modules/Users/Changenewpassword.php

   1 <?php
   2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
   3 /*********************************************************************************
   4  * SugarCRM Community Edition is a customer relationship management program developed by
   5  * SugarCRM, Inc. Copyright (C) 2004-2012 SugarCRM Inc.
   6  *
   7  * This program is free software; you can redistribute it and/or modify it under
   8  * the terms of the GNU Affero General Public License version 3 as published by the
   9  * Free Software Foundation with the addition of the following permission added
  10  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
  11  * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
  12  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
  13  *
  14  * This program is distributed in the hope that it will be useful, but WITHOUT
  15  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  16  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
  17  * details.
  18  *
  19  * You should have received a copy of the GNU Affero General Public License along with
  20  * this program; if not, see http://www.gnu.org/licenses or write to the Free
  21  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  22  * 02110-1301 USA.
  23  *
  24  * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
  25  * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
  26  *
  27  * The interactive user interfaces in modified source and object code versions
  28  * of this program must display Appropriate Legal Notices, as required under
  29  * Section 5 of the GNU Affero General Public License version 3.
  30  *
  31  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
  32  * these Appropriate Legal Notices must retain the display of the "Powered by
  33  * SugarCRM" logo. If the display of the logo is not reasonably feasible for
  34  * technical reasons, the Appropriate Legal Notices must display the words
  35  * "Powered by SugarCRM".
  36  ********************************************************************************/
  37
  38 /*********************************************************************************
  39
  40  * Description: TODO:  To be written.
  41  * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
  42  * All Rights Reserved.
  43  * Contributor(s): ______________________________________..
  44  ********************************************************************************/
  45 global $app_language, $sugar_config;
  46 global $app_strings;
  47 global $current_language;
  48
  49
  50
  51 require_once('modules/Users/language/en_us.lang.php');
  52 $mod_strings=return_module_language('','Users');
  53
  54 ///////////////////////////////////////////////////////////////////////////////
  55 ////    RECAPTCHA CHECK ONLY
  56
  57 if(isset($_REQUEST['recaptcha_challenge_field']) && isset($_REQUEST['recaptcha_response_field'])){
  58         require_once('include/reCaptcha/recaptchalib.php');
  59
  60         $admin=new Administration();
  61         $admin->retrieveSettings('captcha');
  62         if($admin->settings['captcha_on']=='1' && !empty($admin->settings['captcha_private_key'])){
  63                 $privatekey = $admin->settings['captcha_private_key'];
  64         }else
  65                 echo("Captcha settings not found");
  66         $response = recaptcha_check_answer($privatekey,
  67                                                                                 $_SERVER["REMOTE_ADDR"],
  68                                                                                 $_REQUEST["recaptcha_challenge_field"],
  69                                                                                 $_REQUEST["recaptcha_response_field"]);
  70         if(!$response->is_valid){
  71                 switch ($response->error){
  72                 case 'invalid-site-private-key':
  73                         echo $mod_strings['LBL_RECAPTCHA_INVALID_PRIVATE_KEY'];
  74                         break;
  75                 case 'incorrect-captcha-sol' :
  76                         echo $mod_strings['LBL_RECAPTCHA_FILL_FIELD'];
  77                         break;
  78                 case 'invalid-request-cookie' :
  79                         echo $mod_strings['LBL_RECAPTCHA_INVALID_REQUEST_COOKIE'];
  80                         break;
  81                 case 'unknown' :
  82                         echo $mod_strings['LBL_RECAPTCHA_UNKNOWN'];
  83                         break;
  84
  85                 default:
  86                         echo "Invalid captcha entry, go back and fix. ". $response->error. " ";
  87                 }
  88         }
  89         else {
  90                 echo("Success");
  91         }
  92         return;
  93 }
  94 ////    RECAPTCHA CHECK ONLY
  95 ///////////////////////////////////////////////////////////////////////////////
  96
  97
  98 ///////////////////////////////////////////////////////////////////////////////
