mz/crm.e5.pl
1
0
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
300aa5381afac62115c41ea42e0111f4d081c4be
crm.e5.pl/modules/Users/Changenewpassword.php

271 lines
11 KiB
PHP
Raw Normal View History

init
2024-04-27 09:23:34 +02:00
<?php
if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
/*********************************************************************************
* SugarCRM is a customer relationship management program developed by
* SugarCRM, Inc. Copyright (C) 2004-2010 SugarCRM Inc.
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU Affero General Public License version 3 as published by the
* Free Software Foundation with the addition of the following permission added
* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
* details.
*
* You should have received a copy of the GNU Affero General Public License along with
* this program; if not, see http://www.gnu.org/licenses or write to the Free
* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301 USA.
*
* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
* SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
* SugarCRM" logo. If the display of the logo is not reasonably feasible for
* technical reasons, the Appropriate Legal Notices must display the words
* "Powered by SugarCRM".
********************************************************************************/
/*********************************************************************************
* Description: TODO: To be written.
* Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
* All Rights Reserved.
* Contributor(s): ______________________________________..
********************************************************************************/
global $app_language, $sugar_config;
global $app_strings;
global $current_language;
require_once('modules/Users/language/en_us.lang.php');
$mod_strings=return_module_language('','Users');
///////////////////////////////////////////////////////////////////////////////
//// RECAPTCHA CHECK ONLY
if(isset($_REQUEST['recaptcha_challenge_field']) && isset($_REQUEST['recaptcha_response_field'])){
require_once('include/reCaptcha/recaptchalib.php');
$admin=new Administration();
$admin->retrieveSettings('captcha');
if($admin->settings['captcha_on']=='1' && !empty($admin->settings['captcha_private_key'])){
$privatekey = $admin->settings['captcha_private_key'];
}else
echo("Captcha settings not found");
$response = recaptcha_check_answer($privatekey,
$_SERVER["REMOTE_ADDR"],
$_REQUEST["recaptcha_challenge_field"],
$_REQUEST["recaptcha_response_field"]);
if(!$response->is_valid){
switch ($response->error){
case 'invalid-site-private-key':
echo $mod_strings['LBL_RECAPTCHA_INVALID_PRIVATE_KEY'];
break;
case 'incorrect-captcha-sol' :
echo $mod_strings['LBL_RECAPTCHA_FILL_FIELD'];
break;
case 'invalid-request-cookie' :
echo $mod_strings['LBL_RECAPTCHA_INVALID_REQUEST_COOKIE'];
break;
case 'unknown' :
echo $mod_strings['LBL_RECAPTCHA_UNKNOWN'];
break;
default:
echo "Invalid captcha entry, go back and fix. ". $response->error. " ";
}
}
else {
echo("Success");
}
return;
}
//// RECAPTCHA CHECK ONLY
///////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////
//// PASSWORD GENERATED LINK CHECK USING
////
//// This script : - check the link expiration
//// - send the filled form to authenticate.php after changing the password in the database
$redirect='1';
if (isset($_REQUEST['guid']))
{
$Q="select * from users_password_link where id='".$_REQUEST['guid']."' and deleted='0'";
$result =$GLOBALS['db']->limitQuery($Q,0,1,false);
$row = $GLOBALS['db']->fetchByAssoc($result);
if (!empty($row)){
$pwd_settings=$GLOBALS['sugar_config']['passwordsetting'];
$expired='0';
if($pwd_settings['linkexpiration']){
$delay=$pwd_settings['linkexpirationtime']*$pwd_settings['linkexpirationtype'];
$stim = strtotime($row['date_generated']);
$expiretime = date("Y-m-d H:i:s", mktime(date("H",$stim), date("i",$stim)+$delay, date("s",$stim), date("m",$stim), date("d",$stim), date("Y",$stim)));
$timenow = gmdate($GLOBALS['timedate']->get_db_date_time_format());
if ($timenow > $expiretime)
$expired='1';
}
if (!$expired)
{
// if the form is filled and we want to login
if (isset($_REQUEST['login']) && $_REQUEST['login'] =='1'){
if ( $row['username'] == $_POST['user_name'] ){
$usr= new user();
$usr_id=$usr->retrieve_user_id($_POST['user_name']);
$usr->retrieve($usr_id);
$user_hash = strtolower(md5($_POST['new_password']));
$usr->setPreference('loginexpiration','0');
//set new password
$now=date("Y-m-d H:i:s");
$query1 = "UPDATE $usr->table_name SET user_hash='$user_hash', system_generated_password='0', pwd_last_changed='$now' where id='$usr->id'";
$GLOBALS['db']->query($query1, true, "Error setting new password for $usr->user_name: ");
$query2 = "UPDATE users_password_link SET deleted='1' where id='".$_REQUEST['guid']."'";
$GLOBALS['db']->query($query2, true, "Error setting link for $usr->user_name: ");
$_POST['user_name'] = $_REQUEST['user_name'];
$_POST['user_password'] = $_REQUEST['new_password'];
