Chris@76: <?php
Chris@76: 
Chris@76: /**
Chris@76:  * Simple Machines Forum (SMF)
Chris@76:  *
Chris@76:  * @package SMF
Chris@76:  * @author Simple Machines http://www.simplemachines.org
Chris@76:  * @copyright 2011 Simple Machines
Chris@76:  * @license http://www.simplemachines.org/about/smf/license.php BSD
Chris@76:  *
Chris@76:  * @version 2.0.4
Chris@76:  */
Chris@76: 
Chris@76: if (!defined('SMF'))
Chris@76: 	die('Hacking attempt...');
Chris@76: 
Chris@76: /*	This file deals with sending out reminders, and checking the secret answer
Chris@76: 	and question.  It uses just a few functions to do this, which are:
Chris@76: 
Chris@76: 	void RemindMe()
Chris@76: 		- this is just the controlling delegator.
Chris@76: 		- uses the Profile language files and Reminder template.
Chris@76: 
Chris@76: 	void RemindMail()
Chris@76: 		// !!!
Chris@76: 
Chris@76: 	void setPassword()
Chris@76: 		// !!!
Chris@76: 
Chris@76: 	void setPassword2()
Chris@76: 		// !!!
Chris@76: 
Chris@76: 	void SecretAnswerInput()
Chris@76: 		// !!!
Chris@76: 
Chris@76: 	void SecretAnswer2()
Chris@76: 		// !!!
Chris@76: */
Chris@76: 
Chris@76: // Forgot 'yer password?
Chris@76: function RemindMe()
Chris@76: {
Chris@76: 	global $txt, $context;
Chris@76: 
Chris@76: 	loadLanguage('Profile');
Chris@76: 	loadTemplate('Reminder');
Chris@76: 
Chris@76: 	$context['page_title'] = $txt['authentication_reminder'];
Chris@76: 	$context['robot_no_index'] = true;
Chris@76: 
Chris@76: 	// Delegation can be useful sometimes.
Chris@76: 	$subActions = array(
Chris@76: 		'picktype' => 'RemindPick',
Chris@76: 		'secret2' => 'SecretAnswer2',
Chris@76: 		'setpassword' =>'setPassword',
Chris@76: 		'setpassword2' =>'setPassword2'
Chris@76: 	);
Chris@76: 
Chris@76: 	// Any subaction?  If none, fall through to the main template, which will ask for one.
Chris@76: 	if (isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]))
Chris@76: 		$subActions[$_REQUEST['sa']]();
Chris@76: }
Chris@76: 
Chris@76: // Pick a reminder type.
Chris@76: function RemindPick()
Chris@76: {
Chris@76: 	global $context, $txt, $scripturl, $sourcedir, $user_info, $webmaster_email, $smcFunc, $language, $modSettings;
Chris@76: 
Chris@76: 	checkSession();
Chris@76: 
Chris@76: 	// Coming with a known ID?
Chris@76: 	if (!empty($_REQUEST['uid']))
Chris@76: 	{
Chris@76: 		$where = 'id_member = {int:id_member}';
Chris@76: 		$where_params['id_member'] = (int) $_REQUEST['uid'];
Chris@76: 	}
Chris@76: 	elseif (isset($_POST['user']) && $_POST['user'] != '')
Chris@76: 	{
Chris@76: 		$where = 'member_name = {string:member_name}';
Chris@76: 		$where_params['member_name'] = $_POST['user'];
Chris@76: 		$where_params['email_address'] = $_POST['user'];
Chris@76: 	}
Chris@76: 
Chris@76: 	// You must enter a username/email address.
Chris@76: 	if (empty($where))
Chris@76: 		fatal_lang_error('username_no_exist', false);
Chris@76: 
Chris@76: 	// Find the user!
Chris@76: 	$request = $smcFunc['db_query']('', '
Chris@76: 		SELECT id_member, real_name, member_name, email_address, is_activated, validation_code, lngfile, openid_uri, secret_question
Chris@76: 		FROM {db_prefix}members
Chris@76: 		WHERE ' . $where . '
Chris@76: 		LIMIT 1',
Chris@76: 		array_merge($where_params, array(
Chris@76: 		))
Chris@76: 	);
Chris@76: 	// Maybe email?
