1<?php
2# MantisBT - A PHP based bugtracking system
3
4# MantisBT is free software: you can redistribute it and/or modify
5# it under the terms of the GNU General Public License as published by
6# the Free Software Foundation, either version 2 of the License, or
7# (at your option) any later version.
8#
9# MantisBT is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12# GNU General Public License for more details.
13#
14# You should have received a copy of the GNU General Public License
15# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Verify Page
19 *
20 * @package MantisBT
21 * @copyright Copyright 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
22 * @copyright Copyright 2002  MantisBT Team - mantisbt-dev@lists.sourceforge.net
23 * @author Marcello Scata' <marcelloscata at users.sourceforge.net> ITALY
24 * @link http://www.mantisbt.org
25 *
26 * @uses core.php
27 * @uses authentication_api.php
28 * @uses config_api.php
29 * @uses constant_inc.php
30 * @uses gpc_api.php
31 * @uses print_api.php
32 * @uses user_api.php
33 */
34
35# don't auto-login when trying to verify new user
36$g_login_anonymous = false;
37
38require_once( 'core.php' );
39require_api( 'authentication_api.php' );
40require_api( 'config_api.php' );
41require_api( 'constant_inc.php' );
42require_api( 'gpc_api.php' );
43require_api( 'html_api.php' );
44require_api( 'lang_api.php' );
45require_api( 'print_api.php' );
46require_api( 'string_api.php' );
47require_api( 'user_api.php' );
48require_api( 'utility_api.php' );
49require_css( 'login.css' );
50
51
52# check if at least one way to get here is enabled
53if( !auth_signup_enabled() &&
54	OFF == config_get( 'lost_password_feature' ) &&
55	OFF == config_get( 'send_reset_password' ) ) {
56	trigger_error( ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR );
57}
58
59$f_user_id = gpc_get_string( 'id' );
60$f_confirm_hash = gpc_get_string( 'confirm_hash' );
61
62# force logout on the current user if already authenticated
63if( auth_is_user_authenticated() ) {
64	auth_logout();
65
66	# reload the page after logout
67	print_header_redirect( 'verify.php?id=' . $f_user_id . '&confirm_hash=' . $f_confirm_hash );
68}
69
70$t_token_confirm_hash = token_get_value( TOKEN_ACCOUNT_ACTIVATION, $f_user_id );
71
72if( $t_token_confirm_hash == null || $f_confirm_hash !== $t_token_confirm_hash ) {
73	trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR );
74}
75
76user_reset_failed_login_count_to_zero( $f_user_id );
77user_reset_lost_password_in_progress_count_to_zero( $f_user_id );
78
79# fake login so the user can set their password
80auth_attempt_script_login( user_get_username( $f_user_id ) );
81
82user_increment_login_count( $f_user_id );
83
84
85# extracts the user information
86# and prefixes it with u_
87$t_row = user_get_row( $f_user_id );
88
89extract( $t_row, EXTR_PREFIX_ALL, 'u' );
90
91$t_can_change_password = auth_can_set_password( $f_user_id );
92
93layout_login_page_begin();
94
95?>
96
97<div class="col-md-offset-4 col-md-4 col-sm-8 col-sm-offset-1">
98	<div class="login-container">
99		<div class="space-12 hidden-480"></div>
100		<?php layout_login_page_logo() ?>
101		<div class="space-24 hidden-480"></div>
102
103		<?php
104			if( $t_can_change_password ) {
105				echo '<div id="reset-passwd-msg" class="alert alert-sm alert-warning ">';
106				echo lang_get( 'verify_warning' ) . '<br />';
107				echo lang_get( 'verify_change_password' );
108				echo '</div>';
109			} else {
110				echo '<div id="reset-passwd-msg" class="alert alert-sm alert-warning">';
111				echo auth_password_managed_elsewhere_message();
112				echo '</div>';
113			}
114		?>
115
116
117		<?php
118		if( $t_can_change_password ) {
119		?>
120
121			<div class="position-relative">
122			<div class="signup-box visible widget-box no-border" id="login-box">
123			<div class="widget-body">
124				<div class="widget-main">
125
126					<!-- Login Form BEGIN -->
127
128		<div id="verify-div" class="form-container">
129			<form id="account-update-form" method="post" action="account_update.php">
130				<fieldset>
131					<legend><span><?php echo lang_get( 'edit_account_title' ) . ' - ' . string_display_line( $u_username ) ?></span></legend>
132					<div class="space-10"></div>
133					<input type="hidden" name="verify_user_id" value="<?php echo $u_id ?>">
134					<?php
135					echo form_security_field( 'account_update' );
136					# When verifying account, set a token and don't display current password
137					token_set( TOKEN_ACCOUNT_VERIFY, true, TOKEN_EXPIRY_AUTHENTICATED, $u_id );
138					?>
139					<div class="field-container">
140						<label class="block clearfix">
141							<span class="block input-icon input-icon-right">
142								<input id="realname" class="form-control" placeholder="<?php echo lang_get( 'realname' ) ?>" type="text" size="32" maxlength="<?php echo DB_FIELD_SIZE_REALNAME ?>" name="realname" value="<?php echo string_attribute( $u_realname ) ?>" />
143								<?php print_icon( 'fa-user', 'ace-icon' ); ?>
144							</span>
145						</label>
146						<span class="label-style"></span>
147					</div>
148
149					<div class="field-container">
150						<label class="block clearfix">
151							<span class="block input-icon input-icon-right">
152								<input id="password" class="form-control" placeholder="<?php echo lang_get( 'password' ) ?>" type="password" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" name="password"/>
153								<?php print_icon( 'fa-lock', 'ace-icon' ); ?>
154							</span>
155						</label>
156						<span class="label-style"></span>
157					</div>
158
159					<div class="field-container">
160						<label class="block clearfix">
161							<span class="block input-icon input-icon-right">
162								<input id="password-confirm" class="form-control" placeholder="<?php echo lang_get( 'confirm_password' ) ?>" type="password" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" name="password_confirm"/>
163								<?php print_icon( 'fa-lock', 'ace-icon' ); ?>
164							</span>
165						</label>
166						<span class="label-style"></span>
167					</div>
168					<div class="space-18"></div>
169					<span class="submit-button">
170						<button type="submit" class="width-100 width-40 pull-right btn btn-success btn-inverse bigger-110">
171							<span class="bigger-110"><?php echo lang_get( 'update_user_button' ) ?></span>
172						</button>
173					</span>
174
175				</fieldset>
176			</form>
177		</div>
178	</div>
179</div>
180
181			</div>
182			</div>
183			</div>
184			</div>
185
186<?php
187}
188
189layout_login_page_end();
190