<?php
/**
* PHP versions 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package QuickTicket
* @author Philippe Vandenberghe <hide@address.com>
* @copyright 2008-2012 The PHP Group
* @version 2.5 build:20101222
*/
session_start();
require_once('bin/qti_init.php');
if ( !$oVIP->CanView('V0') ) die('Access denied');
// INITIALISE
$a=''; // mandatory action
$p=''; // people's username
$s=''; // secret answer
$ok='';
QThttpvar('a p s ok','str str str str');
if ( empty($a) ) die('Missing argument');
include(Translate('qti_reg.php'));
$oVIP->selfurl = 'qti_reset_pwd.php';
$oVIP->selfname = $L['Forgotten_pwd'];
// 2 PROCESSES: 'id' username, then 'sec' secret question
switch($a)
{
// --------
case 'id': // request username
// --------
// Submitted
if ( !empty($ok) )
{
if ( !empty($p) ) { if (!QTislogin($p)) $error=$L['Username'].S.$L['E_invalid']; }
if ( empty($error) && empty($p) ) $error=$L['E_invalid'];
if ( empty($error) && !empty($p) )
{
$oDB->Query('SELECT count(id) as countid FROM '.TABUSER.' WHERE name="'.$p.'"');
$row = $oDB->Getrow();
if ( intval($row['countid'])!=1 ) $error=$L['Username'].S.$L['E_invalid'];
}
if ( empty($error) ) $oHtml->Redirect(Href().'?a=sec&p='.urlencode($p));
}
// Form
include('qti_p_header.php');
$oHtml->Msgbox($oVIP->selfname,array(),array('id'=>'login_header'));
echo '
<form method="post" action="',Href(),'" onsubmit="return ValidateForm(this);">
<input type="hidden" name="a" value="'.$a.'" />
<p>',$L['Reg_pass'],'</p>
<p style="text-align:right">',$L['Username'],' <input type="text" id="p" name="p" size="24" maxlength="24" value="',$p,'" /></p>
<p style="text-align:right">',(!empty($error) ? '<span class="error">'.$error.'</span> ' : ''),'
<input type="submit" id="ok" name="ok" value="',$L['Next'],'" /></p>
</form>
<script type="text/javascript">
<!--
function ValidateForm(theForm)
{
if (theForm.p.value.length==0) { alert(qtHtmldecode("',$L['E_mandatory'],'")); return false; }
return true;
}
-->
</script>
';
$oHtml->Msgbox();
include('qti_p_footer.php');
break;
// --------
case 'sec': // request secret question
// --------
$oDB->Query('SELECT id,parentmail,children,mail,secret_q,secret_a FROM '.TABUSER.' WHERE name="'.$p.'"');
$row = $oDB->Getrow();
$strMail = $row['mail'];
$strChildren = $row['children'];
$strParentmail = $row['parentmail'];
if ( intval($row['id'])<=1 ) die('Admin and Visitor password can not be reset');
// Submitted
if ( !empty($ok) && !empty($p) && !empty($s) )
{
if ( !isset($_SESSION['try']) ) $_SESSION['try']=0;
$_SESSION['try']++;
if ( strtolower($row['secret_a'])==strtolower($s) )
{
include('bin/qt_lib_smtp.php');
// send new password
$newpwd = 'T'.rand(0,9).rand(0,9).'Q'.rand(0,9).rand(0,9);
$issuedate = date('Y-m-d H:i:s');
$oDB->Query('UPDATE '.TABUSER.' SET pwd="'.sha1($newpwd).'" WHERE name="'.$p.'"');
// send email
$strSubject='New password';
$strMessage="Please find here after a new password to access the board {$_SESSION[QT]['site_name']}.\nLogin: %s\nPassword: %s";
$strFile = GetLang().'mail_pwd.php';
if ( file_exists($strFile) ) include($strFile);
$strMessage = sprintf($strMessage,$p,$newpwd);
QTmail($strMail,$strSubject,$strMessage,QTI_HTML_CHAR);
// send parent email (if coppa)
if ( $strChildren!='0' )
{
if ( $_SESSION[QT]['register_coppa']=='1')
{
$strSubject='New password';
$strMessage="Here is then new password of your children.\nLogin: %s\nPassword: %s";
$strFile = GetLang().'mail_pwd_coppa.php';
if ( file_exists($strFile) ) { include($strFile); }
$strMessage = sprintf($strMessage, $p,$newpwd);
QTmail($_POST['parentmail'],$strSubject,$strMessage,QTI_HTML_CHAR);
}
}
// exit
$oVIP->EndMessage(NULL,$L['Password_updated'].'<br /><br />',$_SESSION[QT]['skin_dir'],0);
}
$error = Error(2);
if ( $_SESSION['try']>4 ) $oVIP->EndMessage(NULL,'Impossible to reset your password. Contact the administrator.',$_SESSION[QT]['skin_dir'],0);
}
// Form
if ( empty($row['secret_q']) || empty($row['secret_a']) )
{
$oVIP->EndMessage(NULL,'Secret question not defined.<br />Please contact the webmaster ('.$_SESSION[QT]['admin_email'].') to reset your password.',$_SESSION[QT]['skin_dir'],0);
}
include('qti_p_header.php');
$oHtml->Msgbox($oVIP->selfname,array(),array('id'=>'login_header'));
echo '
<form method="post" action="',Href(),'" onsubmit="return ValidateForm(this);">
<input type="hidden" name="a" value="',$a,'" />
<input type="hidden" name="p" value="',$p,'" />
<p>'.$L['Reg_pass_reset'].'</p>
<br />
<p style="text-align:right">'.$row['secret_q'].'</p>
<p style="text-align:right"><input type="text" id="s" name="s" size="24" maxlength="255" value="" /></p>
<p style="text-align:right">',(!empty($error) ? '<span class="error">'.$error.'</span> ' : ''),'
<input type="submit" id="ok" name="ok" value="',$L['Ok'],'" /></p>
</form>
';
$oHtml->Msgbox();
// HTML END
$strFooterAddScript = '
<script type="text/javascript">
<!--
document.getElementById("secret_a").focus();
function ValidateForm(theForm)
{
if (theForm.s.value.length==0) { alert(qtHtmldecode("'.$L['Missing'].'")); return false; }
return null;
}
-->
</script>
';
include('qti_p_footer.php');
break;
// --------
default: die('Invalid command');
// --------
}
?>