Chris@76: 	if ($smcFunc['db_num_rows']($request) == 0 && empty($_REQUEST['uid']))
Chris@76: 	{
Chris@76: 		$smcFunc['db_free_result']($request);
Chris@76: 
Chris@76: 		$request = $smcFunc['db_query']('', '
Chris@76: 			SELECT id_member, real_name, member_name, email_address, is_activated, validation_code, lngfile, openid_uri, secret_question
Chris@76: 			FROM {db_prefix}members
Chris@76: 			WHERE email_address = {string:email_address}
Chris@76: 			LIMIT 1',
Chris@76: 			array_merge($where_params, array(
Chris@76: 			))
Chris@76: 		);
Chris@76: 		if ($smcFunc['db_num_rows']($request) == 0)
Chris@76: 			fatal_lang_error('no_user_with_email', false);
Chris@76: 	}
Chris@76: 
Chris@76: 	$row = $smcFunc['db_fetch_assoc']($request);
Chris@76: 	$smcFunc['db_free_result']($request);
Chris@76: 
Chris@76: 	$context['account_type'] = !empty($row['openid_uri']) ? 'openid' : 'password';
Chris@76: 
Chris@76: 	// If the user isn't activated/approved, give them some feedback on what to do next.
Chris@76: 	if ($row['is_activated'] != 1)
Chris@76: 	{
Chris@76: 		// Awaiting approval...
Chris@76: 		if (trim($row['validation_code']) == '')
Chris@76: 			fatal_error($txt['registration_not_approved'] . ' <a href="' . $scripturl . '?action=activate;user=' . $_POST['user'] . '">' . $txt['here'] . '</a>.', false);
Chris@76: 		else
Chris@76: 			fatal_error($txt['registration_not_activated'] . ' <a href="' . $scripturl . '?action=activate;user=' . $_POST['user'] . '">' . $txt['here'] . '</a>.', false);
Chris@76: 	}
Chris@76: 
Chris@76: 	// You can't get emailed if you have no email address.
Chris@76: 	$row['email_address'] = trim($row['email_address']);
Chris@76: 	if ($row['email_address'] == '')
Chris@76: 		fatal_error($txt['no_reminder_email'] . '<br />' . $txt['send_email'] . ' <a href="mailto:' . $webmaster_email . '">webmaster</a> ' . $txt['to_ask_password'] . '.');
Chris@76: 
Chris@76: 	// If they have no secret question then they can only get emailed the item, or they are requesting the email, send them an email.
Chris@76: 	if (empty($row['secret_question']) || (isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'email'))
Chris@76: 	{
Chris@76: 		// Randomly generate a new password, with only alpha numeric characters that is a max length of 10 chars.
Chris@76: 		require_once($sourcedir . '/Subs-Members.php');
Chris@76: 		$password = generateValidationCode();
Chris@76: 
Chris@76: 		require_once($sourcedir . '/Subs-Post.php');
Chris@76: 		$replacements = array(
Chris@76: 			'REALNAME' => $row['real_name'],
Chris@76: 			'REMINDLINK' => $scripturl . '?action=reminder;sa=setpassword;u=' . $row['id_member'] . ';code=' . $password,
Chris@76: 			'IP' => $user_info['ip'],
Chris@76: 			'MEMBERNAME' => $row['member_name'],
Chris@76: 			'OPENID' => $row['openid_uri'],
Chris@76: 		);
Chris@76: 
Chris@76: 		$emaildata = loadEmailTemplate('forgot_' . $context['account_type'], $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
Chris@76: 		$context['description'] = $txt['reminder_' . (!empty($row['openid_uri']) ? 'openid_' : '') . 'sent'];
Chris@76: 
Chris@76: 		// If they were using OpenID simply email them their OpenID identity.
Chris@76: 		sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
Chris@76: 		if (empty($row['openid_uri']))
Chris@76: 			// Set the password in the database.
