\*=====================================================================*/
$fetchtemplates = array(
- 'login'
+ 'login',
+ 'lostpassword',
+ 'passwordreset'
);
define('SVN', '$Id$');
$focus['user'] = 'focus';
require_once('./global.php');
+require_once('./includes/api_user.php');
+require_once('./includes/class_api_error.php');
+
+APIError(array(new API_Error_Handler($message), 'user_cumulative'));
// ###################################################################
// ###################################################################
+if ($_POST['do'] == 'sendpw')
+{
+ $user = new UserAPI($bugsys);
+ $user->set('email', $bugsys->in['email'], true, false); // don't verify so we don't get errors about existing emails
+ $user->set_condition(array('email'));
+ $user->fetch();
+
+ if ($message->items)
+ {
+ $show['lostpwerror'] = true;
+ $_REQUEST['do'] = 'lostpw';
+ }
+ else
+ {
+ $activator = $funct->rand(25);
+ $db->query("INSERT INTO " . TABLE_PREFIX . "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW . ", " . $user->objdata['userid'] . ")");
+
+ $mail->setSubject(sprintf(_('%1$s Password Reset'), $bugsys->options['trackertitle']));
+ $mail->setBodyText(sprintf(_('Hi %1$s,
+
+You requested this lost password email at the %2$s bug tracker. To reset your password, simply click the link below (or paste it into your browser window exactly) and enter a new password.
+
+%3$s/login.php?do=recoverpw&activator=%4$s
+
+If you did not request this, do not worry as this notice will expire in 24 hours.'),
+
+ $user->objdata['displayname'],
+ $bugsys->options['trackertitle'],
+ $bugsys->options['trackerurl'],
+ $activator
+ ));
+
+ $mail->send($user->objdata['email'], $user->objdata['displayname']);
+
+ $message->message(sprintf(_('An email has been dispatched to %1$s that contains instructions on how to reset your password.'), $user->objdata['email']));
+ }
+}
+
+// ###################################################################
+
+if ($_REQUEST['do'] == 'lostpw')
+{
+ eval('$template->flush("' . $template->fetch('lostpassword') . '");');
+}
+
+// ###################################################################
+
+if ($_POST['do'] == 'resetpw')
+{
+ // remove old activators
+ $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
+
+ // now look for ours
+ $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
+ if (!$activation)
+ {
+ $message->error(L_INVALID_ID);
+ }
+
+ $user = new UserAPI($bugsys);
+ $user->set('userid', $activation['userid']);
+ $user->set_condition();
+
+ if ($bugsys->in['fix_password'] != $bugsys->in['confirm_password'])
+ {
+ $message->add_error(_('The passwords you entered do not patch.'));
+ }
+ if (empty($bugsys->in['fix_password']))
+ {
+ $message->add_error(_('Your new password cannot be empty.'));
+ }
+
+ $user->set('password', $bugsys->in['fix_password']);
+
+ if (!$message->items)
+ {
+ // remove old other activators for this user
+ $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE userid = " . $activation['userid']);
+
+ $user->update();
+ $message->redirect(_('Your password has been changed successfully. You will now be redirected to the login page.'), 'login.php');
+ }
+ else
+ {
+ $show['errors'] = true;
+ $_REQUEST['do'] = 'recoverpw';
+ $message->error_list_process();
+ }
+}
+
+// ###################################################################
+
+if ($_REQUEST['do'] == 'recoverpw')
+{
+ // remove old activators
+ $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
+
+ // now look for ours
+ $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
+ if (!$activation)
+ {
+ $message->error(_('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.'));
+ }
+
+ eval('$template->flush("' . $template->fetch('passwordreset') . '");');
+}
+
+// ###################################################################
+
if ($_REQUEST['do'] == 'cplogout')
{
if ($_COOKIE[COOKIE_PREFIX . 'adminsession'])
--- /dev/null
+$doctype
+<html lang="$stylevar[lang]" xml:lang="$stylevar[lang]" dir="$stylevar[lang_dir]">
+<head>
+$headinclude
+ <link rel="stylesheet" href="templates/box.css" media="screen" />
+ <title>{$bugsys->options['trackertitle']} - {@"Lost Password"}</title>
+</head>
+
+<body>
+
+$header
+
+<form action="login.php" name="lostpw" method="post">
+<input type="hidden" name="do" value="sendpw" />
+
+<div align="center" style="margin-top: 10px">
+ <div class="box" style="width: $stylevar[alternate_width]">
+ <div class="box-head">{@"Lost Password Recovery"}</div>
+
+ <div class="box-mid">
+ <if condition="$show['lostpwerror']"><div class="error">{@"The specified email could not be found or it is invalid."}</div></if>
+ <div>{@"Enter your email in the box below and you will receive a message with instructions on how to set a new password."}</div>
+ <div><strong>{@"Email"}:</strong> <input type="text" name="email" size="30" value="{$bugsys->in['email']}" /></div>
+ </div>
+
+ <div class="box-foot box-center">
+ <input type="submit" name="submit" value=" {@"Submit"} " accesskey="s" />
+ <input type="reset" name="reset" value=" {@"Reset"} " accesskey="r" />
+ </div>
+ </div>
+</div>
+
+</form>
+
+$footer
\ No newline at end of file
--- /dev/null
+$doctype
+<html lang="$stylevar[lang]" xml:lang="$stylevar[lang]" dir="$stylevar[lang_dir]">
+<head>
+$headinclude
+ <link rel="stylesheet" href="templates/box.css" media="screen" />
+ <title>{$bugsys->options['trackertitle']} - {@"Reset Password"}</title>
+</head>
+
+<body>
+
+$header
+
+<form action="login.php" name="resetpw" method="post">
+<input type="hidden" name="do" value="resetpw" />
+<input type="hidden" name="activator" value="$activation[activatorid]" />
+
+<if condition="$show['errors']">
+<div class="error" style="text-align: $stylevar[left]">
+ {@"The following errors occurred"}:
+ {$message->process}
+</div>
+</if>
+
+<div align="center" style="margin-top: 10px">
+ <div class="box" style="width: $stylevar[alternate_width]">
+ <div class="box-head">{@"Lost Password Recovery: Password Reset"}</div>
+
+ <div class="box-mid">
+ <div>{@"Enter a new password below and then confirm it."}</div>
+ <div><strong>{@"New Password"}:</strong> <input type="password" name="fix_password" size="30" /></div>
+ <div><strong>{@"Confirm Password"}:</strong> <input type="password" name="confirm_password" size="30" /></div>
+ </div>
+
+ <div class="box-foot box-center">
+ <input type="submit" name="submit" value=" {@"Submit"} " accesskey="s" />
+ <input type="reset" name="reset" value=" {@"Reset"} " accesskey="r" />
+ </div>
+ </div>
+</div>
+
+</form>
+
+$footer
\ No newline at end of file