2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM Community Edition is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2012 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
38 /*********************************************************************************
40 * Description: TODO: To be written.
41 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
42 * All Rights Reserved.
43 * Contributor(s): ______________________________________..
44 ********************************************************************************/
45 global $app_language, $sugar_config;
47 global $current_language;
51 require_once('modules/Users/language/en_us.lang.php');
52 $mod_strings=return_module_language('','Users');
54 ///////////////////////////////////////////////////////////////////////////////
55 //// RECAPTCHA CHECK ONLY
57 if(isset($_REQUEST['recaptcha_challenge_field']) && isset($_REQUEST['recaptcha_response_field'])){
58 require_once('include/reCaptcha/recaptchalib.php');
60 $admin=new Administration();
61 $admin->retrieveSettings('captcha');
62 if($admin->settings['captcha_on']=='1' && !empty($admin->settings['captcha_private_key'])){
63 $privatekey = $admin->settings['captcha_private_key'];
65 echo("Captcha settings not found");
66 $response = recaptcha_check_answer($privatekey,
67 $_SERVER["REMOTE_ADDR"],
68 $_REQUEST["recaptcha_challenge_field"],
69 $_REQUEST["recaptcha_response_field"]);
70 if(!$response->is_valid){
71 switch ($response->error){
72 case 'invalid-site-private-key':
73 echo $mod_strings['LBL_RECAPTCHA_INVALID_PRIVATE_KEY'];
75 case 'incorrect-captcha-sol' :
76 echo $mod_strings['LBL_RECAPTCHA_FILL_FIELD'];
78 case 'invalid-request-cookie' :
79 echo $mod_strings['LBL_RECAPTCHA_INVALID_REQUEST_COOKIE'];
82 echo $mod_strings['LBL_RECAPTCHA_UNKNOWN'];
86 echo "Invalid captcha entry, go back and fix. ". $response->error. " ";
94 //// RECAPTCHA CHECK ONLY
95 ///////////////////////////////////////////////////////////////////////////////
98 ///////////////////////////////////////////////////////////////////////////////
99 //// PASSWORD GENERATED LINK CHECK USING
101 //// This script : - check the link expiration
102 //// - send the filled form to authenticate.php after changing the password in the database
104 if (isset($_REQUEST['guid']))
106 $Q="select * from users_password_link where id='".$_REQUEST['guid']."' and deleted='0'";
107 $result =$GLOBALS['db']->limitQuery($Q,0,1,false);
108 $row = $GLOBALS['db']->fetchByAssoc($result);
110 $pwd_settings=$GLOBALS['sugar_config']['passwordsetting'];
112 if($pwd_settings['linkexpiration']){
113 $delay=$pwd_settings['linkexpirationtime']*$pwd_settings['linkexpirationtype'];
114 $stim = strtotime($row['date_generated']) + date('Z');
115 $expiretime = TimeDate::getInstance()->fromTimestamp($stim)->get("+$delay minutes")->asDb();
116 $timenow = TimeDate::getInstance()->nowDb();
117 if ($timenow > $expiretime)
123 // if the form is filled and we want to login
124 if (isset($_REQUEST['login']) && $_REQUEST['login'] =='1'){
125 if ( $row['username'] == $_POST['user_name'] ){
128 $usr_id=$usr->retrieve_user_id($_POST['user_name']);
129 $usr->retrieve($usr_id);
130 $usr->setNewPassword($_POST['new_password']);
131 $query2 = "UPDATE users_password_link SET deleted='1' where id='".$_REQUEST['guid']."'";
132 $GLOBALS['db']->query($query2, true, "Error setting link for $usr->user_name: ");
133 $_POST['user_name'] = $_REQUEST['user_name'];
134 $_POST['user_password'] = $_REQUEST['new_password'];
135 $_POST['module'] = 'Users';
136 $_POST['action'] = 'Authenticate';
137 $_POST['login_module'] = 'Home';
138 $_POST['login_action'] = 'index';
139 $_POST['Login'] = 'Login';
140 foreach($_POST as $k=>$v){
144 unset($_REQUEST['entryPoint']);
145 unset($_GET['entryPoint']);
146 $GLOBALS['app']->execute();
155 $query2 = "UPDATE users_password_link SET deleted='1' where id='".$_REQUEST['guid']."'";
156 $GLOBALS['db']->query($query2, true, "Error setting link");
163 header('location:index.php?action=Login&module=Users');
167 //// PASSWORD GENERATED LINK CHECK USING
168 ///////////////////////////////////////////////////////////////////////////////
