]> CyberLeo.Net >> Repos - Github/sugarcrm.git/blob - modules/Users/Changenewpassword.php
projects / Github / sugarcrm.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Release 6.4.0
[Github/sugarcrm.git] / modules / Users / Changenewpassword.php
1 <?php
2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4  * SugarCRM Community Edition is a customer relationship management program developed by
5  * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
6  * 
7  * This program is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU Affero General Public License version 3 as published by the
9  * Free Software Foundation with the addition of the following permission added
10  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11  * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
13  * 
14  * This program is distributed in the hope that it will be useful, but WITHOUT
15  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
17  * details.
18  * 
19  * You should have received a copy of the GNU Affero General Public License along with
20  * this program; if not, see http://www.gnu.org/licenses or write to the Free
21  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
22  * 02110-1301 USA.
23  * 
24  * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25  * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
26  * 
27  * The interactive user interfaces in modified source and object code versions
28  * of this program must display Appropriate Legal Notices, as required under
29  * Section 5 of the GNU Affero General Public License version 3.
30  * 
31  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32  * these Appropriate Legal Notices must retain the display of the "Powered by
33  * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34  * technical reasons, the Appropriate Legal Notices must display the words
35  * "Powered by SugarCRM".
36  ********************************************************************************/
37
38 /*********************************************************************************
39
40  * Description: TODO:  To be written.
41  * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
42  * All Rights Reserved.
43  * Contributor(s): ______________________________________..
44  ********************************************************************************/
45 global $app_language, $sugar_config;
46 global $app_strings;
47 global $current_language;
48
49
50
51 require_once('modules/Users/language/en_us.lang.php');
52 $mod_strings=return_module_language('','Users');
53
54 ///////////////////////////////////////////////////////////////////////////////
55 ////    RECAPTCHA CHECK ONLY
56
57 if(isset($_REQUEST['recaptcha_challenge_field']) && isset($_REQUEST['recaptcha_response_field'])){    
58         require_once('include/reCaptcha/recaptchalib.php');
59         
60         $admin=new Administration();
61         $admin->retrieveSettings('captcha');
62         if($admin->settings['captcha_on']=='1' && !empty($admin->settings['captcha_private_key'])){
63                 $privatekey = $admin->settings['captcha_private_key'];
64         }else
65                 echo("Captcha settings not found");
66         $response = recaptcha_check_answer($privatekey,
67                                                                                 $_SERVER["REMOTE_ADDR"],
68                                                                                 $_REQUEST["recaptcha_challenge_field"],
69                                                                                 $_REQUEST["recaptcha_response_field"]);
70         if(!$response->is_valid){
71                 switch ($response->error){
72                 case 'invalid-site-private-key':
73                         echo $mod_strings['LBL_RECAPTCHA_INVALID_PRIVATE_KEY'];
74                         break;
75                 case 'incorrect-captcha-sol' :
76                         echo $mod_strings['LBL_RECAPTCHA_FILL_FIELD'];
77                         break;
78                 case 'invalid-request-cookie' :
79                         echo $mod_strings['LBL_RECAPTCHA_INVALID_REQUEST_COOKIE'];
80                         break;
81                 case 'unknown' :
82                         echo $mod_strings['LBL_RECAPTCHA_UNKNOWN'];
83                         break;  
84                         
85                 default: 
86                         echo "Invalid captcha entry, go back and fix. ". $response->error. " ";
87                 }
88         }
89         else {
90                 echo("Success");
91         }
92         return;
93
94 ////    RECAPTCHA CHECK ONLY
95 ///////////////////////////////////////////////////////////////////////////////
96
97
98 ///////////////////////////////////////////////////////////////////////////////
99 ////    PASSWORD GENERATED LINK CHECK USING
100 ////
101 //// This script :  - check the link expiration
102 ////                       - send the filled form to authenticate.php after changing the password in the database
103 $redirect='1';
104 if (isset($_REQUEST['guid'])) 
105         {
106         $Q="select * from users_password_link where id='".$_REQUEST['guid']."' and deleted='0'";
107         $result =$GLOBALS['db']->limitQuery($Q,0,1,false);
