* @license GNU General Public License, version 2 (GPL-2.0) * * For full copyright and license information, please see * the docs/CREDITS.txt file. * */ /** * @ignore */ if (!defined('IN_PHPBB')) { exit; } /** * ucp_remind * Sending password reminders */ class ucp_remind { var $u_action; function main($id, $mode) { global $config, $phpbb_root_path, $phpEx, $request; global $db, $user, $template, $phpbb_container, $phpbb_dispatcher; if (!$config['allow_password_reset']) { trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '', '')); } $username = $request->variable('username', '', true); $email = strtolower($request->variable('email', '')); $submit = (isset($_POST['submit'])) ? true : false; add_form_key('ucp_remind'); if ($submit) { if (!check_form_key('ucp_remind')) { trigger_error('FORM_INVALID'); } $sql_array = array( 'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason', 'FROM' => array(USERS_TABLE => 'u'), 'WHERE' => "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "' AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" ); /** * Change SQL query for fetching user data * * @event core.ucp_remind_modify_select_sql * @var string email User's email from the form * @var string username User's username from the form * @var array sql_array Fully assembled SQL query with keys SELECT, FROM, WHERE * @since 3.1.11-RC1 */ $vars = array( 'email', 'username', 'sql_array', ); extract($phpbb_dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars))); $sql = $db->sql_build_query('SELECT', $sql_array); $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$user_row) { trigger_error('NO_EMAIL_USER'); } if ($user_row['user_type'] == USER_IGNORE) { trigger_error('NO_USER'); } if ($user_row['user_type'] == USER_INACTIVE) { if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL) { trigger_error('ACCOUNT_DEACTIVATED'); } else { trigger_error('ACCOUNT_NOT_ACTIVATED'); } } // Check users permissions $auth2 = new \phpbb\auth\auth(); $auth2->acl($user_row); if (!$auth2->acl_get('u_chgpasswd')) { send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_PASSWORD_REMINDER'); } $server_url = generate_board_url(); // Make password at least 8 characters long, make it longer if admin wants to. // gen_rand_string() however has a limit of 12 or 13. $user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars']))); // For the activation key a random length between 6 and 10 will do. $user_actkey = gen_rand_string(mt_rand(6, 10)); // Instantiate passwords manager /* @var $manager \phpbb\passwords\manager */ $passwords_manager = $phpbb_container->get('passwords.manager'); $sql = 'UPDATE ' . USERS_TABLE . " SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "' WHERE user_id = " . $user_row['user_id']; $db->sql_query($sql); include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); $messenger = new messenger(false); $messenger->template('user_activate_passwd', $user_row['user_lang']); $messenger->set_addresses($user_row); $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($user_row['username']), 'PASSWORD' => htmlspecialchars_decode($user_password), 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey") ); $messenger->send($user_row['user_notify_type']); meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx")); $message = $user->lang['PASSWORD_UPDATED'] . '

' . sprintf($user->lang['RETURN_INDEX'], '', ''); trigger_error($message); } $template->assign_vars(array( 'USERNAME' => $username, 'EMAIL' => $email, 'S_PROFILE_ACTION' => append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword')) ); $this->tpl_name = 'ucp_remind'; $this->page_title = 'UCP_REMIND'; } }