File: lostpw.php

package info (click to toggle)
flyspray 0.9.8-10
  • links: PTS
  • area: main
  • in suites: etch-m68k
  • size: 2,444 kB
  • ctags: 3,031
  • sloc: php: 17,634; sh: 301; makefile: 12
file content (76 lines) | stat: -rw-r--r-- 2,936 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
<?php

   /*
   ------------------------------------------------------
   | This script allows users to request a notification |
   | that contains a link to a new password             |
   ------------------------------------------------------
*/

$lang = $flyspray_prefs['lang_code'];
$fs->get_language_pack($lang, 'admin');

  // Step One: user requests magic url
  if (!isset($_GET['magic'])
      && !isset($_COOKIE['flyspray_userid'])) {

    echo '<h3>' . $admin_text['lostpw'] . '</h3>' . "\n";
    echo $admin_text['lostpwexplain'] . "\n";

    echo '<br /><br />' . "\n";

    echo '<div class="admin">' . "\n";
    echo '<form action="' . $conf['general']['baseurl'] . 'index.php" method="post">' . "\n";
    echo '<input type="hidden" name="do" value="modify" />' . "\n";
    echo '<input type="hidden" name="action" value="sendmagic" />' . "\n";
    echo '<b>' . $admin_text['username'] . '</b>' . "\n";
    echo '<input class="admintext" type="text" name="user_name" size="20" maxlength="20" />' . "\n";
    echo '<input class="adminbutton" type="submit" value="' . $admin_text['sendlink'] . '" />' . "\n";
    echo '</form>' . "\n";
    echo '</div>' . "\n";


  // Step Two: user enters new password
} elseif (isset($_GET['magic'])
          && !isset($_COOKIE['flyspray_userid']))
{
   // Check that the magic url is valid
   $check_magic = $db->Query("SELECT * FROM {$dbprefix}users
                              WHERE magic_url = ?",
                              array($_GET['magic'])
                            );

   if (!$db->CountRows($check_magic))
   {
//       echo "<div class=\"redirectmessage\"><p><em>{$admin_text['badmagic']}</em></p></div>";
//       echo '<meta http-equiv="refresh" content="2; URL=index.php">';
      $_SESSION['ERROR'] = $admin_text['badmagic'];
      $fs->redirect("./");

   } else
   {
      echo '<h3>' . $admin_text['changepass'] . '</h3>' . "\n";

      echo '<br />' . "\n";

      echo '<form action="index.php" method="post">' . "\n";

      echo '<table class="admin">' . "\n";
      echo '<input type="hidden" name="do" value="modify" />' . "\n";
      echo '<input type="hidden" name="action" value="chpass" />' . "\n";
      echo '<input type="hidden" name="magic_url" value="' . $_GET['magic'] . '" />' . "\n";
      echo '<tr><td><b>' . $admin_text['changepass'] . '</b></td>' . "\n";
      echo '<td><input class="admintext" type="password" name="pass1" size="20" /></td></tr>' . "\n";
      echo '<tr><td><b>' . $admin_text['confirmpass'] . '</b></td>' . "\n";
      echo '<td><input class="admintext" type="password" name="pass2" size="20" /></tr>' . "\n";
      echo '<tr><td></td><td><input class="adminbutton" type="submit" value="' . $admin_text['savenewpass'] . '" /></td></tr>' . "\n";
      echo '</table>' . "\n";
      echo '</form>' . "\n";
      echo '</div>' . "\n";

   // End of checking magic url validity
   }

// End of checking for magic url
}
?>