Chris@76: 			updateMemberData($row['id_member'], array('validation_code' => substr(md5($password), 0, 10)));
Chris@76: 
Chris@76: 		// Set up the template.
Chris@76: 		$context['sub_template'] = 'sent';
Chris@76: 
Chris@76: 		// Dont really.
Chris@76: 		return;
Chris@76: 	}
Chris@76: 	// Otherwise are ready to answer the question?
Chris@76: 	elseif (isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'secret')
Chris@76: 	{
Chris@76: 		return SecretAnswerInput();
Chris@76: 	}
Chris@76: 
Chris@76: 	// No we're here setup the context for template number 2!
Chris@76: 	$context['sub_template'] = 'reminder_pick';
Chris@76: 	$context['current_member'] = array(
Chris@76: 		'id' => $row['id_member'],
Chris@76: 		'name' => $row['member_name'],
Chris@76: 	);
Chris@76: }
Chris@76: 
Chris@76: // Set your new password
Chris@76: function setPassword()
Chris@76: {
Chris@76: 	global $txt, $context;
Chris@76: 
Chris@76: 	loadLanguage('Login');
Chris@76: 
Chris@76: 	// You need a code!
Chris@76: 	if (!isset($_REQUEST['code']))
Chris@76: 		fatal_lang_error('no_access', false);
Chris@76: 
Chris@76: 	// Fill the context array.
Chris@76: 	$context += array(
Chris@76: 		'page_title' => $txt['reminder_set_password'],
Chris@76: 		'sub_template' => 'set_password',
Chris@76: 		'code' => $_REQUEST['code'],
Chris@76: 		'memID' => (int) $_REQUEST['u']
Chris@76: 	);
Chris@76: }
Chris@76: 
Chris@76: function setPassword2()
Chris@76: {
Chris@76: 	global $context, $txt, $modSettings, $smcFunc, $sourcedir;
Chris@76: 
Chris@76: 	checkSession();
Chris@76: 
Chris@76: 	if (empty($_POST['u']) || !isset($_POST['passwrd1']) || !isset($_POST['passwrd2']))
Chris@76: 		fatal_lang_error('no_access', false);
Chris@76: 
Chris@76: 	$_POST['u'] = (int) $_POST['u'];
Chris@76: 
Chris@76: 	if ($_POST['passwrd1'] != $_POST['passwrd2'])
Chris@76: 		fatal_lang_error('passwords_dont_match', false);
Chris@76: 
Chris@76: 	if ($_POST['passwrd1'] == '')
Chris@76: 		fatal_lang_error('no_password', false);
Chris@76: 
Chris@76: 	loadLanguage('Login');
Chris@76: 
Chris@76: 	// Get the code as it should be from the database.
Chris@76: 	$request = $smcFunc['db_query']('', '
Chris@76: 		SELECT validation_code, member_name, email_address, passwd_flood
Chris@76: 		FROM {db_prefix}members
Chris@76: 		WHERE id_member = {int:id_member}
Chris@76: 			AND is_activated = {int:is_activated}
Chris@76: 			AND validation_code != {string:blank_string}
Chris@76: 		LIMIT 1',
Chris@76: 		array(
Chris@76: 			'id_member' => $_POST['u'],
Chris@76: 			'is_activated' => 1,
Chris@76: 			'blank_string' => '',
Chris@76: 		)
Chris@76: 	);
Chris@76: 
Chris@76: 	// Does this user exist at all?
Chris@76: 	if ($smcFunc['db_num_rows']($request) == 0)
Chris@76: 		fatal_lang_error('invalid_userid', false);
Chris@76: 
Chris@76: 	list ($realCode, $username, $email, $flood_value) = $smcFunc['db_fetch_row']($request);
Chris@76: 	$smcFunc['db_free_result']($request);
Chris@76: 
Chris@76: 	// Is the password actually valid?
Chris@76: 	require_once($sourcedir . '/Subs-Auth.php');
Chris@76: 	$passwordError = validatePassword($_POST['passwrd1'], $username, array($email));
Chris@76: 
Chris@76: 	// What - it's not?
