forked from SimpleMachines/SMF
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Reminder.php
413 lines (336 loc) · 12.8 KB
/
Reminder.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
<?php
/**
* Handle sending out reminders, and checking the secret answer and question. It uses just a few functions to do this, which are:
* Simple Machines Forum (SMF)
*
* @package SMF
* @author Simple Machines https://www.simplemachines.org
* @copyright 2022 Simple Machines and individual contributors
* @license https://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.1.0
*/
if (!defined('SMF'))
die('No direct access...');
/**
* This is the controlling delegator
*
* Uses Profile language files and Reminder template
*/
function RemindMe()
{
global $txt, $context;
loadLanguage('Profile');
loadTemplate('Reminder');
$context['page_title'] = $txt['authentication_reminder'];
$context['robot_no_index'] = true;
// Delegation can be useful sometimes.
$subActions = array(
'picktype' => 'RemindPick',
'secret2' => 'SecretAnswer2',
'setpassword' => 'setPassword',
'setpassword2' => 'setPassword2'
);
// Any subaction? If none, fall through to the main template, which will ask for one.
if (isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]))
call_helper($subActions[$_REQUEST['sa']]);
// Creating a one time token.
else
createToken('remind');
}
/**
* Allows the user to pick how they wish to be reminded
*/
function RemindPick()
{
global $context, $txt, $scripturl, $sourcedir, $user_info, $webmaster_email, $smcFunc, $language, $modSettings;
checkSession();
validateToken('remind');
createToken('remind');
// Coming with a known ID?
if (!empty($_REQUEST['uid']))
{
$where = 'id_member = {int:id_member}';
$where_params['id_member'] = (int) $_REQUEST['uid'];
}
elseif (isset($_POST['user']) && $_POST['user'] != '')
{
$where = 'member_name = {string:member_name}';
$where_params['member_name'] = $_POST['user'];
$where_params['email_address'] = $_POST['user'];
}
// You must enter a username/email address.
if (empty($where))
fatal_lang_error('username_no_exist', false);
// Make sure we are not being slammed
// Don't call this if you're coming from the "Choose a reminder type" page - otherwise you'll likely get an error
if (!isset($_POST['reminder_type']) || !in_array($_POST['reminder_type'], array('email', 'secret')))
{
spamProtection('remind');
}
// Find the user!
$request = $smcFunc['db_query']('', '
SELECT id_member, real_name, member_name, email_address, is_activated, validation_code, lngfile, secret_question
FROM {db_prefix}members
WHERE ' . $where . '
LIMIT 1',
$where_params
);
// Maybe email?
if ($smcFunc['db_num_rows']($request) == 0 && empty($_REQUEST['uid']))
{
$smcFunc['db_free_result']($request);
$request = $smcFunc['db_query']('', '
SELECT id_member, real_name, member_name, email_address, is_activated, validation_code, lngfile, secret_question
FROM {db_prefix}members
WHERE email_address = {string:email_address}
LIMIT 1',
$where_params
);
if ($smcFunc['db_num_rows']($request) == 0)
fatal_lang_error('no_user_with_email', false);
}
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
// If the user isn't activated/approved, give them some feedback on what to do next.
if ($row['is_activated'] != 1)
{
// Awaiting approval...
if (trim($row['validation_code']) == '')
fatal_error(sprintf($txt['registration_not_approved'], $scripturl . '?action=activate;user=' . $_POST['user']), false);
else
fatal_error(sprintf($txt['registration_not_activated'], $scripturl . '?action=activate;user=' . $_POST['user']), false);
}
// You can't get emailed if you have no email address.
$row['email_address'] = trim($row['email_address']);
if ($row['email_address'] == '')
fatal_error($txt['no_reminder_email'] . '<br>' . $txt['send_email_to'] . ' <a href="mailto:' . $webmaster_email . '">' . $txt['webmaster'] . '</a> ' . $txt['to_ask_password']);
// If they have no secret question then they can only get emailed the item, or they are requesting the email, send them an email.
if (empty($row['secret_question']) || (isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'email'))
{
// Randomly generate a new password, with only alpha numeric characters that is a max length of 10 chars.
require_once($sourcedir . '/Subs-Members.php');
$password = generateValidationCode();
require_once($sourcedir . '/Subs-Post.php');
$replacements = array(
'REALNAME' => $row['real_name'],
'REMINDLINK' => $scripturl . '?action=reminder;sa=setpassword;u=' . $row['id_member'] . ';code=' . $password,
'IP' => $user_info['ip'],
'MEMBERNAME' => $row['member_name'],
);
$emaildata = loadEmailTemplate('forgot_password', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
$context['description'] = $txt['reminder_sent'];
sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, 'reminder', $emaildata['is_html'], 1);
// Set the password in the database.
updateMemberData($row['id_member'], array('validation_code' => substr(md5($password), 0, 10)));
// Set up the template.
