00001 <?php
00002
00005
00006 require_once 'Smarty.class.php';
00007 require_once 'error.php';
00008 require_once 'redirect.php';
00009 require_once 'sql.php';
00010 require_once 'util.php';
00011
00012 ## parameters accepted by this php script
00013
00029
00030 function setpw($smarty, $INPUT, $db) {
00031 global $_SESSION, $debug_level;
00032
00033 $valid_input = array(
00034 "pw1" => "/^.....+$/",
00035 );
00036
00037 ## check user input
00038
00039 # $INPUT = array_merge($_GET, $_POST);
00040 # $errors = check_input($INPUT, $validation_info);
00041
00042 if ($debug_level > 10) {
00043 print "<hr><pre>Input: ";
00044 print_r($INPUT);
00045 print "</pre><hr>";
00046 }
00047
00048 #if (!empty($errors)) {
00049 # user_error("Missing or malformed input parameter(s): " . join($errors, ", "),
00050 # E_USER_ERROR);
00051 #}
00052
00053 ## process buttons
00054
00055 # "OK" button pressed?
00056
00057 $display_html_form = (isset($INPUT['b_ok'])) ? FALSE : TRUE;
00058
00059
00060 # "Cancel" button pressed?
00061
00062 if (isset($INPUT['b_cancel'])) {
00063 return;
00064 }
00065
00066
00067 # stricter checks for user input (per item)
00068
00069 if (!$display_html_form) {
00070
00071 $errors = check_input($INPUT, $valid_input, FALSE);
00072
00073 if ($INPUT['pw1'] != $INPUT['pw2']) {
00074 $errors[] = 'pw_mismatch';
00075 }
00076
00077 if (!empty($errors)) {
00078 # user input was invalid, user must correct it
00079 $display_html_form = TRUE;
00080 }
00081 }
00082
00083 if ($display_html_form) {
00084
00085 ## (re-)display the input form
00086
00087 $tpl_vars = $INPUT;
00088 $tpl_vars['errors_info'] = $errors;
00089 do_template($smarty, 'setpw.tpl' , $tpl_vars);
00090 exit(0);
00091
00092 } else {
00093
00094
00095 $param = array(
00096 "table" => "user",
00097 "tables" => "user",
00098 "login" => $_SESSION['user']['login'],
00099 "password" => "{SHA1}" . sha1($INPUT['password']),
00100 "data" => array (
00101 "password" => "{SHA1}" . sha1($INPUT['pw1'])
00102 ),
00103 "cond" => "id = ". $_SESSION['user']['id'],
00104 );
00105
00106 $ans = sql_query('check_pw', $param, $db);
00107 sleep(2);
00108
00109 if (empty($ans)) {
00110 # wrong login / password, re-display HTML form
00111
00112 $tpl_vars = $INPUT;
00113 $tpl_vars['errors_info'] = $errors;
00114 $tpl_vars['errors_info'][] = 'password';
00115
00116 do_template($smarty, 'setpw.tpl' , $tpl_vars);
00117 sql_exit($db);
00118 exit(0);
00119 } else {
00120 sql_query('update', $param, $db);
00121 }
00122 }
00123
00124 }
00125
00136
00137 function send_reminder($smarty, $INPUT, $db) {
00138
00139 $p = array('email' => trim($INPUT['email']));
00140 $ans = sql_query('get_uid', $p, $db);
00141
00142 if(empty($ans)) {
00143 $tpl_var = array();
00144 $tpl_var['errors_info'] = array('email');
00145
00146 do_template($smarty,'login.tpl', $tpl_var);
00147 exit(0);
00148 }
00149
00150 foreach ($ans as $u) {
00151
00152 $uid = $u['id'];
00153
00154 # create random password and mail it to the user
00155
00156 $passwd = set_random_pw($uid, $db);
00157
00158 $user = get_item_owner("user", $uid, $db);
00159
00160 $email_to = $user['degree_name'] . " ";
00161 $email_to .= $user['forename'] . " ";
00162 $email_to .= $user['surname'] . " ";
00163 $email_to .= "<" . $user['email'] . ">";
00164
00165 $tpl_vars = array();
00166 $tpl_vars['user_info'] = $user;
00167 $tpl_vars['user_info']['password'] = $passwd;
00168
00169 send_email($smarty,'msg_reminder.tpl',$tpl_vars, $email_to);
00170 }
00171
00172 do_template($smarty,'reminder.tpl', $tpl_var);
00173 exit(0);
00174 }
00175
00176 ?>