Chris@76: 	if ($passwordError != null)
Chris@76: 		fatal_lang_error('profile_error_password_' . $passwordError, false);
Chris@76: 
Chris@76: 	require_once($sourcedir . '/LogInOut.php');
Chris@76: 
Chris@76: 	// Quit if this code is not right.
Chris@76: 	if (empty($_POST['code']) || substr($realCode, 0, 10) !== substr(md5($_POST['code']), 0, 10))
Chris@76: 	{
Chris@76: 		// Stop brute force attacks like this.
Chris@76: 		validatePasswordFlood($_POST['u'], $flood_value, false);
Chris@76: 
Chris@76: 		fatal_error($txt['invalid_activation_code'], false);
Chris@76: 	}
Chris@76: 
Chris@76: 	// Just in case, flood control.
Chris@76: 	validatePasswordFlood($_POST['u'], $flood_value, true);
Chris@76: 
Chris@76: 	// User validated.  Update the database!
Chris@76: 	updateMemberData($_POST['u'], array('validation_code' => '', 'passwd' => sha1(strtolower($username) . $_POST['passwrd1'])));
Chris@76: 
Chris@76: 	call_integration_hook('integrate_reset_pass', array($username, $username, $_POST['passwrd1']));
Chris@76: 
Chris@76: 	loadTemplate('Login');
Chris@76: 	$context += array(
Chris@76: 		'page_title' => $txt['reminder_password_set'],
Chris@76: 		'sub_template' => 'login',
Chris@76: 		'default_username' => $username,
Chris@76: 		'default_password' => $_POST['passwrd1'],
Chris@76: 		'never_expire' => false,
Chris@76: 		'description' => $txt['reminder_password_set']
Chris@76: 	);
Chris@76: }
Chris@76: 
Chris@76: // Get the secret answer.
Chris@76: function SecretAnswerInput()
Chris@76: {
Chris@76: 	global $txt, $context, $smcFunc;
Chris@76: 
Chris@76: 	checkSession();
Chris@76: 
Chris@76: 	// Strings for the register auto javascript clever stuffy wuffy.
Chris@76: 	loadLanguage('Login');
Chris@76: 
Chris@76: 	// Check they entered something...
Chris@76: 	if (empty($_REQUEST['uid']))
Chris@76: 		fatal_lang_error('username_no_exist', false);
Chris@76: 
Chris@76: 	// Get the stuff....
Chris@76: 	$request = $smcFunc['db_query']('', '
Chris@76: 		SELECT id_member, real_name, member_name, secret_question, openid_uri
Chris@76: 		FROM {db_prefix}members
Chris@76: 		WHERE id_member = {int:id_member}
Chris@76: 		LIMIT 1',
Chris@76: 		array(
Chris@76: 			'id_member' => (int) $_REQUEST['uid'],
Chris@76: 		)
Chris@76: 	);
Chris@76: 	if ($smcFunc['db_num_rows']($request) == 0)
Chris@76: 		fatal_lang_error('username_no_exist', false);
Chris@76: 
Chris@76: 	$row = $smcFunc['db_fetch_assoc']($request);
Chris@76: 	$smcFunc['db_free_result']($request);
Chris@76: 
Chris@76: 	$context['account_type'] = !empty($row['openid_uri']) ? 'openid' : 'password';
Chris@76: 
Chris@76: 	// If there is NO secret question - then throw an error.
Chris@76: 	if (trim($row['secret_question']) == '')
Chris@76: 		fatal_lang_error('registration_no_secret_question', false);
Chris@76: 
Chris@76: 	// Ask for the answer...
Chris@76: 	$context['remind_user'] = $row['id_member'];
Chris@76: 	$context['remind_type'] = '';
Chris@76: 	$context['secret_question'] = $row['secret_question'];
Chris@76: 
Chris@76: 	$context['sub_template'] = 'ask';
Chris@76: }
Chris@76: 
Chris@76: function SecretAnswer2()
Chris@76: {
Chris@76: 	global $txt, $context, $modSettings, $smcFunc, $sourcedir;
Chris@76: 
Chris@76: 	checkSession();
Chris@76: 
Chris@76: 	// Hacker?  How did you get this far without an email or username?
