appendChild($root); $root->appendChild(generateHead($doc)); $body = $doc->createElement('body'); $root->appendChild($body); $body->appendChild(generateMastHead($doc, $baseDir)); /* * Insert content here. */ if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['TokenID']) && isset($_POST['password1']) && isset($_POST['password2'])) { /* * We have a TokenID and two passwords on POST * If everything checks out, reset the password. */ $token = cleanInput($_POST['TokenID']); if ($_POST['password1'] === $_POST['password2']) { $newPassword = $_POST['password1']; $memberID = FALSE; $memberID = verifyPasswordResetToken($token); if (!($memberID === FALSE)) { /* * everything looks good, update the password and clear the token. */ } } } if (isset($_POST['useremail'])) { /* * Send a password reset url */ $targetEmail = cleanInput($_POST['useremail']); /* * Apply some sanity to this because there is no userid to log * abusive requests to. */ if (strpos($targetEmail, ';') === FALSE && strpos($targetEmail, '"') === FALSE && strpos($targetEmail, "'") === FALSE && strpos($targetEmail, '?') === FALSE && strpos($targetEmail, "/") === FALSE && strpos($targetEmail, "\\") === FALSE) { $mailArray = returnPasswordResetTokenArray($targetEmail); if (!is_null($mailArray)) { $mailTo = $mailArray['email']; $token = $mailArray['token']; //print ("token is " . strlen($token) . " characters long"); $firstName = $mailArray['firstName']; $lastName = $mailArray['lastName']; $subject = "Request to change your password has been recieved"; $message = "Hello $firstName, we have received a request to change " . "your password. If this request was not made by you do not " . "respond to this email. If you continue to receive these requests " . "please let us know. To reset your password, follow this link: " . "http://$siteDomain$baseDir/password-reset.php?TokenID=$token " . "and you will be guided through the rest of the process. Again, " . "it is safe to ignore this email if you do not want to reset your " . "password. Abuse can be reported to mailto:info@protospace.ca "; if (!$passwordResetMailSilence) { mail($mailTo, $subject, $message); } else { $label = $doc->createElement('h3'); $label->appendChild($doc->createTextNode("This message would have been sent but it was silenced")); $body->appendChild($label); $label = $doc->createElement('p'); $label->appendChild($doc->createTextNode($message)); $body->appendChild($label); } } } } } else { if (isset($_GET['TokenID'])) { $memberID = FALSE; /* * Check the token and reset the password */ $token = cleanInput($_GET['TokenID']); /* * Tokens will have very specific formats that should be checked. */ /** TODO: * Make this more better, less sucky */ if (strlen($token) == 64) { $memberID = verifyPasswordResetToken($token); if (!($memberID === FALSE)) { $label = $doc->createElement('h3'); $label->appendChild($doc->createTextNode("Reset Password")); $body->appendChild($label); $form = createForm($doc, "password-reset.php"); $fieldSet = $doc->createElement('fieldset'); $fieldSetDiv = $doc->createElement('div'); $fieldSet->appendChild($fieldSetDiv); $input = $doc->createElement('input'); $input->setAttribute('type', 'hidden'); $input->setAttribute('name', 'TokenID'); $input->setAttribute('value', $token); $fieldSetDiv->appendChild($input); $label = $doc->createElement('label', 'Enter new password:'); $label->setAttribute('for', 'password1'); $label->setAttribute('class', 'CourseEditorInputLabel'); $fieldSetDiv->appendChild($label); $input = $doc->createElement('input'); $input->setAttribute('type', 'password'); $input->setAttribute('name', 'password1'); $input->setAttribute('value', ''); $input->setAttribute('autocomplete', 'off'); $input->setAttribute('required', 'required'); //$input->setAttribute(''); $fieldSetDiv->appendChild($input); $label = $doc->createElement('label', 'Confirm new password:'); $label->setAttribute('for', 'password2'); $label->setAttribute('class', 'CourseEditorInputLabel'); $fieldSetDiv->appendChild($label); $input = $doc->createElement('input'); $input->setAttribute('type', 'password'); $input->setAttribute('name', 'password2'); $input->setAttribute('value', ''); $input->setAttribute('autocomplete', 'off'); $input->setAttribute('required', 'required'); //$input->setAttribute(''); $fieldSetDiv->appendChild($input); $input = $doc->createElement('input'); $input->setAttribute('type', 'submit'); $input->setAttribute('value', 'Reset Password'); $fieldSetDiv->appendChild($input); $form->appendChild($fieldSet); $body->appendChild($form); } } } else { /* * Offer a password reset */ $label = $doc->createElement('h3'); $label->appendChild($doc->createTextNode("Reset Password")); $body->appendChild($label); $form = createForm($doc, "password-reset.php"); $fieldSet = $doc->createElement('fieldset'); $fieldSetDiv = $doc->createElement('div'); $fieldSet->appendChild($fieldSetDiv); /* $label = $doc->createElement('label', 'Username:'); $label->setAttribute('for', 'username'); $label->setAttribute('class', 'CourseEditorInputLabel'); $fieldSetDiv->appendChild($label); $input = createElement('input'); $input->setAttribute('type', 'text'); $input->setAttribute('name', 'username'); $input->setAttribute('autocomplete', 'off'); $input->setAttribute(''); $fieldSetDiv->appendChild($input); */ $label = $doc->createElement('label', 'Email:'); $label->setAttribute('for', 'useremail'); $label->setAttribute('class', 'CourseEditorInputLabel'); $fieldSetDiv->appendChild($label); $input = $doc->createElement('input'); $input->setAttribute('type', 'text'); $input->setAttribute('name', 'useremail'); $input->setAttribute('autocomplete', 'off'); if (isset($_GET['id']) && (returnAdminStatus($_SESSION['MemberID']) || returnDirectorStatus($_SESSION['MemberID']))) { $input->setAttribute('value', returnUserEmail((int)cleanInput($_GET['id']))); } //$input->setAttribute(''); $fieldSetDiv->appendChild($input); $input = $doc->createElement('input'); $input->setAttribute('type', 'submit'); $form->appendChild($input); $form->appendChild($fieldSet); $body->appendChild($form); } } $body->appendChild(generateFooter($doc)); if ($prettyPretty) $doc->formatOutput = true; outputDoc($doc); } else { generateCookieMonster(); } ?>