170 require_once('include/MVC/View/SugarView.php');
171 $view= new SugarView();
173 $view->displayHeader();
175 $sugar_smarty = new Sugar_Smarty();
177 $admin = new Administration();
178 $admin->retrieveSettings('captcha');
180 $captcha_privatekey = "";
181 $captcha_publickey="";
184 if(isset($admin->settings['captcha_on'])&& $admin->settings['captcha_on']=='1' && !empty($admin->settings['captcha_private_key']) && !empty($admin->settings['captcha_public_key'])){
186 $captcha_privatekey = $admin->settings['captcha_private_key'];
187 $captcha_publickey = $admin->settings['captcha_public_key'];
188 $captcha_js .="<script type='text/javascript' src='" . getJSPath('cache/include/javascript/sugar_grp1_yui.js') . "'></script><script type='text/javascript' src='" . getJSPath('cache/include/javascript/sugar_grp_yui2.js') . "'></script>
189 <script type='text/javascript' src='http://api.recaptcha.net/js/recaptcha_ajax.js'></script>
190 <script> //var oldFormAction = document.getElementById('form').action; //save old action
191 function initCaptcha(){
192 Recaptcha.create('$captcha_publickey' ,'captchaImage',{theme:'custom',callback:Recaptcha.focus_response_field});
195 window.onload=initCaptcha;
197 var handleFailure=handleSuccess;
198 var handleSuccess = function(o){
199 if(o.responseText!==undefined && o.responseText =='Success'){
201 document.getElementById('user_password').value=document.getElementById('new_password').value;
202 document.getElementById('ChangePasswordForm').submit();
205 alert(o.responseText);
212 success:handleSuccess,
213 failure: handleFailure
215 function validateCaptchaAndSubmit(){
216 var form = document.getElementById('form');
217 var url = '&to_pdf=1&module=Home&action=index&entryPoint=Changenewpassword&recaptcha_challenge_field='+Recaptcha.get_challenge()+'&recaptcha_response_field='+ Recaptcha.get_response();
218 YAHOO.util.Connect.asyncRequest('POST','index.php',callback2,url);
223 $Captcha.=$captcha_js;
225 <td scope='row' width='20%'>".$mod_strings['LBL_RECAPTCHA_INSTRUCTION_OPPOSITE'].":</td>
226 <td width='70%'><input type='text' size='26' id='recaptcha_response_field' value=''></td>
227 <th rowsapn='2' class='x-sqs-list' ><div id='recaptcha_image'></div></th>
232 <a href='javascript:Recaptcha.reload()'> ".$mod_strings['LBL_RECAPTCHA_NEW_CAPTCHA']."</a>
233 <a class='recaptcha_only_if_image' href='javascript:Recaptcha.switch_type('audio')'>".$mod_strings['LBL_RECAPTCHA_SOUND']."</a>
234 <a class='recaptcha_only_if_audio' href='javascript:Recaptcha.switch_type('image')'>".$mod_strings['LBL_RECAPTCHA_IMAGE']."</a>
239 echo"<script>function validateCaptchaAndSubmit(){document.getElementById('user_password').value=document.getElementById('new_password').value;document.getElementById('ChangePasswordForm').submit();}</script>";
241 $pwd_settings=$GLOBALS['sugar_config']['passwordsetting'];
243 $sugar_smarty->assign('sugar_md',getWebPath('include/images/sugar_md_open.png'));
244 $sugar_smarty->assign("MOD", $mod_strings);
245 $sugar_smarty->assign("CAPTCHA", $Captcha);
246 $sugar_smarty->assign("IS_ADMIN", '1');
247 $sugar_smarty->assign("ENTRY_POINT", 'Changenewpassword');
248 $sugar_smarty->assign('return_action', 'login');
249 $sugar_smarty->assign("APP", $app_strings);
250 $sugar_smarty->assign("INSTRUCTION", $app_strings['NTC_LOGIN_MESSAGE']);
251 $sugar_smarty->assign("USERNAME_FIELD", '<td scope="row" width="30%">'.$mod_strings['LBL_USER_NAME'].':</td><td width="70%"><input type="text" size="20" tabindex="1" id="user_name" name="user_name" value=""</td>');
252 $sugar_smarty->assign('PWDSETTINGS', $GLOBALS['sugar_config']['passwordsetting']);
257 $sugar_smarty->assign('SUBMIT_BUTTON','<input title="'.$mod_strings['LBL_LOGIN_BUTTON_TITLE']
259 . 'onclick="if(!set_password(form,newrules(' . $rules . '))) return false; validateCaptchaAndSubmit();" '
260 . 'type="button" tabindex="3" id="login_button" name="Login" value="'.$mod_strings['LBL_LOGIN_BUTTON_LABEL'].'" /><br> ');
262 if(!empty($_REQUEST['guid'])) $sugar_smarty->assign("GUID", $_REQUEST['guid']);
263 $sugar_smarty->display('modules/Users/Changenewpassword.tpl');
264 $view->displayFooter();