[Openfirst-cvscommit] members forgotten.php,NONE,1.1 reset.php,1.2,1.3

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/openfirst/members
In directory sc8-pr-cvs1:/tmp/cvs-serv24933

Modified Files:
	reset.php 
Added Files:
	forgotten.php 
Log Message:
Add forgotten password functionality, and fix indenting/code style issues in reset.php

--- NEW FILE: forgotten.php ---
<?php
/*
 *  openFIRST.members - forgotten.php
 *
 * Copyright (C) 2003,
 *  openFIRST Project
 *  Original Author: David Di Biase <dav...@ea...>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
 *
 */
  // Include system globals and headers
  include_once("../config/globals.php");
  include_once($header);
  
  if(isset($_POST['reset'])) {

    $member_query = ofirst_dbquery("SELECT * FROM ofirst_members WHERE email = '".$_POST['email']."';");
    $member = ofirst_dbfetch_object($member_query);
	 
    if(ofirst_dbnum_rows($member_query) == 0) {
      echo "<br><br>There is no member registered with that e-mail address, try again!<br><br>";
    } else {
      mt_srand(microtime() * 1000000);		 
      $authcode = (microtime()|mt_rand(1,mt_getrandmax()));

      ofirst_dbquery("UPDATE ofirst_members SET authcode = '".$authcode."' WHERE email = '".$_POST['email']."';");

      mail($member->email, "$title Account Password Reset","Hello ".$member->firstname.",\n\nYou are receiving this email because either you or someone else has
requested that your password for $home be reset.

Your reset code is: ".$authcode."\n\nClick on the following link to visit the reset password page:\n$home$basepath/members/reset.php?code=$authcode&email=".$member->email."\n\nThank you!", "From: $mailfrom");

      echo "<br><br>An e-mail with information on how to reset your account password has been sent to the specified address.<br>
            Check your e-mail account for this message and follow the instructions contained within it.<br><br>";
	 
      die(include_once($footer));
    }
  }

?>
<h1>Forgotten Password</h1>
<form method="POST" action="forgotten.php">
  <table width="40%">
    <tr> 
      <th>Reset Password</th>
    </tr>
    <tr> 
      <td><div align="center">In order to reset your account we will need your 
          e-mail address: <br>
          <br>
          <input name="email" type="text" id="email" size="30">
          <input name="reset" type="submit" id="reset" value="Reset Password">
        </div></td>
    </tr>
  </table>
</form>
<?php include_once($footer); ?>

Index: reset.php
===================================================================
RCS file: /cvsroot/openfirst/members/reset.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** reset.php	23 Dec 2003 14:46:52 -0000	1.2
--- reset.php	23 Dec 2003 15:19:41 -0000	1.3
***************
*** 31,47 ****
    
    // Get password, encrypt and send to database
!   if(isset($_POST['set'])){
!   $newpass = cryptpassword($_POST['pass'],$encryption);
!   ofirst_dbquery("UPDATE ofirst_members SET password = '".$newpass."' WHERE email = '".$_GET['email']."' AND authcode = '".$_GET['code']."';");
!   echo "<br><br>Your password has been successfully changed, you may now login! <a href='index.php'>Login</a>";
! 	die(include_once($footer));
    }
    
!   if(isset($_GET['code'])){
!   $member_query = ofirst_dbquery("SELECT * FROM ofirst_members WHERE email = '".$_GET['email']."' AND authcode = '".$_GET['code']."';");
!   $member = ofirst_dbfetch_object($member_query);
! 	if(ofirst_dbnum_rows($member_query) == 0){
!     echo "<br><br>There is no account with that information, sorry!<br><br>";
!         }else{
  ?>
  <h1>Reset Password</h1>
--- 31,47 ----
    
    // Get password, encrypt and send to database
!   if(isset($_POST['set'])) {
!     $newpass = cryptpassword($_POST['pass'],$encryption);
!     ofirst_dbquery("UPDATE ofirst_members SET password = '".$newpass."' WHERE email = '".$_GET['email']."' AND authcode = '".$_GET['code']."';");
!     echo "<br><br>Your password has been successfully changed, you may now login! <a href='index.php'>Login</a>";
!     die(include_once($footer));
    }
    
!   if(isset($_GET['code'])) {
!     $member_query = ofirst_dbquery("SELECT * FROM ofirst_members WHERE email = '".$_GET['email']."' AND authcode = '".$_GET['code']."';");
!     $member = ofirst_dbfetch_object($member_query);
!     if(ofirst_dbnum_rows($member_query) == 0){
!       echo "<br><br>There is no account with that information, sorry!<br><br>";
!     } else {
  ?>
  <h1>Reset Password</h1>
***************
*** 61,64 ****
  <?php
      }
!  }
!   include_once($footer); ?>
\ No newline at end of file
--- 61,64 ----
  <?php
      }
!   }
!   include_once($footer); ?>