makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-27 21:58:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Added Send New Password functions + added check for current password when changing

Browse source 
git-svn-id: file:///svn/phpbb/trunk@1155 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2001-10-10 17:27:34 +00:00
parent b408676555
commit e5a8bda3ff
7 changed files with 249 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/language/email/admin_welcome_activated_english.tpl
View file

@ -1,5 +1,5 @@
Hello {USERNAME},
Your account has now been activated, you may login using the username and password you received in a previous email.
Your account on "{SITENAME}" has now been activated, you may login using the username and password you received in a previous email.
{EMAIL_SIG}

15
phpBB/language/email/user_activate_passwd_english.tpl Normal file
View file

@ -0,0 +1,15 @@
Hello {USERNAME}
You are receiving this email because you have (or someone pretending to be you has) requested a new password be sent for your account on {SITENAME}. If you did not request this email then please ignore it, if you keep receiving it please contact the board administrator.
To use the new password you need to activate it. To do this click the link provided below.
Activation: {U_ACTIVATE}
If sucessful you will be able to login using the following password:
Password: {PASSWORD}
You can of course change this password yourself via the profile page. If you have any difficulties please contact the board administrator.
{EMAIL_SIG}

46
phpBB/language/lang_english.php
View file

@ -450,6 +450,9 @@ $lang['Signature'] = "Signature";
$lang['Signature_explain'] = "This is a block of text that can be added to posts you make. There is a 255 character limit";
$lang['Public_view_email'] = "Always show my Email Address";
$lang['Current_password'] = "Current password";
$lang['New_password'] = "New password";
$lang['Confirm_password'] = "Confirm password";
$lang['password_if_changed'] = "You only need to supply a password if you want to change it";
$lang['password_confirm_if_changed'] = "You only need to confirm your password if you changed it above";
@ -480,6 +483,7 @@ $lang['Profile_updated'] = "Your profile has been updated";
$lang['to_return_index'] = "to return to the index";
$lang['Password_mismatch'] = "The passwords you entered did not match";
$lang['Current_password_mismatch'] = "The current password you supplied does not match that stored in the database";
$lang['Invalid_username'] = "The username you requested has been taken or disallowed";
$lang['Signature_too_long'] = "Your signature is too long";
$lang['Fields_empty'] = "You must fill in the required fields";
@ -501,6 +505,13 @@ $lang['Reactivate'] = "Reactivate your account!";
$lang['COPPA'] = "Your account has been created but has to be approved, please check your email for details.";
$lang['Welcome_COPPA'] = "Your account has been created, however in complance with the COPPA act you must print out this page and have you parent or guardian mail it to: <br />" . $lang['Mailing_address'] . "<br />Or fax it to: <br />" . $lang['Fax_info'] . "<br /> Once this information has been received your account will be activated by the administrator and you will receive an email notification.";
$lang['Wrong_activation'] = "The activation key you supplied does not match any in the database";
$lang['Send_password'] = "Send me a new password";
$lang['Password_updated'] = "A new password has been created, please check your email for details on how to activate it";
$lang['No_email_match'] = "The email address you supplied does not match the one listed for that username";
$lang['New_password_activation'] = "New password activation";
$lang['Password_activated'] = "Your account has been re-activated. To logon please use the password supplied in the email you received";
//
// Memberslist
//
@ -994,39 +1005,4 @@ $lang['Download_config'] = "Download Config";
// End
// -------------------------------------------------
// -------------------------------------------------
// Old format ... _DON'T_add_any_ new entries here!!
//
// Sendpasswd
$l_wrongactiv = "The activation key you provided is not correct. Please check email $l_message you recived and make sure you have copied the activation key exactly.";
$l_passchange = "Your password has been successfully changed. You may now goto your <a href=\"bb_profile.$phpEx?mode=edit\">profile</a> and change your password to a more suitable one.";
$l_wrongmail = "The email address you entered does not match the one stored in our database.";
$l_passsubj = "$sitename Forums Password Change";
$l_pwdmessage = "Dear $checkinfo[username],
You are receiving this email because you (or someone pretending to be you)
has requested a passwordchange on $sitename forums. If you believe you have
received this message in error simply delete it and your password will remain
the same.
Your new password as generated by the forums is: $newpw
In order for this change to take effect you must visit this page:
http://$SERVER_NAME$PHP_SELF?actkey=$key
Once you have visited the page your password will be changed in our database,
and you may login to the profile section and change it as desired.
Thank you for using $sitename Forums
";
$l_passsent = "Your password has changed to a new, random, password. Please check your email on how to complete the password change procedure.";
$l_emailpass = "Email Lost Password";
$l_passexplain = "Please fill out the form, a new password will be sent to your Email address";
$l_sendpass = "Send Password";
?>

