2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM Community Edition is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
38 /*********************************************************************************
40 * Description: TODO: To be written.
41 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
42 * All Rights Reserved.
43 * Contributor(s): ______________________________________..
44 ********************************************************************************/
45 global $app_language, $sugar_config;
47 global $current_language;
51 require_once('modules/Users/language/en_us.lang.php');
52 $mod_strings=return_module_language('','Users');
54 ///////////////////////////////////////////////////////////////////////////////
55 //// RECAPTCHA CHECK ONLY
57 if(isset($_REQUEST['recaptcha_challenge_field']) && isset($_REQUEST['recaptcha_response_field'])){
58 require_once('include/reCaptcha/recaptchalib.php');
60 $admin=new Administration();
61 $admin->retrieveSettings('captcha');
62 if($admin->settings['captcha_on']=='1' && !empty($admin->settings['captcha_private_key'])){
63 $privatekey = $admin->settings['captcha_private_key'];
65 echo("Captcha settings not found");
66 $response = recaptcha_check_answer($privatekey,
67 $_SERVER["REMOTE_ADDR"],
68 $_REQUEST["recaptcha_challenge_field"],
69 $_REQUEST["recaptcha_response_field"]);
70 if(!$response->is_valid){
71 switch ($response->error){
72 case 'invalid-site-private-key':
73 echo $mod_strings['LBL_RECAPTCHA_INVALID_PRIVATE_KEY'];
75 case 'incorrect-captcha-sol' :
76 echo $mod_strings['LBL_RECAPTCHA_FILL_FIELD'];
78 case 'invalid-request-cookie' :
79 echo $mod_strings['LBL_RECAPTCHA_INVALID_REQUEST_COOKIE'];
82 echo $mod_strings['LBL_RECAPTCHA_UNKNOWN'];
86 echo "Invalid captcha entry, go back and fix. ". $response->error. " ";
94 //// RECAPTCHA CHECK ONLY
95 ///////////////////////////////////////////////////////////////////////////////
98 ///////////////////////////////////////////////////////////////////////////////
99 //// PASSWORD GENERATED LINK CHECK USING
101 //// This script : - check the link expiration
102 //// - send the filled form to authenticate.php after changing the password in the database
104 if (isset($_REQUEST['guid']))
106 $Q="select * from users_password_link where id='".$_REQUEST['guid']."' and deleted='0'";
107 $result =$GLOBALS['db']->limitQuery($Q,0,1,false);
108 $row = $GLOBALS['db']->fetchByAssoc($result);
110 $pwd_settings=$GLOBALS['sugar_config']['passwordsetting'];
112 if($pwd_settings['linkexpiration']){
113 $delay=$pwd_settings['linkexpirationtime']*$pwd_settings['linkexpirationtype'];
114 $stim = strtotime($row['date_generated']);
115 $expiretime = TimeDate::getInstance()->fromTimestamp($stim)->get("+$delay minutes")->asDb();
116 $timenow = TimeDate::getInstance()->nowDb();
117 if ($timenow > $expiretime)
123 // if the form is filled and we want to login
124 if (isset($_REQUEST['login']) && $_REQUEST['login'] =='1'){
125 if ( $row['username'] == $_POST['user_name'] ){
128 $usr_id=$usr->retrieve_user_id($_POST['user_name']);
129 $usr->retrieve($usr_id);
130 $user_hash = strtolower(md5($_POST['new_password']));
131 $usr->setPreference('loginexpiration','0');
133 $now=TimeDate::getInstance()->nowDb();
134 $query1 = "UPDATE $usr->table_name SET user_hash='$user_hash', system_generated_password='0', pwd_last_changed='$now' where id='$usr->id'";
135 $GLOBALS['db']->query($query1, true, "Error setting new password for $usr->user_name: ");
136 $query2 = "UPDATE users_password_link SET deleted='1' where id='".$_REQUEST['guid']."'";
137 $GLOBALS['db']->query($query2, true, "Error setting link for $usr->user_name: ");
138 $_POST['user_name'] = $_REQUEST['user_name'];
139 $_POST['user_password'] = $_REQUEST['new_password'];
140 $_POST['module'] = 'Users';
141 $_POST['action'] = 'Authenticate';
142 $_POST['login_module'] = 'Home';
143 $_POST['login_action'] = 'index';
144 $_POST['Login'] = 'Login';
145 foreach($_POST as $k=>$v){
149 unset($_REQUEST['entryPoint']);
150 unset($_GET['entryPoint']);
151 $GLOBALS['app']->execute();
160 $query2 = "UPDATE users_password_link SET deleted='1' where id='".$_REQUEST['guid']."'";
161 $GLOBALS['db']->query($query2, true, "Error setting link");
168 header('location:index.php?action=Login&module=Users');
172 //// PASSWORD GENERATED LINK CHECK USING