$context['sub_template'] = 'sent';
// Don't really.
return;
}
// Otherwise are ready to answer the question?
elseif (isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'secret')
{
return SecretAnswerInput();
}
// No we're here setup the context for template number 2!
$context['sub_template'] = 'reminder_pick';
$context['current_member'] = array(
'id' => $row['id_member'],
'name' => $row['member_name'],
);
}
/**
* Allows the user to set their new password
*/
function setPassword()
{
global $txt, $context;
loadLanguage('Login');
// You need a code!
if (!isset($_REQUEST['code']))
fatal_lang_error('no_access', false);
// Fill the context array.
$context += array(
'page_title' => $txt['reminder_set_password'],
'sub_template' => 'set_password',
'code' => $_REQUEST['code'],
'memID' => (int) $_REQUEST['u']
);
loadJavaScriptFile('register.js', array('defer' => false, 'minimize' => true), 'smf_register');
// Tokens!
createToken('remind-sp');
}
/**
* Actually sets the new password
*/
function setPassword2()
{
global $context, $modSettings, $txt, $smcFunc, $sourcedir;
checkSession();
validateToken('remind-sp');
if (empty($_POST['u']) || !isset($_POST['passwrd1']) || !isset($_POST['passwrd2']))
fatal_lang_error('no_access', false);
$_POST['u'] = (int) $_POST['u'];
if ($_POST['passwrd1'] != $_POST['passwrd2'])
fatal_lang_error('passwords_dont_match', false);
if ($_POST['passwrd1'] == '')
fatal_lang_error('no_password', false);
loadLanguage('Login');
// Get the code as it should be from the database.
$request = $smcFunc['db_query']('', '
SELECT validation_code, member_name, email_address, passwd_flood
FROM {db_prefix}members
WHERE id_member = {int:id_member}
AND is_activated = {int:is_activated}
AND validation_code != {string:blank_string}
LIMIT 1',
array(
'id_member' => $_POST['u'],
'is_activated' => 1,
'blank_string' => '',
)
);
// Does this user exist at all?
if ($smcFunc['db_num_rows']($request) == 0)
fatal_lang_error('invalid_userid', false);
list ($realCode, $username, $email, $flood_value) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Is the password actually valid?
require_once($sourcedir . '/Subs-Auth.php');
$passwordError = validatePassword($_POST['passwrd1'], $username, array($email));
// What - it's not?
if ($passwordError != null)
if ($passwordError == 'short')
fatal_lang_error('profile_error_password_' . $passwordError, false, array(empty($modSettings['password_strength']) ? 4 : 8));
else
fatal_lang_error('profile_error_password_' . $passwordError, false);
require_once($sourcedir . '/LogInOut.php');
// Quit if this code is not right.
if (empty($_POST['code']) || substr($realCode, 0, 10) !== substr(md5($_POST['code']), 0, 10))
{
// Stop brute force attacks like this.
validatePasswordFlood($_POST['u'], $flood_value, false);
fatal_error($txt['invalid_activation_code'], false);
}
// Just in case, flood control.
validatePasswordFlood($_POST['u'], $flood_value, true);
// User validated. Update the database!
updateMemberData($_POST['u'], array('validation_code' => '', 'passwd' => hash_password($username, $_POST['passwrd1'])));
call_integration_hook('integrate_reset_pass', array($username, $username, $_POST['passwrd1']));
loadTemplate('Login');
$context += array(
'page_title' => $txt['reminder_password_set'],
'sub_template' => 'login',
'default_username' => $username,
'default_password' => $_POST['passwrd1'],
'never_expire' => false,
'description' => $txt['reminder_password_set']
);
createToken('login');
}
/**
* Allows the user to enter their secret answer
*/
function SecretAnswerInput()
{
global $context, $smcFunc;
checkSession();
// Strings for the register auto javascript clever stuffy wuffy.
loadLanguage('Login');
// Check they entered something...
if (empty($_REQUEST['uid']))
fatal_lang_error('username_no_exist', false);
// Get the stuff....