2
phpBB/login.php
View file

@ -169,7 +169,7 @@ else
"L_SEND_PASSWORD" => $lang['Forgotten_password'],
"U_SEND_PASSWORD" => append_sid("sendpassword.$phpEx")
"U_SEND_PASSWORD" => append_sid("profile.$phpEx?mode=sendpassword")
)
);

182
phpBB/profile.php
View file

@ -92,7 +92,6 @@ function validate_email($email)
}
}
//
// Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags()
// to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail.
@ -165,9 +164,25 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca
return;
}
function generate_password()
{
$chars = array(
"a","A","b","B","c","C","d","D","e","E","f","F","g","G","h","H","i","I","j","J", "k","K","l","L","m","M","n","N","o","O","p","P","q","Q","r","R","s","S","t","T", "u","U","v","V","w","W","x","X","y","Y","z","Z","1","2","3","4","5","6","7","8",
"9","0");
$max_chars = count($chars) - 1;
srand((double)microtime()*1000000);
for($i = 0; $i < 8; $i++)
{
$new_passwd = ($i == 0) ? $chars[rand(0, $max_chars)] : $new_passwd . $chars[rand(0, $max_chars)];
}
return($new_passwd);
}
//
// End page specific functions
//
// ---------------------------
//
@ -524,9 +539,34 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
else
{
$password = md5($password);
if( $mode == "editprofile" )
{
$sql = "SELECT user_password
FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if($result = $db->sql_query($sql))
{
$row = $db->sql_fetchrow($result);
if( $row['user_password'] != $password )
{
$error = TRUE;
$error_msg = $lang['Current_password_mismatch'];
}
}
else
{
message_die(GENERAL_ERROR, "Couldn't obtain user_password information.", "", __LINE__, __FILE__, $sql);
}
}
if( !$error )
{
$passwd_sql = "user_password = '$password', ";
}
}
}
else if( ( $password && !$password_confirm ) || ( !$password && $password_confirm ) )
{
$error = TRUE;
@ -624,7 +664,6 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
message_die(GENERAL_ERROR, "Couldn't obtained next user_id information.", "", __LINE__, __FILE__, $sql);
}
}
$avatar_sql = "";
@ -1231,6 +1270,11 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
);
$template->assign_var_from_handle("JUMPBOX", "jumpbox");
if( $mode == "editprofile" )
{
$template->assign_block_vars("edit_profile", array());
}
$template->assign_vars(array(
"USERNAME" => $username,
"EMAIL" => $email,
@ -1270,6 +1314,9 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
"BBCODE_STATUS" => $bbcode_status,
"SMILIES_STATUS" => $smilies_status,
"L_CURRENT_PASSWORD" => $lang['Current_password'],
"L_NEW_PASSWORD" => ( $mode == "register" ) ? $lang['Password'] : $lang['New_password'],
"L_CONFIRM_PASSWORD" => $lang['Confirm_password'],
"L_PASSWORD_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_if_changed'] : "",
"L_PASSWORD_CONFIRM_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_confirm_if_changed'] : "",
"L_SUBMIT" => $lang['Submit'],
@ -1318,7 +1365,6 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
"L_REGISTRATION_INFO" => $lang['Registration_info'],
"L_PROFILE_INFO" => $lang['Profile_info'],
"L_PROFILE_INFO_NOTICE" => $lang['Profile_info_warn'],
"L_CONFIRM" => $lang['Confirm'],
"L_EMAIL_ADDRESS" => $lang['Email_address'],
"L_HTML_IS" => $lang['HTML'] . " " . $lang['is'],
@ -1360,21 +1406,138 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
else if($mode == "sendpassword")
{
if( isset($HTTP_POST_VARS['submit']) )
{
$username = (!empty($HTTP_POST_VARS['username'])) ? trim(strip_tags($HTTP_POST_VARS['username'])) : "";
$email = (!empty($HTTP_POST_VARS['email'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : "";
$sql = "SELECT user_id, username, user_email
FROM " . USERS_TABLE . "
WHERE user_email = '$email'
AND username = '$username'";
if( $result = $db->sql_query($sql) )
{
if( !$db->sql_numrows($result) )
{