  99 ////    PASSWORD GENERATED LINK CHECK USING
 100 ////
 101 //// This script :  - check the link expiration
 102 ////                       - send the filled form to authenticate.php after changing the password in the database
 103 $redirect='1';
 104 if (isset($_REQUEST['guid']))
 105         {
 106         $Q="select * from users_password_link where id='".$_REQUEST['guid']."' and deleted='0'";
 107         $result =$GLOBALS['db']->limitQuery($Q,0,1,false);
 108         $row = $GLOBALS['db']->fetchByAssoc($result);
 109         if (!empty($row)){
 110                 $pwd_settings=$GLOBALS['sugar_config']['passwordsetting'];
 111             $expired='0';
 112             if($pwd_settings['linkexpiration']){
 113                 $delay=$pwd_settings['linkexpirationtime']*$pwd_settings['linkexpirationtype'];
 114             $stim = strtotime($row['date_generated']) + date('Z');
 115                         $expiretime = TimeDate::getInstance()->fromTimestamp($stim)->get("+$delay  minutes")->asDb();
 116                 $timenow = TimeDate::getInstance()->nowDb();
 117                 if ($timenow > $expiretime)
 118                         $expired='1';
 119             }
 120
 121             if (!$expired)
 122                 {
 123                         // if the form is filled and we want to login
 124                         if (isset($_REQUEST['login']) && $_REQUEST['login'] =='1'){
 125                                 if ( $row['username'] == $_POST['user_name'] ){
 126
 127                                                 $usr= new user();
 128                                                 $usr_id=$usr->retrieve_user_id($_POST['user_name']);
 129                                         $usr->retrieve($usr_id);
 130                                         $usr->setNewPassword($_POST['new_password']);
 131                                             $query2 = "UPDATE users_password_link SET deleted='1' where id='".$_REQUEST['guid']."'";
 132                                                 $GLOBALS['db']->query($query2, true, "Error setting link for $usr->user_name: ");
 133                                                 $_POST['user_name'] = $_REQUEST['user_name'];
 134                                                 $_POST['user_password'] = $_REQUEST['new_password'];
 135                                                 $_POST['module'] = 'Users';
 136                                                 $_POST['action'] = 'Authenticate';
 137                                                 $_POST['login_module'] = 'Home';
 138                                                 $_POST['login_action'] = 'index';
 139                                                 $_POST['Login'] = 'Login';
 140                                                 foreach($_POST as $k=>$v){
 141                                                         $_REQUEST[$k] = $v;
 142                                                         $_GET[$k]= $v;
 143                                                 }
 144                                                 unset($_REQUEST['entryPoint']);
 145                                                 unset($_GET['entryPoint']);
 146                                                 $GLOBALS['app']->execute();
 147                                                 die();
 148                                         }
 149                         }
 150                                 else
 151                                 $redirect='0';
 152                 }
 153                 else
 154                         {
 155                                 $query2 = "UPDATE users_password_link SET deleted='1' where id='".$_REQUEST['guid']."'";
 156                         $GLOBALS['db']->query($query2, true, "Error setting link");
 157                         }
 158                 }
 159         }
 160
 161 if ($redirect!='0')
 162         {
 163         header('location:index.php?action=Login&module=Users');
 164         exit ();
 165         }
 166
 167 ////    PASSWORD GENERATED LINK CHECK USING
 168 ///////////////////////////////////////////////////////////////////////////////
 169
 170         require_once('include/MVC/View/SugarView.php');
 171         $view= new SugarView();
 172         $view->init();
 173         $view->displayHeader();
 174
 175         $sugar_smarty = new Sugar_Smarty();
 176
 177         $admin = new Administration();
 178         $admin->retrieveSettings('captcha');
 179         $add_captcha = 0;
 180         $captcha_privatekey = "";
 181         $captcha_publickey="";
 182         $captcha_js = "";
 183         $Captcha="";
 184         if(isset($admin->settings['captcha_on'])&& $admin->settings['captcha_on']=='1' && !empty($admin->settings['captcha_private_key']) && !empty($admin->settings['captcha_public_key'])){
 185                 $add_captcha = 1;
 186                 $captcha_privatekey = $admin->settings['captcha_private_key'];
 187                 $captcha_publickey = $admin->settings['captcha_public_key'];