108         $row = $GLOBALS['db']->fetchByAssoc($result);
109         if (!empty($row)){
110                 $pwd_settings=$GLOBALS['sugar_config']['passwordsetting'];
111             $expired='0';
112             if($pwd_settings['linkexpiration']){
113                 $delay=$pwd_settings['linkexpirationtime']*$pwd_settings['linkexpirationtype'];
114                         $stim = strtotime($row['date_generated']);
115                         $expiretime = TimeDate::getInstance()->fromTimestamp($stim)->get("+$delay  minutes")->asDb();
116                 $timenow = TimeDate::getInstance()->nowDb();
117                 if ($timenow > $expiretime)
118                         $expired='1';   
119             }
120                                 
121             if (!$expired)
122                 {
123                         // if the form is filled and we want to login
124                         if (isset($_REQUEST['login']) && $_REQUEST['login'] =='1'){
125                                 if ( $row['username'] == $_POST['user_name'] ){ 
126                                                 
127                                                 $usr= new user();
128                                                 $usr_id=$usr->retrieve_user_id($_POST['user_name']);
129                                         $usr->retrieve($usr_id);
130                                         $user_hash = strtolower(md5($_POST['new_password']));
131                                             $usr->setPreference('loginexpiration','0');
132                                             //set new password
133                                             $now=TimeDate::getInstance()->nowDb();
134                                             $query1 = "UPDATE $usr->table_name SET user_hash='$user_hash', system_generated_password='0', pwd_last_changed='$now' where id='$usr->id'";
135                                             $GLOBALS['db']->query($query1, true, "Error setting new password for $usr->user_name: ");
136                                             $query2 = "UPDATE users_password_link SET deleted='1' where id='".$_REQUEST['guid']."'";
137                                                 $GLOBALS['db']->query($query2, true, "Error setting link for $usr->user_name: ");                                               
138                                                 $_POST['user_name'] = $_REQUEST['user_name'];
139                                                 $_POST['user_password'] = $_REQUEST['new_password'];
140                                                 $_POST['module'] = 'Users';
141                                                 $_POST['action'] = 'Authenticate';
142                                                 $_POST['login_module'] = 'Home';
143                                                 $_POST['login_action'] = 'index';
144                                                 $_POST['Login'] = 'Login';
145                                                 foreach($_POST as $k=>$v){
146                                                         $_REQUEST[$k] = $v;
147                                                         $_GET[$k]= $v;
148                                                 }
149                                                 unset($_REQUEST['entryPoint']);
150                                                 unset($_GET['entryPoint']);
151                                                 $GLOBALS['app']->execute();
152                                                 die();
153                                         }
154                         }
155                                 else
156                                 $redirect='0';
157                 }
158                 else
159                         {
160                                 $query2 = "UPDATE users_password_link SET deleted='1' where id='".$_REQUEST['guid']."'";
161                         $GLOBALS['db']->query($query2, true, "Error setting link");
162                         }       
163                 }               
164         }
165
166 if ($redirect!='0')
167         {       
168         header('location:index.php?action=Login&module=Users');
169         exit ();
170         }
171         
172 ////    PASSWORD GENERATED LINK CHECK USING
173 ///////////////////////////////////////////////////////////////////////////////
174
175         require_once('include/MVC/View/SugarView.php');
176         $view= new SugarView();
177         $view->init();
178         $view->displayHeader();
179         
180         $sugar_smarty = new Sugar_Smarty();
181         
182         $admin = new Administration();
183         $admin->retrieveSettings('captcha');
184         $add_captcha = 0;
185         $captcha_privatekey = "";
186         $captcha_publickey="";
187         $captcha_js = "";
188         $Captcha="";
189         if(isset($admin->settings['captcha_on'])&& $admin->settings['captcha_on']=='1' && !empty($admin->settings['captcha_private_key']) && !empty($admin->settings['captcha_public_key'])){
190                 $add_captcha = 1;
191                 $captcha_privatekey = $admin->settings['captcha_private_key'];
192                 $captcha_publickey = $admin->settings['captcha_public_key'];