message_die(GENERAL_MESSAGE, $lang['No_email_match']);
}
$row = $db->sql_fetchrow($result);
$username = $row['username'];
$user_actkey = generate_activation_key();
$user_password = generate_password();
$sql = "UPDATE " . USERS_TABLE . "
SET user_active = 0, user_newpasswd = '" .md5($user_password) . "', user_actkey = '$user_actkey'
WHERE user_id = " . $row['user_id'];
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't update new password information", "", __LINE__, __FILE__, $sql);
}
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n";
$path = (dirname($HTTP_SERVER_VARS['REQUEST_URI']) == "/") ? "" : dirname($HTTP_SERVER_VARS['REQUEST_URI']);
$emailer->use_template("user_activate_passwd");
$emailer->email_address($row['user_email']);
$emailer->set_subject($lang['New_password_activation']);
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
"USERNAME" => $username,
"PASSWORD" => $user_password,
"EMAIL_SIG" => str_replace("<br />", "\n", "-- \n" . $board_config['board_email_sig']),
"U_ACTIVATE" => "http://" . $HTTP_SERVER_VARS['SERVER_NAME'] . $path . "/profile.$phpEx?mode=activate&act_key=$user_actkey")
);
$emailer->send();
$emailer->reset();
$template->assign_vars(array(
"META" => '<meta http-equiv="refresh" content="5;url=index.' . $phpEx . '">')
);
$message = $lang['Password_updated'] . "<br /><br />" . $lang['Click'] . " <a href=\"" . append_sid("index.$phpEx") . "\">" . $lang['Here'] . "</a> " . $lang['to_return_index'];
message_die(GENERAL_MESSAGE, $message);
}
else
{
message_die(GENERAL_ERROR, "Couldn't obtain user information for sendpassword", "", __LINE__, __FILE__, $sql);
}
}
else
{
$username = "";
$email = "";
}
//
// Output basic page
//
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
"body" => "profile_send_pass.tpl",
"jumpbox" => "jumpbox.tpl")
);
$jumpbox = make_jumpbox();
$template->assign_vars(array(
"L_GO" => $lang['Go'],
"L_JUMP_TO" => $lang['Jump_to'],
"L_SELECT_FORUM" => $lang['Select_forum'],
"S_JUMPBOX_LIST" => $jumpbox,
"S_JUMPBOX_ACTION" => append_sid("viewforum.$phpEx"))
);
$template->assign_var_from_handle("JUMPBOX", "jumpbox");
$template->assign_vars(array(
"USERNAME" => $username,
"EMAIL" => $email,
"L_SEND_PASSWORD" => $lang['Send_password'],
"L_ITEMS_REQUIRED" => $lang['Items_required'],
"L_EMAIL_ADDRESS" => $lang['Email_address'],
"L_SUBMIT" => $lang['Submit'],
"L_RESET" => $lang['Reset'])
);
$template->pparse("body");
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
else if($mode == "activate")
{
$sql = "SELECT user_id, user_email
$sql = "SELECT user_id, user_email, user_newpasswd
FROM " . USERS_TABLE . "
WHERE user_actkey = '$act_key'";
if( $result = $db->sql_query($sql) )
{
if( $row = $db->sql_fetchrow($result) )
{
if( $row['user_newpasswd'] != "" )
{
$sql_update_pass = ", user_password = '" . $row['user_newpasswd'] . "', user_newpasswd = ''";
}
else
{
$sql_update_pass = "";
}
$sql_update = "UPDATE " . USERS_TABLE . "
SET user_active = 1, user_actkey = ''
SET user_active = 1, user_actkey = ''" . $sql_update_pass . "
WHERE user_id = " . $row['user_id'];
if($result = $db->sql_query($sql_update))
{
if( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
if( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == "" )
{
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
@ -1400,7 +1563,8 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
}
else
{
message_die(GENERAL_MESSAGE, $lang['Account_active']);
$message = ( $sql_update_pass == "" ) ? $lang['Account_active'] : $lang['Password_activated'];
message_die(GENERAL_MESSAGE, $message);
}
}
else
@ -1410,7 +1574,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
}
else
{
message_die(GENERAL_ERROR, $lang['']); //wrongactiv
message_die(GENERAL_ERROR, $lang['Wrong_activation']); //wrongactiv
}
}
else

