Reminder.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405
  1. <?php
  2. /**
  3. * Handle sending out reminders, and checking the secret answer and question. It uses just a few functions to do this, which are:
  4. * Simple Machines Forum (SMF)
  5. *
  6. * @package SMF
  7. * @author Simple Machines http://www.simplemachines.org
  8. * @copyright 2014 Simple Machines and individual contributors
  9. * @license http://www.simplemachines.org/about/smf/license.php BSD
  10. *
  11. * @version 2.1 Alpha 1
  12. */
  13. if (!defined('SMF'))
  14. die('No direct access...');
  15. /**
  16. * This is the controlling delegator
  17. * @uses Profile language files and Reminder template
  18. */
  19. function RemindMe()
  20. {
  21. global $txt, $context;
  22. loadLanguage('Profile');
  23. loadTemplate('Reminder');
  24. $context['page_title'] = $txt['authentication_reminder'];
  25. $context['robot_no_index'] = true;
  26. // Delegation can be useful sometimes.
  27. $subActions = array(
  28. 'picktype' => 'RemindPick',
  29. 'secret2' => 'SecretAnswer2',
  30. 'setpassword' =>'setPassword',
  31. 'setpassword2' =>'setPassword2'
  32. );
  33. // Any subaction? If none, fall through to the main template, which will ask for one.
  34. if (isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]))
  35. $subActions[$_REQUEST['sa']]();
  36. // Creating a one time token.
  37. else
  38. createToken('remind');
  39. }
  40. // Pick a reminder type.
  41. function RemindPick()
  42. {
  43. global $context, $txt, $scripturl, $sourcedir, $user_info, $webmaster_email, $smcFunc, $language, $modSettings;
  44. checkSession();
  45. validateToken('remind');
  46. createToken('remind');
  47. // Coming with a known ID?
  48. if (!empty($_REQUEST['uid']))
  49. {
  50. $where = 'id_member = {int:id_member}';
  51. $where_params['id_member'] = (int) $_REQUEST['uid'];
  52. }
  53. elseif (isset($_POST['user']) && $_POST['user'] != '')
  54. {
  55. $where = 'member_name = {string:member_name}';
  56. $where_params['member_name'] = $_POST['user'];
  57. $where_params['email_address'] = $_POST['user'];
  58. }
  59. // You must enter a username/email address.
  60. if (empty($where))
  61. fatal_lang_error('username_no_exist', false);
  62. // Make sure we are not being slammed
  63. // Don't call this if you're coming from the "Choose a reminder type" page - otherwise you'll likely get an error
  64. if (!isset($_POST['reminder_type']) || !in_array($_POST['reminder_type'], array('email', 'secret')))
  65. {
  66. spamProtection('remind');
  67. }
  68. // Find the user!
  69. $request = $smcFunc['db_query']('', '
  70. SELECT id_member, real_name, member_name, email_address, is_activated, validation_code, lngfile, openid_uri, secret_question
  71. FROM {db_prefix}members
  72. WHERE ' . $where . '
  73. LIMIT 1',
  74. array_merge($where_params, array(
  75. ))
  76. );
  77. // Maybe email?
  78. if ($smcFunc['db_num_rows']($request) == 0 && empty($_REQUEST['uid']))
  79. {
  80. $smcFunc['db_free_result']($request);
  81. $request = $smcFunc['db_query']('', '
  82. SELECT id_member, real_name, member_name, email_address, is_activated, validation_code, lngfile, openid_uri, secret_question
  83. FROM {db_prefix}members
  84. WHERE email_address = {string:email_address}
  85. LIMIT 1',
  86. array_merge($where_params, array(
  87. ))
  88. );
  89. if ($smcFunc['db_num_rows']($request) == 0)
  90. fatal_lang_error('no_user_with_email', false);
  91. }
  92. $row = $smcFunc['db_fetch_assoc']($request);
  93. $smcFunc['db_free_result']($request);
  94. $context['account_type'] = !empty($row['openid_uri']) ? 'openid' : 'password';
  95. // If the user isn't activated/approved, give them some feedback on what to do next.
  96. if ($row['is_activated'] != 1)
  97. {
  98. // Awaiting approval...
  99. if (trim($row['validation_code']) == '')
  100. fatal_error(sprintf($txt['registration_not_approved'], $scripturl . '?action=activate;user=' . $_POST['user']), false);
  101. else
  102. fatal_error(sprintf($txt['registration_not_activated'], $scripturl . '?action=activate;user=' . $_POST['user']), false);
  103. }
  104. // You can't get emailed if you have no email address.
  105. $row['email_address'] = trim($row['email_address']);
  106. if ($row['email_address'] == '')
  107. fatal_error($txt['no_reminder_email'] . '<br>' . $txt['send_email'] . ' <a href="mailto:' . $webmaster_email . '">webmaster</a> ' . $txt['to_ask_password'] . '.');
  108. // If they have no secret question then they can only get emailed the item, or they are requesting the email, send them an email.
  109. if (empty($row['secret_question']) || (isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'email'))
  110. {
  111. // Randomly generate a new password, with only alpha numeric characters that is a max length of 10 chars.