 188                 $captcha_js .="<script type='text/javascript' src='" . getJSPath('cache/include/javascript/sugar_grp1_yui.js') . "'></script><script type='text/javascript' src='" . getJSPath('cache/include/javascript/sugar_grp_yui2.js') . "'></script>
 189                 <script type='text/javascript' src='http://api.recaptcha.net/js/recaptcha_ajax.js'></script>
 190                 <script> //var oldFormAction = document.getElementById('form').action; //save old action
 191                 function initCaptcha(){
 192                                 Recaptcha.create('$captcha_publickey' ,'captchaImage',{theme:'custom',callback:Recaptcha.focus_response_field});
 193                                 }
 194
 195                 window.onload=initCaptcha;
 196
 197                 var handleFailure=handleSuccess;
 198                 var handleSuccess = function(o){
 199                         if(o.responseText!==undefined && o.responseText =='Success'){
 200
 201                                 document.getElementById('user_password').value=document.getElementById('new_password').value;
 202                                 document.getElementById('ChangePasswordForm').submit();
 203                         }
 204                         else{
 205                                 alert(o.responseText);
 206                                 Recaptcha.reload();
 207
 208                         }
 209                 }
 210                 var callback2 =
 211                 {
 212                   success:handleSuccess,
 213                   failure: handleFailure
 214                 };
 215                 function validateCaptchaAndSubmit(){
 216                                 var form = document.getElementById('form');
 217                                 var url = '&to_pdf=1&module=Home&action=index&entryPoint=Changenewpassword&recaptcha_challenge_field='+Recaptcha.get_challenge()+'&recaptcha_response_field='+ Recaptcha.get_response();
 218                                 YAHOO.util.Connect.asyncRequest('POST','index.php',callback2,url);
 219
 220                 }
 221
 222         </script>";
 223         $Captcha.=$captcha_js;
 224         $Captcha.= "<tr>
 225                                         <td scope='row' width='20%'>".$mod_strings['LBL_RECAPTCHA_INSTRUCTION_OPPOSITE'].":</td>
 226                             <td width='70%'><input type='text' size='26' id='recaptcha_response_field' value=''></td>
 227                                 <th rowsapn='2' class='x-sqs-list' ><div  id='recaptcha_image'></div></th>
 228                             </tr>
 229
 230                             <tr>
 231                                 <td colspan='2'>
 232                                         <a href='javascript:Recaptcha.reload()'> ".$mod_strings['LBL_RECAPTCHA_NEW_CAPTCHA']."</a>&nbsp;&nbsp;
 233                                         <a class='recaptcha_only_if_image' href='javascript:Recaptcha.switch_type('audio')'>".$mod_strings['LBL_RECAPTCHA_SOUND']."</a>
 234                                         <a class='recaptcha_only_if_audio' href='javascript:Recaptcha.switch_type('image')'>".$mod_strings['LBL_RECAPTCHA_IMAGE']."</a>
 235                                 </td>
 236                         </tr>";
 237
 238         }else{
 239                 echo"<script>function validateCaptchaAndSubmit(){document.getElementById('user_password').value=document.getElementById('new_password').value;document.getElementById('ChangePasswordForm').submit();}</script>";
 240         }
 241 $pwd_settings=$GLOBALS['sugar_config']['passwordsetting'];
 242
 243 $sugar_smarty->assign('sugar_md',getWebPath('include/images/sugar_md_open.png'));
 244 $sugar_smarty->assign("MOD", $mod_strings);
 245 $sugar_smarty->assign("CAPTCHA", $Captcha);
 246 $sugar_smarty->assign("IS_ADMIN", '1');
 247 $sugar_smarty->assign("ENTRY_POINT", 'Changenewpassword');
 248 $sugar_smarty->assign('return_action', 'login');
 249 $sugar_smarty->assign("APP", $app_strings);
 250 $sugar_smarty->assign("INSTRUCTION", $app_strings['NTC_LOGIN_MESSAGE']);
 251 $sugar_smarty->assign("USERNAME_FIELD", '<td scope="row" width="30%">'.$mod_strings['LBL_USER_NAME'].':</td><td width="70%"><input type="text" size="20" tabindex="1" id="user_name" name="user_name"  value=""</td>');
 252 $sugar_smarty->assign('PWDSETTINGS', $GLOBALS['sugar_config']['passwordsetting']);
 253
 254
 255 $rules = "'','',''";
 256
 257 $sugar_smarty->assign('SUBMIT_BUTTON','<input title="'.$mod_strings['LBL_LOGIN_BUTTON_TITLE']
 258         .'" class="button" '
 259         . 'onclick="if(!set_password(form,newrules(' . $rules . '))) return false; validateCaptchaAndSubmit();" '
 260         . 'type="button" tabindex="3" id="login_button" name="Login" value="'.$mod_strings['LBL_LOGIN_BUTTON_LABEL'].'" /><br>&nbsp');
 261
 262 if(!empty($_REQUEST['guid'])) $sugar_smarty->assign("GUID", $_REQUEST['guid']);
 263 $sugar_smarty->display('modules/Users/Changenewpassword.tpl');
 264 $view->displayFooter();
 265 ?>