[Summary view] [Print] [Text view]

   1  <?php
   2  # MantisBT - A PHP based bugtracking system
   3  
   4  # MantisBT is free software: you can redistribute it and/or modify
   5  # it under the terms of the GNU General Public License as published by
   6  # the Free Software Foundation, either version 2 of the License, or
   7  # (at your option) any later version.
   8  #
   9  # MantisBT is distributed in the hope that it will be useful,
  10  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  # GNU General Public License for more details.
  13  #
  14  # You should have received a copy of the GNU General Public License
  15  # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * @package MantisBT
  19   * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
  20   * @copyright Copyright (C) 2002 - 2011  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  21   * @author Marcello Scata' <marcelloscata at users.sourceforge.net> ITALY
  22   * @link http://www.mantisbt.org
  23   *
  24   * @uses core.php
  25   * @uses authentication_api.php
  26   * @uses config_api.php
  27   * @uses constant_inc.php
  28   * @uses gpc_api.php
  29   * @uses print_api.php
  30   * @uses user_api.php
  31   */
  32  
  33  # don't auto-login when trying to verify new user
  34  $g_login_anonymous = false;
  35  
  36  /**
  37   * MantisBT Core API's
  38   */
  39  require_once ( 'core.php' );
  40  require_api( 'authentication_api.php' );
  41  require_api( 'config_api.php' );
  42  require_api( 'constant_inc.php' );
  43  require_api( 'gpc_api.php' );
  44  require_api( 'print_api.php' );
  45  require_api( 'user_api.php' );
  46  
  47  # check if at least one way to get here is enabled
  48  if ( OFF == config_get( 'allow_signup' ) &&
  49      OFF == config_get( 'lost_password_feature' ) &&
  50      OFF == config_get( 'send_reset_password' ) ) {
  51      trigger_error( ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR );
  52  }
  53  
  54  $f_user_id = gpc_get_string('id');
  55  $f_confirm_hash = gpc_get_string('confirm_hash');
  56  
  57  # force logout on the current user if already authenticated
  58  if( auth_is_user_authenticated() ) {
  59      auth_logout();
  60  
  61      # reload the page after logout
  62      print_header_redirect( "verify.php?id=$f_user_id&confirm_hash=$f_confirm_hash" );
  63  }
  64  
  65  $t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id );
  66  
  67  if ( $f_confirm_hash != $t_calculated_confirm_hash ) {
  68      trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR );
  69  }
  70  
  71  # set a temporary cookie so the login information is passed between pages.
  72  auth_set_cookies( $f_user_id, false );
  73  
  74  user_reset_failed_login_count_to_zero( $f_user_id );
  75  user_reset_lost_password_in_progress_count_to_zero( $f_user_id );
  76  
  77  # fake login so the user can set their password
  78  auth_attempt_script_login( user_get_field( $f_user_id, 'username' ) );
  79  
  80  user_increment_failed_login_count( $f_user_id );
  81  
  82  include ( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'account_page.php' );
  83