  112. require_once($sourcedir . '/Subs-Members.php');
  113. $password = generateValidationCode();
  114. require_once($sourcedir . '/Subs-Post.php');
  115. $replacements = array(
  116. 'REALNAME' => $row['real_name'],
  117. 'REMINDLINK' => $scripturl . '?action=reminder;sa=setpassword;u=' . $row['id_member'] . ';code=' . $password,
  118. 'IP' => $user_info['ip'],
  119. 'MEMBERNAME' => $row['member_name'],
  120. 'OPENID' => $row['openid_uri'],
  121. );
  122. $emaildata = loadEmailTemplate('forgot_' . $context['account_type'], $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
  123. $context['description'] = $txt['reminder_' . (!empty($row['openid_uri']) ? 'openid_' : '') . 'sent'];
  124. // If they were using OpenID simply email them their OpenID identity.
  125. sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, 'reminder', false, 1);
  126. if (empty($row['openid_uri']))
  127. // Set the password in the database.
  128. updateMemberData($row['id_member'], array('validation_code' => substr(md5($password), 0, 10)));
  129. // Set up the template.
  130. $context['sub_template'] = 'sent';
  131. // Dont really.
  132. return;
  133. }
  134. // Otherwise are ready to answer the question?
  135. elseif (isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'secret')
  136. {
  137. return SecretAnswerInput();
  138. }
  139. // No we're here setup the context for template number 2!
  140. $context['sub_template'] = 'reminder_pick';
  141. $context['current_member'] = array(
  142. 'id' => $row['id_member'],
  143. 'name' => $row['member_name'],
  144. );
  145. }
  146. // Set your new password
  147. function setPassword()
  148. {
  149. global $txt, $context;
  150. loadLanguage('Login');
  151. // You need a code!
  152. if (!isset($_REQUEST['code']))
  153. fatal_lang_error('no_access', false);
  154. // Fill the context array.
  155. $context += array(
  156. 'page_title' => $txt['reminder_set_password'],
  157. 'sub_template' => 'set_password',
  158. 'code' => $_REQUEST['code'],
  159. 'memID' => (int) $_REQUEST['u']
  160. );
  161. loadJavascriptFile('register.js', array('default_theme' => true, 'defer' => false), 'smf_register');
  162. // Tokens!
  163. createToken('remind-sp');
  164. }
  165. function setPassword2()
  166. {
  167. global $context, $txt, $smcFunc, $sourcedir;
  168. checkSession();
  169. validateToken('remind-sp');
  170. if (empty($_POST['u']) || !isset($_POST['passwrd1']) || !isset($_POST['passwrd2']))
  171. fatal_lang_error('no_access', false);
  172. $_POST['u'] = (int) $_POST['u'];
  173. if ($_POST['passwrd1'] != $_POST['passwrd2'])
  174. fatal_lang_error('passwords_dont_match', false);
  175. if ($_POST['passwrd1'] == '')
  176. fatal_lang_error('no_password', false);
  177. loadLanguage('Login');
  178. // Get the code as it should be from the database.
  179. $request = $smcFunc['db_query']('', '
  180. SELECT validation_code, member_name, email_address, passwd_flood
  181. FROM {db_prefix}members
  182. WHERE id_member = {int:id_member}
  183. AND is_activated = {int:is_activated}
  184. AND validation_code != {string:blank_string}
  185. LIMIT 1',
  186. array(
  187. 'id_member' => $_POST['u'],
  188. 'is_activated' => 1,
  189. 'blank_string' => '',
  190. )
  191. );
  192. // Does this user exist at all?
  193. if ($smcFunc['db_num_rows']($request) == 0)
  194. fatal_lang_error('invalid_userid', false);
  195. list ($realCode, $username, $email, $flood_value) = $smcFunc['db_fetch_row']($request);
  196. $smcFunc['db_free_result']($request);
  197. // Is the password actually valid?
  198. require_once($sourcedir . '/Subs-Auth.php');
  199. $passwordError = validatePassword($_POST['passwrd1'], $username, array($email));
  200. // What - it's not?
  201. if ($passwordError != null)
  202. fatal_lang_error('profile_error_password_' . $passwordError, false);
  203. require_once($sourcedir . '/LogInOut.php');
  204. // Quit if this code is not right.
  205. if (empty($_POST['code']) || substr($realCode, 0, 10) !== substr(md5($_POST['code']), 0, 10))
  206. {
  207. // Stop brute force attacks like this.
  208. validatePasswordFlood($_POST['u'], $flood_value, false);
  209. fatal_error($txt['invalid_activation_code'], false);
  210. }
  211. // Just in case, flood control.
  212. validatePasswordFlood($_POST['u'], $flood_value, true);
  213. // User validated. Update the database!
