[Summary view] [Print] [Text view]

   1  <?php
   2  # MantisBT - A PHP based bugtracking system
   3  
   4  # MantisBT is free software: you can redistribute it and/or modify
   5  # it under the terms of the GNU General Public License as published by
   6  # the Free Software Foundation, either version 2 of the License, or
   7  # (at your option) any later version.
   8  #
   9  # MantisBT is distributed in the hope that it will be useful,
  10  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  # GNU General Public License for more details.
  13  #
  14  # You should have received a copy of the GNU General Public License
  15  # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * @package MantisBT
  19   * @author Marcello Scata' <marcelloscata at users.sourceforge.net> ITALY
  20   * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
  21   * @copyright Copyright (C) 2002 - 2011  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  22   * @link http://www.mantisbt.org
  23   *
  24   * @uses core.php
  25   * @uses authentication_api.php
  26   * @uses config_api.php
  27   * @uses constant_inc.php
  28   * @uses database_api.php
  29   * @uses email_api.php
  30   * @uses form_api.php
  31   * @uses gpc_api.php
  32   * @uses html_api.php
  33   * @uses lang_api.php
  34   * @uses print_api.php
  35   * @uses user_api.php
  36   * @uses utility_api.php
  37   */
  38  
  39  /**
  40   * MantisBT Core API's
  41   */
  42  require_once ( 'core.php' );
  43  require_api( 'authentication_api.php' );
  44  require_api( 'config_api.php' );
  45  require_api( 'constant_inc.php' );
  46  require_api( 'database_api.php' );
  47  require_api( 'email_api.php' );
  48  require_api( 'form_api.php' );
  49  require_api( 'gpc_api.php' );
  50  require_api( 'html_api.php' );
  51  require_api( 'lang_api.php' );
  52  require_api( 'print_api.php' );
  53  require_api( 'user_api.php' );
  54  require_api( 'utility_api.php' );
  55  
  56  form_security_validate( 'lost_pwd' );
  57  
  58  # lost password feature disabled or reset password via email disabled -> stop here!
  59  if( OFF == config_get( 'lost_password_feature' ) ||
  60      OFF == config_get( 'send_reset_password' ) ||
  61      OFF == config_get( 'enable_email_notification' ) ) {
  62      trigger_error( ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR );
  63  }
  64  
  65  # force logout on the current user if already authenticated
  66  if( auth_is_user_authenticated() ) {
  67      auth_logout();
  68  }
  69  
  70  $f_username = gpc_get_string('username');
  71  $f_email = gpc_get_string('email');
  72  
  73  $f_email = email_append_domain( $f_email );
  74  email_ensure_valid( $f_email );
  75  
  76  $t_user_table = db_get_table( 'user' );
  77  
  78  /** @todo Consider moving this query to user_api.php */
  79  $query = 'SELECT id FROM ' . $t_user_table . ' WHERE username = ' . db_param() . ' AND email = ' . db_param() . ' AND enabled=' . db_param();
  80  $result = db_query_bound( $query, Array( $f_username, $f_email, true ) );
  81  
  82  if ( 0 == db_num_rows( $result ) ) {
  83      trigger_error( ERROR_LOST_PASSWORD_NOT_MATCHING_DATA, ERROR );
  84  }
  85  
  86  if( is_blank( $f_email ) ) {
  87      trigger_error( ERROR_LOST_PASSWORD_NO_EMAIL_SPECIFIED, ERROR );
  88  }
  89  
  90  $row = db_fetch_array( $result );
  91  $t_user_id = $row['id'];
  92  
  93  if( user_is_protected( $t_user_id ) ) {
  94      trigger_error( ERROR_PROTECTED_ACCOUNT, ERROR );
  95  }
  96  
  97  if( !user_is_lost_password_request_allowed( $t_user_id ) ) {
  98      trigger_error( ERROR_LOST_PASSWORD_MAX_IN_PROGRESS_ATTEMPTS_REACHED, ERROR );
  99  }
 100  
 101  $t_confirm_hash = auth_generate_confirm_hash( $t_user_id );
 102  email_send_confirm_hash_url( $t_user_id, $t_confirm_hash );
 103  
 104  user_increment_lost_password_in_progress_count( $t_user_id );
 105  
 106  form_security_purge( 'lost_pwd' );
 107  
 108  $t_redirect_url = 'login_page.php';
 109  
 110  html_page_top();
 111  ?>
 112  
 113  <br />
 114  <div>
 115  <table class="width50" cellspacing="1">
 116  <tr>
 117      <td class="center">
 118          <strong><?php echo lang_get( 'lost_password_done_title' ) ?></strong>
 119      </td>
 120  </tr>
 121  <tr>
 122      <td>
 123          <br/>
 124          <?php echo lang_get( 'reset_request_in_progress_msg' ) ?>
 125          <br/><br/>
 126      </td>
 127  </tr>
 128  </table>
 129  <br />
 130  <?php print_bracket_link( 'login_page.php', lang_get( 'proceed' ) ); ?>
 131  </div>
 132  
 133  <?php
 134  html_page_bottom1a( __FILE__ );