*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/**
* \file htdocs/user/passwordforgotten.php
* \brief Page demande nouveau mot de passe
* \version $Id$
*/
define("NOLOGIN",1); // This means this output page does not require to be logged.
require("../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
require_once(DOL_DOCUMENT_ROOT."/lib/ldap.class.php");
require_once(DOL_DOCUMENT_ROOT."/lib/usergroups.lib.php");
$langs->load("other");
$langs->load("users");
$langs->load("companies");
$langs->load("ldap");
// Security check
if ($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)
accessforbidden();
$action=isset($_GET["action"])?$_GET["action"]:$_POST["action"];
$mode=$dolibarr_main_authentication;
if (! $mode) $mode='http';
$login = isset($_POST["username"])?$_POST["username"]:'';
$conf->entity = isset($_POST["entity"])?$_POST["entity"]:1;
/**
* Actions
*/
// Action modif mot de passe
if ($_GET["action"] == 'validatenewpassword' && $_GET["username"] && $_GET["passwordmd5"])
{
$edituser = new User($db);
$result=$edituser->fetch($_GET["username"]);
if ($result < 0)
{
$message = ''.$langs->trans("ErrorLoginDoesNotExists",$_GET["username"]).'
';
}
else
{
if (md5($edituser->pass_temp) == $_GET["passwordmd5"])
{
$newpassword=$edituser->setPassword($user,$edituser->pass_temp,0);
dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
//session_start();
//$_SESSION["loginmesg"]=$langs->trans("PasswordChanged");
header("Location: ".DOL_URL_ROOT.'/');
exit;
}
else
{
$message = ''.$langs->trans("ErrorFailedToValidatePassword").'
';
}
}
}
// Action modif mot de passe
if ($_POST["action"] == 'buildnewpassword' && $_POST["username"])
{
require_once DOL_DOCUMENT_ROOT.'/includes/artichow/Artichow.cfg.php';
require_once ARTICHOW."/AntiSpam.class.php";
// We create anti-spam object
$object = new AntiSpam();
// Verify code
if (! $object->check('dol_antispam_value',$_POST['code'],true))
{
$message = ''.$langs->trans("ErrorBadValueForCode").'
';
}
else
{
$edituser = new User($db);
$result=$edituser->fetch($_POST["username"],'',1);
if ($result <= 0 && $edituser->error == 'USERNOTFOUND')
{
$message = ''.$langs->trans("ErrorLoginDoesNotExists",$_POST["username"]).'
';
$_POST["username"]='';
}
else
{
if (! $edituser->email)
{
$message = ''.$langs->trans("ErrorLoginHasNoEmail").'
';
}
else
{
$newpassword=$edituser->setPassword($user,'',1);
if ($newpassword < 0)
{
// Failed
$message = ''.$langs->trans("ErrorFailedToChangePassword").'
';
}
else
{
// Success
if ($edituser->send_password($user,$newpassword,1) > 0)
{
$message = ''.$langs->trans("PasswordChangeRequestSent",$edituser->login,$edituser->email).'
';
//$message.=$newpassword;
$_POST["username"]='';
}
else
{
//$message = ''.$langs->trans("PasswordChangedTo",$newpassword).'
';
$message.= ''.$edituser->error.'