  214. updateMemberData($_POST['u'], array('validation_code' => '', 'passwd' => sha1(strtolower($username) . $_POST['passwrd1'])));
  215. call_integration_hook('integrate_reset_pass', array($username, $username, $_POST['passwrd1']));
  216. loadTemplate('Login');
  217. $context += array(
  218. 'page_title' => $txt['reminder_password_set'],
  219. 'sub_template' => 'login',
  220. 'default_username' => $username,
  221. 'default_password' => $_POST['passwrd1'],
  222. 'never_expire' => false,
  223. 'description' => $txt['reminder_password_set']
  224. );
  225. loadJavascriptFile('sha1.js', array('default_theme' => true), 'smf_sha1');
  226. createToken('login');
  227. }
  228. // Get the secret answer.
  229. function SecretAnswerInput()
  230. {
  231. global $context, $smcFunc;
  232. checkSession();
  233. // Strings for the register auto javascript clever stuffy wuffy.
  234. loadLanguage('Login');
  235. // Check they entered something...
  236. if (empty($_REQUEST['uid']))
  237. fatal_lang_error('username_no_exist', false);
  238. // Get the stuff....
  239. $request = $smcFunc['db_query']('', '
  240. SELECT id_member, real_name, member_name, secret_question, openid_uri
  241. FROM {db_prefix}members
  242. WHERE id_member = {int:id_member}
  243. LIMIT 1',
  244. array(
  245. 'id_member' => (int) $_REQUEST['uid'],
  246. )
  247. );
  248. if ($smcFunc['db_num_rows']($request) == 0)
  249. fatal_lang_error('username_no_exist', false);
  250. $row = $smcFunc['db_fetch_assoc']($request);
  251. $smcFunc['db_free_result']($request);
  252. $context['account_type'] = !empty($row['openid_uri']) ? 'openid' : 'password';
  253. // If there is NO secret question - then throw an error.
  254. if (trim($row['secret_question']) == '')
  255. fatal_lang_error('registration_no_secret_question', false);
  256. // Ask for the answer...
  257. $context['remind_user'] = $row['id_member'];
  258. $context['remind_type'] = '';
  259. $context['secret_question'] = $row['secret_question'];
  260. $context['sub_template'] = 'ask';
  261. createToken('remind-sai');
  262. loadJavascriptFile('register.js', array('default_theme' => true, 'defer' => false), 'smf_register');
  263. }
  264. function SecretAnswer2()
  265. {
  266. global $txt, $context, $smcFunc, $sourcedir;
  267. checkSession();
  268. validateToken('remind-sai');
  269. // Hacker? How did you get this far without an email or username?
  270. if (empty($_REQUEST['uid']))
  271. fatal_lang_error('username_no_exist', false);
  272. loadLanguage('Login');
  273. // Get the information from the database.
  274. $request = $smcFunc['db_query']('', '
  275. SELECT id_member, real_name, member_name, secret_answer, secret_question, openid_uri, email_address
  276. FROM {db_prefix}members
  277. WHERE id_member = {int:id_member}
  278. LIMIT 1',
  279. array(
  280. 'id_member' => $_REQUEST['uid'],
  281. )
  282. );
  283. if ($smcFunc['db_num_rows']($request) == 0)
  284. fatal_lang_error('username_no_exist', false);
  285. $row = $smcFunc['db_fetch_assoc']($request);
  286. $smcFunc['db_free_result']($request);
  287. // Check if the secret answer is correct.
  288. if ($row['secret_question'] == '' || $row['secret_answer'] == '' || md5($_POST['secret_answer']) != $row['secret_answer'])
  289. {
  290. log_error(sprintf($txt['reminder_error'], $row['member_name']), 'user');
  291. fatal_lang_error('incorrect_answer', false);
  292. }
  293. // If it's OpenID this is where the music ends.
  294. if (!empty($row['openid_uri']))
  295. {
  296. $context['sub_template'] = 'sent';
  297. $context['description'] = sprintf($txt['reminder_openid_is'], $row['openid_uri']);
  298. return;
  299. }
  300. // You can't use a blank one!
  301. if (strlen(trim($_POST['passwrd1'])) === 0)
  302. fatal_lang_error('no_password', false);
  303. // They have to be the same too.
  304. if ($_POST['passwrd1'] != $_POST['passwrd2'])
  305. fatal_lang_error('passwords_dont_match', false);
  306. // Make sure they have a strong enough password.
  307. require_once($sourcedir . '/Subs-Auth.php');
  308. $passwordError = validatePassword($_POST['passwrd1'], $row['member_name'], array($row['email_address']));
  309. // Invalid?
  310. if ($passwordError != null)
  311. fatal_lang_error('profile_error_password_' . $passwordError, false);
  312. // Alright, so long as 'yer sure.
  313. updateMemberData($row['id_member'], array('passwd' => sha1(strtolower($row['member_name']) . $_POST['passwrd1'])));
  314. call_integration_hook('integrate_reset_pass', array($row['member_name'], $row['member_name'], $_POST['passwrd1']));
  315. // Tell them it went fine.
  316. loadTemplate('Login');
  317. $context += array(
  318. 'page_title' => $txt['reminder_password_set'],
  319. 'sub_template' => 'login',
  320. 'default_username' => $row['member_name'],
  321. 'default_password' => $_POST['passwrd1'],
  322. 'never_expire' => false,
  323. 'description' => $txt['reminder_password_set']
  324. );
  325. createToken('login');
  326. }
  327. ?>