX}" class="nav">{SITENAME}&nbsp;{L_INDEX}</a></span></td>
  </tr>
 </table>
  <table border="0" cellpadding="3" cellspacing="1" width="100%" class="forumline">
 	<tr> 
 	  <th class="thHead" colspan="2" height="25" valign="middle">{L_SEND_PASSWORD}</th>
 	</tr>
 	<tr> 
 	  <td class="row2" colspan="2"><span class="gensmall">{L_ITEMS_REQUIRED}</span></td>
 	</tr>
 	<tr> 
 	  <td class="row1" width="38%"><span class="gen">{L_USERNAME}: *</span></td>
 	  <td class="row2"> 
 		<input type="text" class="post" style="width: 200px" name="username" size="25" maxlength="40" value="{USERNAME}" />
 	  </td>
 	</tr>
 	<tr> 
 	  <td class="row1"><span class="gen">{L_EMAIL_ADDRESS}: *</span></td>
 	  <td class="row2"> 
 		<input type="text" class="post" style="width: 200px" name="email" size="25" maxlength="255" value="{EMAIL}" />
 	  </td>
 	</tr>
 	<tr> 
 	  <td class="catBottom" colspan="2" align="center" height="28">{S_HIDDEN_FIELDS} 
 		<input type="submit" name="submit" value="{L_SUBMIT}" class="mainoption" />
 		&nbsp;&nbsp; 
 		<input type="reset" value="{L_RESET}" name="reset" class="liteoption" />
 	  </td>
 	</tr>
  </table>
 </form>