lost_pwd.php

   1 <?php
   2 # MantisBT - A PHP based bugtracking system
   3
   4 # MantisBT is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License as published by
   6 # the Free Software Foundation, either version 2 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # MantisBT is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * @package MantisBT
  19  * @author Marcello Scata' <marcelloscata at users.sourceforge.net> ITALY
  20  * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
  21  * @copyright Copyright (C) 2002 - 2011  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  22  * @link http://www.mantisbt.org
  23  *
  24  * @uses core.php
  25  * @uses authentication_api.php
  26  * @uses config_api.php
  27  * @uses constant_inc.php
  28  * @uses database_api.php
  29  * @uses email_api.php
  30  * @uses form_api.php
  31  * @uses gpc_api.php
  32  * @uses html_api.php
  33  * @uses lang_api.php
  34  * @uses print_api.php
  35  * @uses user_api.php
  36  * @uses utility_api.php
  37  */
  38
  39 /**
  40  * MantisBT Core API's
  41  */
  42 require_once( 'core.php' );
  43 require_api( 'authentication_api.php' );
  44 require_api( 'config_api.php' );
  45 require_api( 'constant_inc.php' );
  46 require_api( 'database_api.php' );
  47 require_api( 'email_api.php' );
  48 require_api( 'form_api.php' );
  49 require_api( 'gpc_api.php' );
  50 require_api( 'html_api.php' );
  51 require_api( 'lang_api.php' );
  52 require_api( 'print_api.php' );
  53 require_api( 'user_api.php' );
  54 require_api( 'utility_api.php' );
  55
  56 form_security_validate( 'lost_pwd' );
  57
  58 # lost password feature disabled or reset password via email disabled -> stop here!
  59 if( OFF == config_get( 'lost_password_feature' ) ||
  60         OFF == config_get( 'send_reset_password' ) ||
  61         OFF == config_get( 'enable_email_notification' ) ) {
  62         trigger_error( ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR );
  63 }
  64
  65 # force logout on the current user if already authenticated
  66 if( auth_is_user_authenticated() ) {
  67         auth_logout();
  68 }
  69
  70 $f_username = gpc_get_string('username');
  71 $f_email = gpc_get_string('email');
  72
  73 $f_email = email_append_domain( $f_email );
  74 email_ensure_valid( $f_email );
  75
  76 $t_user_table = db_get_table( 'user' );
  77
  78 /** @todo Consider moving this query to user_api.php */
  79 $query = 'SELECT id FROM ' . $t_user_table . ' WHERE username = ' . db_param() . ' AND email = ' . db_param() . ' AND enabled=' . db_param();
  80 $result = db_query_bound( $query, Array( $f_username, $f_email, true ) );
  81
  82 if ( 0 == db_num_rows( $result ) ) {
  83         trigger_error( ERROR_LOST_PASSWORD_NOT_MATCHING_DATA, ERROR );
  84 }
  85
  86 if( is_blank( $f_email ) ) {
  87         trigger_error( ERROR_LOST_PASSWORD_NO_EMAIL_SPECIFIED, ERROR );
  88 }
  89
  90 $row = db_fetch_array( $result );
  91 $t_user_id = $row['id'];
  92
  93 if( user_is_protected( $t_user_id ) ) {
  94         trigger_error( ERROR_PROTECTED_ACCOUNT, ERROR );
  95 }
  96
  97 if( !user_is_lost_password_request_allowed( $t_user_id ) ) {
  98         trigger_error( ERROR_LOST_PASSWORD_MAX_IN_PROGRESS_ATTEMPTS_REACHED, ERROR );
  99 }
 100
 101 $t_confirm_hash = auth_generate_confirm_hash( $t_user_id );
 102 email_send_confirm_hash_url( $t_user_id, $t_confirm_hash );
 103
 104 user_increment_lost_password_in_progress_count( $t_user_id );
 105
 106 form_security_purge( 'lost_pwd' );
 107
 108 $t_redirect_url = 'login_page.php';
 109
 110 html_page_top();
 111 ?>
 112
 113 <br />
 114 <div>
 115 <table class="width50" cellspacing="1">
 116 <tr>
 117         <td class="center">
 118                 <strong><?php echo lang_get( 'lost_password_done_title' ) ?></strong>
 119         </td>
 120 </tr>
 121 <tr>
 122         <td>
 123                 <br/>
 124                 <?php echo lang_get( 'reset_request_in_progress_msg' ) ?>
 125                 <br/><br/>
 126         </td>
 127 </tr>
 128 </table>
 129 <br />
 130 <?php print_bracket_link( 'login_page.php', lang_get( 'proceed' ) ); ?>
 131 </div>
 132
 133 <?php
 134 html_page_bottom1a( __FILE__ );