$_POST['module'] = 'Users';
$_POST['action'] = 'Authenticate';
$_POST['login_module'] = 'Home';
$_POST['login_action'] = 'index';
$_POST['Login'] = 'Login';
foreach($_POST as $k=>$v){
$_REQUEST[$k] = $v;
$_GET[$k]= $v;
}
unset($_REQUEST['entryPoint']);
unset($_GET['entryPoint']);
$GLOBALS['app']->execute();
die();
}
}
else
$redirect='0';
}
else
{
$query2 = "UPDATE users_password_link SET deleted='1' where id='".$_REQUEST['guid']."'";
$GLOBALS['db']->query($query2, true, "Error setting link");
}
}
}
if ($redirect!='0')
{
header('location:index.php?action=Login&module=Users');
exit ();
}
//// PASSWORD GENERATED LINK CHECK USING
///////////////////////////////////////////////////////////////////////////////
require_once('include/MVC/View/SugarView.php');
$view= new SugarView();
$view->init();
$view->displayHeader();
$sugar_smarty = new Sugar_Smarty();
$admin = new Administration();
$admin->retrieveSettings('captcha');
$add_captcha = 0;
$captcha_privatekey = "";
$captcha_publickey="";
$captcha_js = "";
$Captcha="";
if(isset($admin->settings['captcha_on'])&& $admin->settings['captcha_on']=='1' && !empty($admin->settings['captcha_private_key']) && !empty($admin->settings['captcha_public_key'])){
$add_captcha = 1;
$captcha_privatekey = $admin->settings['captcha_private_key'];
$captcha_publickey = $admin->settings['captcha_public_key'];
$captcha_js .="<script type='text/javascript' src='" . getJSPath('include/javascript/sugar_grp1_yui.js') . "'></script><script type='text/javascript' src='" . getJSPath('include/javascript/sugar_grp_yui2.js') . "'></script>
<script type='text/javascript' src='http://api.recaptcha.net/js/recaptcha_ajax.js'></script>
<script> //var oldFormAction = document.getElementById('form').action; //save old action
function initCaptcha(){
Recaptcha.create('$captcha_publickey' ,'captchaImage',{theme:'custom',callback:Recaptcha.focus_response_field});
}
window.onload=initCaptcha;
var handleFailure=handleSuccess;
var handleSuccess = function(o){
if(o.responseText!==undefined && o.responseText =='Success'){
document.getElementById('user_password').value=document.getElementById('new_password').value;
document.getElementById('ChangePasswordForm').submit();
}
else{
alert(o.responseText);
Recaptcha.reload();
}
}
var callback2 =
{
success:handleSuccess,
failure: handleFailure
};
function validateCaptchaAndSubmit(){
var form = document.getElementById('form');
var url = '&to_pdf=1&module=Home&action=index&entryPoint=Changenewpassword&recaptcha_challenge_field='+Recaptcha.get_challenge()+'&recaptcha_response_field='+ Recaptcha.get_response();
YAHOO.util.Connect.asyncRequest('POST','index.php',callback2,url);
}
</script>";
$Captcha.=$captcha_js;
$Captcha.= "<tr>
<td scope='row' width='20%'>".$mod_strings['LBL_RECAPTCHA_INSTRUCTION_OPPOSITE'].":</td>
<td width='70%'><input type='text' size='26' id='recaptcha_response_field' value=''></td>
<th rowsapn='2' class='x-sqs-list' ><div id='recaptcha_image'></div></th>
</tr>
<tr>
<td colspan='2'>
<a href='javascript:Recaptcha.reload()'> ".$mod_strings['LBL_RECAPTCHA_NEW_CAPTCHA']."</a>&nbsp;&nbsp;
<a class='recaptcha_only_if_image' href='javascript:Recaptcha.switch_type('audio')'>".$mod_strings['LBL_RECAPTCHA_SOUND']."</a>
<a class='recaptcha_only_if_audio' href='javascript:Recaptcha.switch_type('image')'>".$mod_strings['LBL_RECAPTCHA_IMAGE']."</a>
</td>
</tr>";
}else{
echo"<script>function validateCaptchaAndSubmit(){document.getElementById('user_password').value=document.getElementById('new_password').value;document.getElementById('ChangePasswordForm').submit();}</script>";
}
$pwd_settings=$GLOBALS['sugar_config']['passwordsetting'];
$sugar_smarty->assign('sugar_md',getWebPath('include/images/sugar_md_open.png'));
$sugar_smarty->assign("MOD", $mod_strings);
$sugar_smarty->assign("CAPTCHA", $Captcha);
$sugar_smarty->assign("IS_ADMIN", '1');
$sugar_smarty->assign("ENTRY_POINT", 'Changenewpassword');
$sugar_smarty->assign('return_action', 'login');
$sugar_smarty->assign("APP", $app_strings);
$sugar_smarty->assign("INSTRUCTION", $app_strings['NTC_LOGIN_MESSAGE']);
$sugar_smarty->assign("USERNAME_FIELD", '<td scope="row" width="30%">'.$mod_strings['LBL_USER_NAME'].':</td><td width="70%"><input type="text" size="20" tabindex="1" id="user_name" name="user_name" value=""</td>');
$sugar_smarty->assign('PWDSETTINGS', $GLOBALS['sugar_config']['passwordsetting']);
$rules = "'','',''";
$sugar_smarty->assign('SUBMIT_BUTTON','<input title="'.$mod_strings['LBL_LOGIN_BUTTON_TITLE']
.'" accessKey="'.$mod_strings['LBL_LOGIN_BUTTON_TITLE'].'" class="button" '
. 'onclick="if(!set_password(form,newrules(' . $rules . '))) return false; validateCaptchaAndSubmit();" '
. 'type="button" tabindex="3" id="login_button" name="Login" value="'.$mod_strings['LBL_LOGIN_BUTTON_LABEL'].'" /><br>&nbsp');
if(!empty($_REQUEST['guid'])) $sugar_smarty->assign("GUID", $_REQUEST['guid']);
$sugar_smarty->display('modules/Users/Changenewpassword.tpl');
$view->displayFooter();
?>
Reference in New Issue Copy Permalink