Sponsorenverwaltung - Team StarCraft e.V.
 All Data Structures Files Functions Variables
forgot_password.php
Go to the documentation of this file.
1 <?php
2  /**
3  * @file forgot_password.php
4  *
5  * @brief This file handles lost password requests
6  *
7  * @details
8  * This file provides users with the ability to request a new password.
9  * If the request was successful an email with further information is sent.
10  * The user has the choice between accepting and denying the request. If he
11  * accepts the request a second email with a once usable password will be
12  * sent to him.
13  *
14  * @copyright (c) 2013, Team StarCraft e.V.
15  * @author Usercake (http://www.usercake.com)
16  * @author Alexander Vorndran
17  * @date 02.07.2013
18  */
19 
20  // include
21  include("inc/common.php");
22 
23  // UserCake
24  if (!accessGranted($_SERVER['PHP_SELF'])) {
25  if (isUserLoggedIn()) {
26  exitWithErrorTemplate(array('Die angeforderte Seite ist gesperrt.'));
27  } else {
28  exitWithErrorTemplateAndRedirect(array('Die angeforderte Seite ist gesperrt oder geschützt.'), 'login.php', 2);
29  }
30  }
31 
32  // User has confirmed they want their password changed
33  if (!empty($_GET["confirm"])) {
34  $token = trim($_GET["confirm"]);
35  acceptPasswordRequest($token);
36  } else if (!empty($_GET["deny"])) {
37  //User has denied this request
38  $token = trim($_GET["deny"]);
39  denyPasswordRequest($token);
40  }
41 
42  //Forms posted
43  if (!empty($_POST)) {
44  $email = $_POST["email"];
45  $username = sanitize($_POST["username"]);
46 
47  //Perform some validation
48  //Feel free to edit / change as required
49 
50  if (trim($email) == "") {
51  $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
52  }
53  //Check to ensure email is in the correct format / in the db
54  else if (!isValidEmail($email) || !emailExists($email)) {
55  $errors[] = lang("ACCOUNT_INVALID_EMAIL");
56  }
57 
58  if (trim($username) == "") {
59  $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
60  } else if (!usernameExists($username)) {
61  $errors[] = lang("ACCOUNT_INVALID_USERNAME");
62  }
63 
64  if (count($errors) == 0) {
65  //Check that the username / email are associated to the same account
66  if (!emailUsernameLinked($email, $username)) {
67  $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
68  } else {
69  //Check if the user has any outstanding lost password requests
70  $userdetails = fetchUserDetails($username);
71  if ($userdetails["lost_password_request"] == 1 || $userdetails["lost_password_request"] == 2) {
72  $errors[] = "Die letzte Anfrage nach einem neuen Passwort wurde noch nicht abgeschlossen.";
73  } else if (!hasValidMail($userdetails['id'])) {
74  $errors[] = "Die E-Mail-Adresse ist nicht validiert. Es wird keine Anfrage gesendet. \nWenden Sie sich bitte an einen Administrator.";
75  } else {
76  //Email the user asking to confirm this change password request
77  //We can use the template builder here
78  //We use the activation token again for the url key it gets regenerated everytime it's used.
79 
80  $mail = new UserCakeMail();
81  $confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot_password.php?confirm=" . $userdetails["activation_token"];
82  $deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot_password.php?deny=" . $userdetails["activation_token"];
83 
84  //Setup our custom hooks
85  $hooks = array(
86  "searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"),
87  "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"])
88  );
89 
90  if (!$mail->newTemplateMsg("lost-password-request.txt", $hooks)) {
91  $errors[] = "Beim Erstellen der E-Mail ist ein Fehler aufgetreten.";
92  } else {
93  if (!$mail->sendMail($userdetails["email"], "Neues Passwort")) {
94  $errors[] = "Beim Senden der E-Mail ist ein Fehler aufgetreten.";
95  } else {
96  //Update the DB to show this account has an outstanding request
97  switch ($userdetails['lostPasswordRequest']) {
98  case -3:
99  if (!flagPassword($userdetails["id"], 2)) {
100  $errors[] = lang("SQL_ERROR");
101  } else {
102  $successes[] = "Eine E-Mail mit Anweisungen um das Passwort zurückzusetzen wurde versendet";
103  }
104  break;
105  default :
106  if (!flagPassword($userdetails["id"], 1)) {
107  $errors[] = lang("SQL_ERROR");
108  } else {
109  $successes[] = "Eine E-Mail mit Anweisungen um das Passwort zurückzusetzen wurde versendet";
110  }
111  break;
112  }
113  }
114  }
115  }
116  }
117  }
118  }
119  displayTemplateWithErrorsAndSuccesses("Passwort zurücksetzen", 'forgot_password.tpl');
120 ?>