$request = $smcFunc['db_query']('', '
SELECT id_member, real_name, member_name, secret_question
FROM {db_prefix}members
WHERE id_member = {int:id_member}
LIMIT 1',
array(
'id_member' => (int) $_REQUEST['uid'],
)
);
if ($smcFunc['db_num_rows']($request) == 0)
fatal_lang_error('username_no_exist', false);
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
// If there is NO secret question - then throw an error.
if (trim($row['secret_question']) == '')
fatal_lang_error('registration_no_secret_question', false);
// Ask for the answer...
$context['remind_user'] = $row['id_member'];
$context['remind_type'] = '';
$context['secret_question'] = $row['secret_question'];
$context['sub_template'] = 'ask';
createToken('remind-sai');
loadJavaScriptFile('register.js', array('defer' => false, 'minimize' => true), 'smf_register');
}
/**
* Validates the secret answer input by the user
*/
function SecretAnswer2()
{
global $txt, $context, $modSettings, $smcFunc, $sourcedir;
checkSession();
validateToken('remind-sai');
// Hacker? How did you get this far without an email or username?
if (empty($_REQUEST['uid']))
fatal_lang_error('username_no_exist', false);
loadLanguage('Login');
// Get the information from the database.
$request = $smcFunc['db_query']('', '
SELECT id_member, real_name, member_name, secret_answer, secret_question, email_address
FROM {db_prefix}members
WHERE id_member = {int:id_member}
LIMIT 1',
array(
'id_member' => $_REQUEST['uid'],
)
);
if ($smcFunc['db_num_rows']($request) == 0)
fatal_lang_error('username_no_exist', false);
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
/*
* Check if the secret answer is correct.
* In 2.1 this was changed to use hash_(verify_)passsword, same as the password. The length of the hash is 60 characters.
* Prior to 2.1 this was a simple md5. The length of the hash is 32 characters.
* For compatibility with older answers, we still check if a match occurs on md5. As there is a difference in the hash lengths, there isn't a possiblity of a cross match between the hashes. This will ensure in future answer updates will prevent md5 methods from working.
*/
if ($row['secret_question'] == '' || $row['secret_answer'] == '' || (!hash_verify_password($row['member_name'], $_POST['secret_answer'], $row['secret_answer']) && md5($_POST['secret_answer']) != $row['secret_answer']))
{
log_error(sprintf($txt['reminder_error'], $row['member_name']), 'user');
fatal_lang_error('incorrect_answer', false);
}
// You can't use a blank one!
if (strlen(trim($_POST['passwrd1'])) === 0)
fatal_lang_error('no_password', false);
// They have to be the same too.
if ($_POST['passwrd1'] != $_POST['passwrd2'])
fatal_lang_error('passwords_dont_match', false);
// Make sure they have a strong enough password.
require_once($sourcedir . '/Subs-Auth.php');
$passwordError = validatePassword($_POST['passwrd1'], $row['member_name'], array($row['email_address']));
// Invalid?
if ($passwordError != null)
if ($passwordError == 'short')
fatal_lang_error('profile_error_password_' . $passwordError, false, array(empty($modSettings['password_strength']) ? 4 : 8));
else
fatal_lang_error('profile_error_password_' . $passwordError, false);
// Alright, so long as 'yer sure.
updateMemberData($row['id_member'], array('passwd' => hash_password($row['member_name'], $_POST['passwrd1'])));
call_integration_hook('integrate_reset_pass', array($row['member_name'], $row['member_name'], $_POST['passwrd1']));
// Tell them it went fine.
loadTemplate('Login');
$context += array(
'page_title' => $txt['reminder_password_set'],
'sub_template' => 'login',
'default_username' => $row['member_name'],
'default_password' => $_POST['passwrd1'],
'never_expire' => false,
'description' => $txt['reminder_password_set']
);
createToken('login');
}
?>