13
phpBB/templates/subSilver/profile_add_body.tpl
View file

@ -24,15 +24,24 @@
<input type="text" class="post" style="width: 200px" name="email" size="25" maxlength="255" value="{EMAIL}" />
</td>
</tr>
<!-- BEGIN edit_profile -->
<tr>
<td class="row1"><span class="gen">{L_PASSWORD}: *</span><br />
<td class="row1"><span class="gen">{L_CURRENT_PASSWORD}: *</span><br />
<span class="gensmall">{L_PASSWORD_IF_CHANGED}</span></td>
<td class="row2">
<input type="password" class="post" style="width: 200px" name="password" size="25" maxlength="100" value="{PASSWORD}" />
</td>
</tr>
<!-- END edit_profile -->
<tr>
<td class="row1"><span class="gen">{L_NEW_PASSWORD}: *</span><br />
<span class="gensmall">{L_PASSWORD_IF_CHANGED}</span></td>
<td class="row2">
<input type="password" class="post" style="width: 200px" name="password" size="25" maxlength="100" value="{PASSWORD}" />
</td>
</tr>
<tr>
<td class="row1"><span class="gen">{L_CONFIRM} {L_PASSWORD}: * </span><br />
<td class="row1"><span class="gen">{L_CONFIRM_PASSWORD}: * </span><br />
<span class="gensmall">{L_PASSWORD_CONFIRM_IF_CHANGED}</span></td>
<td class="row2">
<input type="password" class="post" style="width: 200px" name="password_confirm" size="25" maxlength="100" value="{PASSWORD_CONFIRM}" />

35
phpBB/templates/subSilver/profile_send_pass.tpl Normal file
View file

@ -0,0 +1,35 @@
<form action="{S_PROFILE_ACTION}" method="post">
<table width="100%" cellspacing="2" cellpadding="2" border="0" align="center">
<tr>
<td align="left"><span class="nav"><a href="{U_INDEX}" class="nav">{SITENAME}&nbsp;{L_INDEX}</a></span></td>
</tr>
</table>
<table border="0" cellpadding="3" cellspacing="1" width="100%" class="forumline">
<tr>
<th class="thHead" colspan="2" height="25" valign="middle">{L_SEND_PASSWORD}</th>
</tr>
<tr>
<td class="row2" colspan="2"><span class="gensmall">{L_ITEMS_REQUIRED}</span></td>
</tr>
<tr>
<td class="row1" width="38%"><span class="gen">{L_USERNAME}: *</span></td>
<td class="row2">
<input type="text" class="post" style="width: 200px" name="username" size="25" maxlength="40" value="{USERNAME}" />
</td>
</tr>
<tr>
<td class="row1"><span class="gen">{L_EMAIL_ADDRESS}: *</span></td>
<td class="row2">
<input type="text" class="post" style="width: 200px" name="email" size="25" maxlength="255" value="{EMAIL}" />
</td>
</tr>
<tr>
<td class="catBottom" colspan="2" align="center" height="28">{S_HIDDEN_FIELDS}
<input type="submit" name="submit" value="{L_SUBMIT}" class="mainoption" />
&nbsp;&nbsp;
<input type="reset" value="{L_RESET}" name="reset" class="liteoption" />
</td>
</tr>
</table>
</form>