Chris@76: 	if (empty($_REQUEST['uid']))
Chris@76: 		fatal_lang_error('username_no_exist', false);
Chris@76: 
Chris@76: 	loadLanguage('Login');
Chris@76: 
Chris@76: 	// Get the information from the database.
Chris@76: 	$request = $smcFunc['db_query']('', '
Chris@76: 		SELECT id_member, real_name, member_name, secret_answer, secret_question, openid_uri, email_address
Chris@76: 		FROM {db_prefix}members
Chris@76: 		WHERE id_member = {int:id_member}
Chris@76: 		LIMIT 1',
Chris@76: 		array(
Chris@76: 			'id_member' => $_REQUEST['uid'],
Chris@76: 		)
Chris@76: 	);
Chris@76: 	if ($smcFunc['db_num_rows']($request) == 0)
Chris@76: 		fatal_lang_error('username_no_exist', false);
Chris@76: 
Chris@76: 	$row = $smcFunc['db_fetch_assoc']($request);
Chris@76: 	$smcFunc['db_free_result']($request);
Chris@76: 
Chris@76: 	// Check if the secret answer is correct.
Chris@76: 	if ($row['secret_question'] == '' || $row['secret_answer'] == '' || md5($_POST['secret_answer']) != $row['secret_answer'])
Chris@76: 	{
Chris@76: 		log_error(sprintf($txt['reminder_error'], $row['member_name']), 'user');
Chris@76: 		fatal_lang_error('incorrect_answer', false);
Chris@76: 	}
Chris@76: 
Chris@76: 	// If it's OpenID this is where the music ends.
Chris@76: 	if (!empty($row['openid_uri']))
Chris@76: 	{
Chris@76: 		$context['sub_template'] = 'sent';
Chris@76: 		$context['description'] = sprintf($txt['reminder_openid_is'], $row['openid_uri']);
Chris@76: 		return;
Chris@76: 	}
Chris@76: 
Chris@76: 	// You can't use a blank one!
Chris@76: 	if (strlen(trim($_POST['passwrd1'])) === 0)
Chris@76: 		fatal_lang_error('no_password', false);
Chris@76: 
Chris@76: 	// They have to be the same too.
Chris@76: 	if ($_POST['passwrd1'] != $_POST['passwrd2'])
Chris@76: 		fatal_lang_error('passwords_dont_match', false);
Chris@76: 
Chris@76: 	// Make sure they have a strong enough password.
Chris@76: 	require_once($sourcedir . '/Subs-Auth.php');
Chris@76: 	$passwordError = validatePassword($_POST['passwrd1'], $row['member_name'], array($row['email_address']));
Chris@76: 
Chris@76: 	// Invalid?
Chris@76: 	if ($passwordError != null)
Chris@76: 		fatal_lang_error('profile_error_password_' . $passwordError, false);
Chris@76: 
Chris@76: 	// Alright, so long as 'yer sure.
Chris@76: 	updateMemberData($row['id_member'], array('passwd' => sha1(strtolower($row['member_name']) . $_POST['passwrd1'])));
Chris@76: 
Chris@76: 	call_integration_hook('integrate_reset_pass', array($row['member_name'], $row['member_name'], $_POST['passwrd1']));
Chris@76: 
Chris@76: 	// Tell them it went fine.
Chris@76: 	loadTemplate('Login');
Chris@76: 	$context += array(
Chris@76: 		'page_title' => $txt['reminder_password_set'],
Chris@76: 		'sub_template' => 'login',
Chris@76: 		'default_username' => $row['member_name'],
Chris@76: 		'default_password' => $_POST['passwrd1'],
Chris@76: 		'never_expire' => false,
Chris@76: 		'description' => $txt['reminder_password_set']
Chris@76: 	);
Chris@76: }
Chris@76: 
Chris@76: ?>