';
}
}
}
}
}
}
/*
* Affichage page
*/
if ($conf->global->MAIN_SMARTY)
{
$smarty->assign('langs', $langs);
$php_self = $_SERVER['PHP_SELF'];
$php_self.= $_SERVER["QUERY_STRING"]?'?'.$_SERVER["QUERY_STRING"]:'';
$smarty->assign('php_self', $php_self);
$smarty->assign('character_set_client',$conf->file->character_set_client);
$smarty->assign('dol_url_root', DOL_URL_ROOT);
$smarty->assign('mode', $mode);
$smarty->assign('login', $login);
// Select templates
if ($conf->browser->phone)
{
if (file_exists(DOL_DOCUMENT_ROOT."/theme/phones/".$conf->browser->phone))
{
$smarty->template_dir = DOL_DOCUMENT_ROOT."/theme/phones/".$conf->browser->phone."/templates/user/";
$smarty->assign('theme', 'default');
}
else
{
$smarty->template_dir = DOL_DOCUMENT_ROOT."/theme/phones/others/templates/user/";
}
}
else
{
if (file_exists(DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/core/templates/passwordforgotten.tpl"))
{
$smarty->template_dir = DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/templates/core/";
}
else
{
$smarty->template_dir = DOL_DOCUMENT_ROOT."/core/templates/";
}
$conf->css = "/theme/".$conf->theme."/".$conf->theme.".css.php?lang=".$langs->defaultlang;
$smarty->assign('conf_css', DOL_URL_ROOT.$conf->css);
}
if (file_exists(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/img/login_background.png'))
{
$smarty->assign('login_background', DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/login_background.png');
}
else
{
$smarty->assign('login_background', DOL_URL_ROOT.'/theme/login_background.png');
}
if (! $_REQUEST["username"]) $smarty->assign('focus_element', 'username');
else $smarty->assign('focus_element', 'password');
// Title
$title='Dolibarr '.DOL_VERSION;
if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $title=$conf->global->MAIN_APPLICATION_TITLE;
$smarty->assign('title', $title);
// Send password button enabled ?
$disabled='disabled';
if ($mode == 'dolibarr' || $mode == 'dolibarr_mdb2') $disabled='';
if ($conf->global->MAIN_SECURITY_ENABLE_SENDPASSWORD) $disabled=''; // To force button enabled
$smarty->assign('disabled', $disabled);
// Show logo (search in order: small company logo, large company logo, theme logo, common logo)
$width=0;
$rowspan=2;
$urllogo=DOL_URL_ROOT.'/theme/login_logo.png';
if (! empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_small))
{
$urllogo=DOL_URL_ROOT.'/viewimage.php?modulepart=companylogo&file='.urlencode('thumbs/'.$mysoc->logo_small);
}
elseif (! empty($mysoc->logo_small) && is_readable($conf->mycompany->dir_output.'/logos/'.$mysoc->logo))
{
$urllogo=DOL_URL_ROOT.'/viewimage.php?modulepart=companylogo&file='.urlencode($mysoc->logo);
$width=128;
}
elseif (is_readable(DOL_DOCUMENT_ROOT.'/theme/dolibarr_logo.png'))
{
$urllogo=DOL_URL_ROOT.'/theme/dolibarr_logo.png';
}
if (! empty($conf->global->MAIN_MODULE_MULTICOMPANY)) $rowspan++;
$smarty->assign('logo', $urllogo);
$smarty->assign('logo_width', $width);
$smarty->assign('logo_rowspan', $rowspan);
// Entity field
if (! empty($conf->global->MAIN_MODULE_MULTICOMPANY) && ! $disabled)
{
require_once(DOL_DOCUMENT_ROOT.'/multicompany/multicompany.class.php');
global $db;
$mc = new Multicompany($db);
$mc->getEntities();
$smarty->assign('select_entity', $mc->select_entities($mc->entities,$conf->entity,'tabindex="2"'));
}
// Security graphical code
if (function_exists("imagecreatefrompng") && ! $disabled)
{
$smarty->assign('captcha', 1);
$smarty->assign('captcha_refresh', img_refresh());
}
// Message
if ($message)
{
$smarty->assign('error_message', $message);
}
// Creation du template
$smarty->display('passwordforgotten.tpl');
// Suppression de la version compilee
$smarty->clear_compiled_tpl('passwordforgotten.tpl');
}
else
{
$conf->css = "/theme/".$conf->theme."/".$conf->theme.".css.php";
header('Cache-Control: Public, must-revalidate');
print ''."\n";
// En tete html
print "\n";
print "\n";
print 'Dolibarr Authentification \n";
print ''."\n";
print '';
if (($mode == 'dolibarr' || $mode == 'dolibarr_mdb2') || (! $disabled))
{
print ''.$langs->trans("SendNewPasswordDesc").' '."\n";
}
else
{
print ''.$langs->trans("AuthenticationDoesNotAllowSendNewPassword",$mode).'
'."\n";
}
print '
'.$langs->trans("BackToLoginPage").' ';
print ' '."\n";
print "