noalyss Version-9
recover.php
Go to the documentation of this file.
1<?php
2/*
3 * This file is part of NOALYSS.
4 *
5 * NOALYSS isfree software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * NOALYSS isdistributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with NOALYSS; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 */
19// Copyright (2014) Author Dany De Bontridder <dany@alchimerys.be>
20require_once NOALYSS_INCLUDE.'/lib/ac_common.php';
21
22if (!defined('RECOVER'))
23 die('Appel direct ne sont pas permis');
24define('SIZE_REQUEST', 70);
25
26
27
29/**
30 * @file
31 * @brief
32 * @param type $name Descriptionara
33 */
34$action=$http->request("id","string", "");
35if ($action=="") :
36 /*
37 * Display dialog box
38 */
39 ?>
40 Donnez votre login ou votre email
41 <form method="POST">
42 <input type="hidden" value="send_email" name="id">
43 <input type="hidden" value="recover" name="recover">
44 login <input type="text" name="login">
45 or
46 email <input type="text" name="email">
47 <input type="submit" name="send_email" value="Envoi email">
48 </form>
49 <?php
50elseif ($action=="send_email") :
51 /*
52 * Check if user exists, if yes save a recover request
53 */
54 $login_input=$http->request("login", "string","");
55 $email_input=$http->request("email", "string","");
56 $cn=new Database(0);
57 $valid=false;
58 if (trim($login_input)!=""):
59 $array=$cn->get_array("select use_id,use_email,use_login from ac_users where lower(use_login)=lower($1) "
60 , array($login_input));
61 elseif (trim($email_input)!=""):
62 $array=$cn->get_array("select use_id,use_email,use_login from ac_users where "
63 ." lower(use_email)=lower($1) ", array( $email_input));
64
65 else:
66 return;
68
69
70 if ($cn->size()!=0):
71 list($user_id, $user_email, $user_login)=array_values($array[0]);
72 if (trim($user_email)!=" ") :
73 $valid=true;
74 endif;
75 endif;
76
77
78 if ($valid==true):
81 // exist a valid request for this user ?
82 $exist_request= $cn->get_array("select request , password from recover_pass
83 where use_id=$1 and created_on > now() - interval '12 hours'",[$user_id]);
84 if ( empty($exist_request ) ) {
85 /* save the request into */
86 $cn->exec_sql("insert into recover_pass(use_id,request,password,created_on,created_host) "
87 ." values ($1,$2,$3,now(),$4)", array($user_id, $request_id, $user_password, $_SERVER['REMOTE_ADDR']));
88 } else {
89 $request_id=$exist_request[0]["request"];
90 $user_password=$exist_request[0]['password'];
91 /* if too many request , there is a bug somewhere , so record an warning */
92 if ( count($exist_request)> 1 ){
93 error_log("WRE109 Trop de request pour ".var_export($exist_request,true));
94 }
95
96 }
97 /*
98 * send an email
99 */
101 $mail->set_from(ADMIN_WEB);
102 $mail->mailto($user_email);
103 $mail->set_subject("NOALYSS : Réinitialisation de mot de passe");
104 $noalyss_url=NOALYSS_URL;
105 $message=<<<EOF
106 Bonjour,
107
108Une demande de réinitialisation de votre mot de passe a été demandée par {$_SERVER['REMOTE_ADDR']}
109
110Votre nom d'utilisateur est {$user_login}
111Votre mot de passe est {$user_password}
112
113Suivez ce lien pour activer le changement ou ignorer ce message si vous n'êtes pas l'auteur de cette demande.
114Ce lien ne sera actif que 12 heures.
115
116
117 {$noalyss_url}/index.php?recover&id=req&req={$request_id}
118
119 Merci d'utiliser NOALYSS
120
121Cordialement,
122
123Noalyss team
124
125EOF;
126 $mail->set_message($message);
127 $mail->compose();
128 $mail->send();
129 echo '<p style="position:absolute;z-index:2;top:25px;left: 50px; background-color:whitesmoke;">
130L\'email a été envoyé avec un lien et le nouveau mot de passe, vérifiez vos spams</p>';
131 endif;
132elseif ($action=="req") :
133 $http=new HttpInput();
134 $request_id=$http->request("req","string", "");
136 $cn=new Database(0);
137
138 $value=$cn->get_value("select password from recover_pass where request=$1 and created_on > now() - interval '12 hours' and recover_on is null", array($request_id));
139 if ($cn->get_affected()>0) :
140 $cn->exec_sql("update ac_users set use_pass=md5(rp.password) from recover_pass as rp where rp.use_id=ac_users.use_id and request=$1", array($request_id));
141 $cn->exec_sql("update recover_pass set recover_by=$1 , recover_on=now() where request=$2", array($_SERVER['REMOTE_ADDR'],$request_id));
142 ?>
143 <p style="position:absolute;z-index:2;top:25px;left: 50px; background-color:whitesmoke;">
144 Opération réussie , vous pouvez vous connecter avec votre nouveau mot de passe
145
146 </p>
147 <?php
148 endif;
149 else:
150 die("Requête inconnue");
151 endif;
152endif;
noalyss_strlentrim($p_string)
Definition: ac_common.php:1549
generate_random_password($car)
generate a strong random password
Definition: ac_common.php:1748
p($p_string)
Definition: ac_common.php:39
generate_random_string($p_length, $special=1)
Create randomly a string.
Definition: ac_common.php:1420
$opd_description style
$from_poste name
$input_from type
Definition: balance.inc.php:65
contains the class for connecting to Noalyss
manage the http input (get , post, request) and extract from an array
Send email for Noalyss after checking if it is possible : if cannot be sent if the limit of max email...
if( $delta< 0) elseif( $delta==0)
$valid
Definition: recover.php:57
$value
Definition: recover.php:138
$cn
Definition: recover.php:56
$user_password
Definition: recover.php:80
$email_input
Definition: recover.php:55
$http
Definition: recover.php:28
$exist_request
Definition: recover.php:82
endif
Definition: recover.php:67
if(count($exist_request)> 1) $mail
Definition: recover.php:100
const SIZE_REQUEST
Definition: recover.php:24
$action
Definition: recover.php:34
$message
Definition: recover.php:105
$request_id
Definition: recover.php:134
$noalyss_url
Definition: recover.php:104