1<?php
2/***************************************************************************
3 *                           usercp_sendpasswd.php
4 *                            -------------------
5 *   begin                : Saturday, Feb 13, 2001
6 *   copyright            : (C) 2001 The phpBB Group
7 *   email                : support@phpbb.com
8 *
9 *   $Id: usercp_sendpasswd.php 5204 2005-09-14 18:14:30Z acydburn $
10 *
11 *
12 ***************************************************************************/
13
14/***************************************************************************
15 *
16 *   This program is free software; you can redistribute it and/or modify
17 *   it under the terms of the GNU General Public License as published by
18 *   the Free Software Foundation; either version 2 of the License, or
19 *   (at your option) any later version.
20 *
21 *
22 ***************************************************************************/
23
24if ( !defined('IN_PHPBB') )
25{
26	die('Hacking attempt');
27	exit;
28}
29
30if ( isset($HTTP_POST_VARS['submit']) )
31{
32	$username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
33	$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : '';
34
35	$sql = "SELECT user_id, username, user_email, user_active, user_lang
36		FROM " . USERS_TABLE . "
37		WHERE user_email = '" . str_replace("\'", "''", $email) . "'
38			AND username = '" . str_replace("\'", "''", $username) . "'";
39	if ( $result = $db->sql_query($sql) )
40	{
41		if ( $row = $db->sql_fetchrow($result) )
42		{
43			if ( !$row['user_active'] )
44			{
45				message_die(GENERAL_MESSAGE, $lang['No_send_account_inactive']);
46			}
47
48			$username = $row['username'];
49			$user_id = $row['user_id'];
50
51			$user_actkey = gen_rand_string(true);
52			$key_len = 54 - strlen($server_url);
53			$key_len = ($key_len > 6) ? $key_len : 6;
54			$user_actkey = substr($user_actkey, 0, $key_len);
55			$user_password = gen_rand_string(false);
56
57			$sql = "UPDATE " . USERS_TABLE . "
58				SET user_newpasswd = '" . md5($user_password) . "', user_actkey = '$user_actkey'
59				WHERE user_id = " . $row['user_id'];
60			if ( !$db->sql_query($sql) )
61			{
62				message_die(GENERAL_ERROR, 'Could not update new password information', '', __LINE__, __FILE__, $sql);
63			}
64
65			include($phpbb_root_path . 'includes/emailer.'.$phpEx);
66			$emailer = new emailer($board_config['smtp_delivery']);
67
68			$emailer->from($board_config['board_email']);
69			$emailer->replyto($board_config['board_email']);
70
71			$emailer->use_template('user_activate_passwd', $row['user_lang']);
72			$emailer->email_address($row['user_email']);
73			$emailer->set_subject($lang['New_password_activation']);
74
75			$emailer->assign_vars(array(
76				'SITENAME' => $board_config['sitename'],
77				'USERNAME' => $username,
78				'PASSWORD' => $user_password,
79				'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
80
81				'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
82			);
83			$emailer->send();
84			$emailer->reset();
85
86			$template->assign_vars(array(
87				'META' => '<meta http-equiv="refresh" content="15;url=' . append_sid("index.$phpEx") . '">')
88			);
89
90			$message = $lang['Password_updated'] . '<br /><br />' . sprintf($lang['Click_return_index'],  '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
91
92			message_die(GENERAL_MESSAGE, $message);
93		}
94		else
95		{
96			message_die(GENERAL_MESSAGE, $lang['No_email_match']);
97		}
98	}
99	else
100	{
101		message_die(GENERAL_ERROR, 'Could not obtain user information for sendpassword', '', __LINE__, __FILE__, $sql);
102	}
103}
104else
105{
106	$username = '';
107	$email = '';
108}
109
110//
111// Output basic page
112//
113include($phpbb_root_path . 'includes/page_header.'.$phpEx);
114
115$template->set_filenames(array(
116	'body' => 'profile_send_pass.tpl')
117);
118make_jumpbox('viewforum.'.$phpEx);
119
120$template->assign_vars(array(
121	'USERNAME' => $username,
122	'EMAIL' => $email,
123
124	'L_SEND_PASSWORD' => $lang['Send_password'],
125	'L_ITEMS_REQUIRED' => $lang['Items_required'],
126	'L_EMAIL_ADDRESS' => $lang['Email_address'],
127	'L_SUBMIT' => $lang['Submit'],
128	'L_RESET' => $lang['Reset'],
129
130	'S_HIDDEN_FIELDS' => '',
131	'S_PROFILE_ACTION' => append_sid("profile.$phpEx?mode=sendpassword"))
132);
133
134$template->pparse('body');
135
136include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
137
138?>