<?php # $Id$ # http://www.mapbender.org/index.php/Administration # Copyright (C) 2002 CCGIS # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. require_once(dirname(__FILE__)."/../../core/globalSettings.php"); /* * @security_patch irv done */ require_once(dirname(__FILE__)."/../../core/globalSettings.php"); //security_patch_log(__FILE__,__LINE__); //import_request_variables("PG"); $postvars = explode(",", "username,email,upd,sendnew"); foreach ($postvars as $value) { $$value = $_POST[$value]; } require_once(dirname(__FILE__)."/../classes/class_administration.php"); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <?php echo '<meta http-equiv="Content-Type" content="text/html; charset='.CHARSET.'">'; ?> <title>Generate New Password</title> <style type="text/css"> <!-- body{ font-family: Arial, Helvetica, sans-serif; font-size: 10px; } .desc{ font-family: Arial, Helvetica, sans-serif; font-size: 9px; } .myButton{ font-family: Arial, Helvetica, sans-serif; width : 150px; } --> </style> </head> <body> <?php if (!USE_PHP_MAILING) { echo "<script language='javascript'>"; echo "alert('PHP mailing is currently disabled. Please adjust the settings in mapbender.conf.');"; echo "window.close();"; echo "</script>"; } else { $logged_user_name = Mapbender::session()->get("mb_user_name"); $logged_user_id = Mapbender::session()->get("mb_user_id"); $admin = new administration(); $upd = false; if ($_POST["sendnew"]) { if ($_POST["username"] && $_POST["email"]) { $id = $admin->getUserIdByUserName($_POST["username"]); $mailAddressMatch = ($admin->getEmailByUserId($id) == $_POST["email"]) && ($_POST["email"] != ''); $user_id = $id; if ($user_id && $mailAddressMatch) { $upd=true; } else { echo "Either your username could not be found or you have registered another or no mail address.<br><br>"; } } else { echo "Please fill in your username and mail address.<br><br>"; } } /*handle INSERT and DELETE************************************************************************************/ if($upd){ $sql_password = $admin->getRandomPassword(); $mailToAddr = $admin->getEmailByUserId($user_id); $mailToName = $admin->getUsernameByUserId($user_id); if (!$mailToAddr) { echo "<script language='javascript'>"; echo "alert('You didn\'t enter an email address when registering with Mapbender. Unfortunately there is no way to send you a new password.');"; echo "window.back();"; echo "</script>"; } elseif ($user_id) { if ($admin->sendEmail("", "", $mailToAddr, $mailToName, "Your new Mapbender password", "login: " . $mailToName . "\npassword: " . $sql_password, $error_msg)) { //set new password in db $sql_update = "UPDATE mb_user SET mb_user_password = $1"; $sql_update .= " WHERE mb_user_id = $2"; #echo $sql_update; $v = array(md5($sql_password),$user_id); $t = array('s','i'); db_prep_query($sql_update,$v,$t); //reset login count $admin->resetLoginCount($user_id); echo "<script language='javascript'>"; echo "alert('A new password will be sent to your e-mail-address!');"; echo "window.close();"; echo "</script>"; } else { echo "<script language='javascript'>"; echo "alert('An error occured while sending the new password to your e-mail-address! " . $error_msg . " Please try again later.');"; echo "window.back();"; echo "</script>"; } } $upd = false; } else { /*HTML*****************************************************************************************************/ echo "<fieldset><legend>Forgot your Passwort ?</legend>"; #echo "<fieldset><legend>Passwort vergessen ?</legend>"; #echo "<form name='form1' action='" . $_SERVER["SCRIPT_NAME"] . "' method='post'>"; echo "<form name='form1' method='post'>"; echo "<table cellpadding='5' cellspacing='0' border='0'>"; echo "<tr><td>"; echo "Username:"; echo "</td>"; echo "<td>"; echo "<input type='text' name='username' value=''>"; echo "</td>"; echo"</tr>"; echo "<tr><td>"; echo "E-Mail:"; echo "</td>"; echo "<td>"; echo "<input type='text' name='email' value=''>"; echo "</td>"; echo"</tr>"; echo"<tr><td>"; echo "<input type='hidden' name='upd' value=''>"; echo "<center><br><input type='submit' name='sendnew' value='Order a new Password'></center>"; #echo "<center><br><input type='submit' name='sendnew' value='Neues Passwort anfordern'></center>"; echo"<td></tr></table>"; echo "</form>"; echo"</fieldset><br />"; /*********************************************************************/ } } ?> </body> </html>