1<?php 2# MantisBT - A PHP based bugtracking system 3 4# MantisBT is free software: you can redistribute it and/or modify 5# it under the terms of the GNU General Public License as published by 6# the Free Software Foundation, either version 2 of the License, or 7# (at your option) any later version. 8# 9# MantisBT is distributed in the hope that it will be useful, 10# but WITHOUT ANY WARRANTY; without even the implied warranty of 11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12# GNU General Public License for more details. 13# 14# You should have received a copy of the GNU General Public License 15# along with MantisBT. If not, see <http://www.gnu.org/licenses/>. 16 17/** 18 * Verify Page 19 * 20 * @package MantisBT 21 * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org 22 * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net 23 * @author Marcello Scata' <marcelloscata at users.sourceforge.net> ITALY 24 * @link http://www.mantisbt.org 25 * 26 * @uses core.php 27 * @uses authentication_api.php 28 * @uses config_api.php 29 * @uses constant_inc.php 30 * @uses gpc_api.php 31 * @uses print_api.php 32 * @uses user_api.php 33 */ 34 35# don't auto-login when trying to verify new user 36$g_login_anonymous = false; 37 38require_once( 'core.php' ); 39require_api( 'authentication_api.php' ); 40require_api( 'config_api.php' ); 41require_api( 'constant_inc.php' ); 42require_api( 'gpc_api.php' ); 43require_api( 'html_api.php' ); 44require_api( 'lang_api.php' ); 45require_api( 'print_api.php' ); 46require_api( 'string_api.php' ); 47require_api( 'user_api.php' ); 48require_api( 'utility_api.php' ); 49require_css( 'login.css' ); 50 51 52# check if at least one way to get here is enabled 53if( !auth_signup_enabled() && 54 OFF == config_get( 'lost_password_feature' ) && 55 OFF == config_get( 'send_reset_password' ) ) { 56 trigger_error( ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR ); 57} 58 59$f_user_id = gpc_get_string( 'id' ); 60$f_confirm_hash = gpc_get_string( 'confirm_hash' ); 61 62# force logout on the current user if already authenticated 63if( auth_is_user_authenticated() ) { 64 auth_logout(); 65 66 # reload the page after logout 67 print_header_redirect( 'verify.php?id=' . $f_user_id . '&confirm_hash=' . $f_confirm_hash ); 68} 69 70$t_token_confirm_hash = token_get_value( TOKEN_ACCOUNT_ACTIVATION, $f_user_id ); 71 72if( $t_token_confirm_hash == null || $f_confirm_hash !== $t_token_confirm_hash ) { 73 trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR ); 74} 75 76user_reset_failed_login_count_to_zero( $f_user_id ); 77user_reset_lost_password_in_progress_count_to_zero( $f_user_id ); 78 79# fake login so the user can set their password 80auth_attempt_script_login( user_get_username( $f_user_id ) ); 81 82user_increment_login_count( $f_user_id ); 83 84 85# extracts the user information 86# and prefixes it with u_ 87$t_row = user_get_row( $f_user_id ); 88 89extract( $t_row, EXTR_PREFIX_ALL, 'u' ); 90 91$t_can_change_password = auth_can_set_password( $f_user_id ); 92 93layout_login_page_begin(); 94 95?> 96 97<div class="col-md-offset-4 col-md-4 col-sm-8 col-sm-offset-1"> 98 <div class="login-container"> 99 <div class="space-12 hidden-480"></div> 100 <?php layout_login_page_logo() ?> 101 <div class="space-24 hidden-480"></div> 102 103 <?php 104 if( $t_can_change_password ) { 105 echo '<div id="reset-passwd-msg" class="alert alert-sm alert-warning ">'; 106 echo lang_get( 'verify_warning' ) . '<br />'; 107 echo lang_get( 'verify_change_password' ); 108 echo '</div>'; 109 } else { 110 echo '<div id="reset-passwd-msg" class="alert alert-sm alert-warning">'; 111 echo auth_password_managed_elsewhere_message(); 112 echo '</div>'; 113 } 114 ?> 115 116 117 <?php 118 if( $t_can_change_password ) { 119 ?> 120 121 <div class="position-relative"> 122 <div class="signup-box visible widget-box no-border" id="login-box"> 123 <div class="widget-body"> 124 <div class="widget-main"> 125 126 <!-- Login Form BEGIN --> 127 128 <div id="verify-div" class="form-container"> 129 <form id="account-update-form" method="post" action="account_update.php"> 130 <fieldset> 131 <legend><span><?php echo lang_get( 'edit_account_title' ) . ' - ' . string_display_line( $u_username ) ?></span></legend> 132 <div class="space-10"></div> 133 <input type="hidden" name="verify_user_id" value="<?php echo $u_id ?>"> 134 <?php 135 echo form_security_field( 'account_update' ); 136 # When verifying account, set a token and don't display current password 137 token_set( TOKEN_ACCOUNT_VERIFY, true, TOKEN_EXPIRY_AUTHENTICATED, $u_id ); 138 ?> 139 <div class="field-container"> 140 <label class="block clearfix"> 141 <span class="block input-icon input-icon-right"> 142 <input id="realname" class="form-control" placeholder="<?php echo lang_get( 'realname' ) ?>" type="text" size="32" maxlength="<?php echo DB_FIELD_SIZE_REALNAME ?>" name="realname" value="<?php echo string_attribute( $u_realname ) ?>" /> 143 <?php print_icon( 'fa-user', 'ace-icon' ); ?> 144 </span> 145 </label> 146 <span class="label-style"></span> 147 </div> 148 149 <div class="field-container"> 150 <label class="block clearfix"> 151 <span class="block input-icon input-icon-right"> 152 <input id="password" class="form-control" placeholder="<?php echo lang_get( 'password' ) ?>" type="password" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" name="password"/> 153 <?php print_icon( 'fa-lock', 'ace-icon' ); ?> 154 </span> 155 </label> 156 <span class="label-style"></span> 157 </div> 158 159 <div class="field-container"> 160 <label class="block clearfix"> 161 <span class="block input-icon input-icon-right"> 162 <input id="password-confirm" class="form-control" placeholder="<?php echo lang_get( 'confirm_password' ) ?>" type="password" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" name="password_confirm"/> 163 <?php print_icon( 'fa-lock', 'ace-icon' ); ?> 164 </span> 165 </label> 166 <span class="label-style"></span> 167 </div> 168 <div class="space-18"></div> 169 <span class="submit-button"> 170 <button type="submit" class="width-100 width-40 pull-right btn btn-success btn-inverse bigger-110"> 171 <span class="bigger-110"><?php echo lang_get( 'update_user_button' ) ?></span> 172 </button> 173 </span> 174 175 </fieldset> 176 </form> 177 </div> 178 </div> 179</div> 180 181 </div> 182 </div> 183 </div> 184 </div> 185 186<?php 187} 188 189layout_login_page_end(); 190