173 ///////////////////////////////////////////////////////////////////////////////
175 require_once('include/MVC/View/SugarView.php');
176 $view= new SugarView();
178 $view->displayHeader();
180 $sugar_smarty = new Sugar_Smarty();
182 $admin = new Administration();
183 $admin->retrieveSettings('captcha');
185 $captcha_privatekey = "";
186 $captcha_publickey="";
189 if(isset($admin->settings['captcha_on'])&& $admin->settings['captcha_on']=='1' && !empty($admin->settings['captcha_private_key']) && !empty($admin->settings['captcha_public_key'])){
191 $captcha_privatekey = $admin->settings['captcha_private_key'];
192 $captcha_publickey = $admin->settings['captcha_public_key'];
193 $captcha_js .="<script type='text/javascript' src='" . getJSPath('cache/include/javascript/sugar_grp1_yui.js') . "'></script><script type='text/javascript' src='" . getJSPath('cache/include/javascript/sugar_grp_yui2.js') . "'></script>
194 <script type='text/javascript' src='http://api.recaptcha.net/js/recaptcha_ajax.js'></script>
195 <script> //var oldFormAction = document.getElementById('form').action; //save old action
196 function initCaptcha(){
197 Recaptcha.create('$captcha_publickey' ,'captchaImage',{theme:'custom',callback:Recaptcha.focus_response_field});
200 window.onload=initCaptcha;
202 var handleFailure=handleSuccess;
203 var handleSuccess = function(o){
204 if(o.responseText!==undefined && o.responseText =='Success'){
206 document.getElementById('user_password').value=document.getElementById('new_password').value;
207 document.getElementById('ChangePasswordForm').submit();
210 alert(o.responseText);
217 success:handleSuccess,
218 failure: handleFailure
220 function validateCaptchaAndSubmit(){
221 var form = document.getElementById('form');
222 var url = '&to_pdf=1&module=Home&action=index&entryPoint=Changenewpassword&recaptcha_challenge_field='+Recaptcha.get_challenge()+'&recaptcha_response_field='+ Recaptcha.get_response();
223 YAHOO.util.Connect.asyncRequest('POST','index.php',callback2,url);
228 $Captcha.=$captcha_js;
230 <td scope='row' width='20%'>".$mod_strings['LBL_RECAPTCHA_INSTRUCTION_OPPOSITE'].":</td>
231 <td width='70%'><input type='text' size='26' id='recaptcha_response_field' value=''></td>
232 <th rowsapn='2' class='x-sqs-list' ><div id='recaptcha_image'></div></th>
237 <a href='javascript:Recaptcha.reload()'> ".$mod_strings['LBL_RECAPTCHA_NEW_CAPTCHA']."</a>
238 <a class='recaptcha_only_if_image' href='javascript:Recaptcha.switch_type('audio')'>".$mod_strings['LBL_RECAPTCHA_SOUND']."</a>
239 <a class='recaptcha_only_if_audio' href='javascript:Recaptcha.switch_type('image')'>".$mod_strings['LBL_RECAPTCHA_IMAGE']."</a>
244 echo"<script>function validateCaptchaAndSubmit(){document.getElementById('user_password').value=document.getElementById('new_password').value;document.getElementById('ChangePasswordForm').submit();}</script>";
246 $pwd_settings=$GLOBALS['sugar_config']['passwordsetting'];
248 $sugar_smarty->assign('sugar_md',getWebPath('include/images/sugar_md_open.png'));
249 $sugar_smarty->assign("MOD", $mod_strings);
250 $sugar_smarty->assign("CAPTCHA", $Captcha);
251 $sugar_smarty->assign("IS_ADMIN", '1');
252 $sugar_smarty->assign("ENTRY_POINT", 'Changenewpassword');
253 $sugar_smarty->assign('return_action', 'login');
254 $sugar_smarty->assign("APP", $app_strings);
255 $sugar_smarty->assign("INSTRUCTION", $app_strings['NTC_LOGIN_MESSAGE']);
256 $sugar_smarty->assign("USERNAME_FIELD", '<td scope="row" width="30%">'.$mod_strings['LBL_USER_NAME'].':</td><td width="70%"><input type="text" size="20" tabindex="1" id="user_name" name="user_name" value=""</td>');
257 $sugar_smarty->assign('PWDSETTINGS', $GLOBALS['sugar_config']['passwordsetting']);
262 $sugar_smarty->assign('SUBMIT_BUTTON','<input title="'.$mod_strings['LBL_LOGIN_BUTTON_TITLE']
263 .'" accessKey="'.$mod_strings['LBL_LOGIN_BUTTON_TITLE'].'" class="button" '
264 . 'onclick="if(!set_password(form,newrules(' . $rules . '))) return false; validateCaptchaAndSubmit();" '
265 . 'type="button" tabindex="3" id="login_button" name="Login" value="'.$mod_strings['LBL_LOGIN_BUTTON_LABEL'].'" /><br> ');
267 if(!empty($_REQUEST['guid'])) $sugar_smarty->assign("GUID", $_REQUEST['guid']);
268 $sugar_smarty->display('modules/Users/Changenewpassword.tpl');
269 $view->displayFooter();