193                 $captcha_js .="<script type='text/javascript' src='" . getJSPath('cache/include/javascript/sugar_grp1_yui.js') . "'></script><script type='text/javascript' src='" . getJSPath('cache/include/javascript/sugar_grp_yui2.js') . "'></script>
194                 <script type='text/javascript' src='http://api.recaptcha.net/js/recaptcha_ajax.js'></script>
195                 <script> //var oldFormAction = document.getElementById('form').action; //save old action
196                 function initCaptcha(){
197                                 Recaptcha.create('$captcha_publickey' ,'captchaImage',{theme:'custom',callback:Recaptcha.focus_response_field});
198                                 }
199
200                 window.onload=initCaptcha;
201
202                 var handleFailure=handleSuccess;
203                 var handleSuccess = function(o){
204                         if(o.responseText!==undefined && o.responseText =='Success'){
205                                 
206                                 document.getElementById('user_password').value=document.getElementById('new_password').value;
207                                 document.getElementById('ChangePasswordForm').submit();
208                         }
209                         else{
210                                 alert(o.responseText);
211                                 Recaptcha.reload();
212                                 
213                         }
214                 }
215                 var callback2 =
216                 {
217                   success:handleSuccess,
218                   failure: handleFailure
219                 };
220                 function validateCaptchaAndSubmit(){
221                                 var form = document.getElementById('form');
222                                 var url = '&to_pdf=1&module=Home&action=index&entryPoint=Changenewpassword&recaptcha_challenge_field='+Recaptcha.get_challenge()+'&recaptcha_response_field='+ Recaptcha.get_response();
223                                 YAHOO.util.Connect.asyncRequest('POST','index.php',callback2,url);
224                                 
225                 }
226                 
227         </script>";
228         $Captcha.=$captcha_js;
229         $Captcha.= "<tr>
230                                         <td scope='row' width='20%'>".$mod_strings['LBL_RECAPTCHA_INSTRUCTION_OPPOSITE'].":</td>
231                             <td width='70%'><input type='text' size='26' id='recaptcha_response_field' value=''></td>
232                                 <th rowsapn='2' class='x-sqs-list' ><div  id='recaptcha_image'></div></th>
233                             </tr>
234                             
235                             <tr>
236                                 <td colspan='2'>
237                                         <a href='javascript:Recaptcha.reload()'> ".$mod_strings['LBL_RECAPTCHA_NEW_CAPTCHA']."</a>&nbsp;&nbsp;
238                                         <a class='recaptcha_only_if_image' href='javascript:Recaptcha.switch_type('audio')'>".$mod_strings['LBL_RECAPTCHA_SOUND']."</a>
239                                         <a class='recaptcha_only_if_audio' href='javascript:Recaptcha.switch_type('image')'>".$mod_strings['LBL_RECAPTCHA_IMAGE']."</a>
240                                 </td>
241                         </tr>";
242
243         }else{
244                 echo"<script>function validateCaptchaAndSubmit(){document.getElementById('user_password').value=document.getElementById('new_password').value;document.getElementById('ChangePasswordForm').submit();}</script>";
245         }       
246 $pwd_settings=$GLOBALS['sugar_config']['passwordsetting'];
247
248 $sugar_smarty->assign('sugar_md',getWebPath('include/images/sugar_md_open.png'));
249 $sugar_smarty->assign("MOD", $mod_strings);
250 $sugar_smarty->assign("CAPTCHA", $Captcha);
251 $sugar_smarty->assign("IS_ADMIN", '1');
252 $sugar_smarty->assign("ENTRY_POINT", 'Changenewpassword');
253 $sugar_smarty->assign('return_action', 'login');
254 $sugar_smarty->assign("APP", $app_strings);
255 $sugar_smarty->assign("INSTRUCTION", $app_strings['NTC_LOGIN_MESSAGE']);
256 $sugar_smarty->assign("USERNAME_FIELD", '<td scope="row" width="30%">'.$mod_strings['LBL_USER_NAME'].':</td><td width="70%"><input type="text" size="20" tabindex="1" id="user_name" name="user_name"  value=""</td>');
257 $sugar_smarty->assign('PWDSETTINGS', $GLOBALS['sugar_config']['passwordsetting']);
258
259
260 $rules = "'','',''";
261
262 $sugar_smarty->assign('SUBMIT_BUTTON','<input title="'.$mod_strings['LBL_LOGIN_BUTTON_TITLE']
263         .'" accessKey="'.$mod_strings['LBL_LOGIN_BUTTON_TITLE'].'" class="button" ' 
264         . 'onclick="if(!set_password(form,newrules(' . $rules . '))) return false; validateCaptchaAndSubmit();" ' 
265         . 'type="button" tabindex="3" id="login_button" name="Login" value="'.$mod_strings['LBL_LOGIN_BUTTON_LABEL'].'" /><br>&nbsp');
266
267 if(!empty($_REQUEST['guid'])) $sugar_smarty->assign("GUID", $_REQUEST['guid']);
268 $sugar_smarty->display('modules/Users/Changenewpassword.tpl');
269 $view->displayFooter();
270 ?>
SugarCRM local repository, cloned from git://github.com/sugarcrm/sugarcrm_dev.git