modules/Users/Changenewpassword.php

   1 <?php
   2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
   3 /*********************************************************************************
   4  * SugarCRM Community Edition is a customer relationship management program developed by
   5  * SugarCRM, Inc. Copyright (C) 2004-2012 SugarCRM Inc.
   6  *
   7  * This program is free software; you can redistribute it and/or modify it under
   8  * the terms of the GNU Affero General Public License version 3 as published by the
   9  * Free Software Foundation with the addition of the following permission added
  10  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
  11  * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
  12  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
  13  *
  14  * This program is distributed in the hope that it will be useful, but WITHOUT
  15  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  16  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
  17  * details.
  18  *
  19  * You should have received a copy of the GNU Affero General Public License along with
  20  * this program; if not, see http://www.gnu.org/licenses or write to the Free
  21  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  22  * 02110-1301 USA.
  23  *
  24  * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
  25  * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
  26  *
  27  * The interactive user interfaces in modified source and object code versions
  28  * of this program must display Appropriate Legal Notices, as required under
  29  * Section 5 of the GNU Affero General Public License version 3.
  30  *
  31  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
  32  * these Appropriate Legal Notices must retain the display of the "Powered by
  33  * SugarCRM" logo. If the display of the logo is not reasonably feasible for
  34  * technical reasons, the Appropriate Legal Notices must display the words
  35  * "Powered by SugarCRM".
  36  ********************************************************************************/
  37
  38 /*********************************************************************************
  39
  40  * Description: TODO:  To be written.
  41  * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
  42  * All Rights Reserved.
  43  * Contributor(s): ______________________________________..
  44  ********************************************************************************/
  45 global $app_language, $sugar_config;
  46 global $app_strings;
  47 global $current_language;
  48
  49
  50
  51 require_once('modules/Users/language/en_us.lang.php');
  52 $mod_strings=return_module_language('','Users');
  53
  54 ///////////////////////////////////////////////////////////////////////////////
  55 ////    RECAPTCHA CHECK ONLY
  56
  57 if(isset($_REQUEST['recaptcha_challenge_field']) && isset($_REQUEST['recaptcha_response_field'])){
  58         require_once('include/reCaptcha/recaptchalib.php');
  59
  60         $admin=new Administration();
  61         $admin->retrieveSettings('captcha');
  62         if($admin->settings['captcha_on']=='1' && !empty($admin->settings['captcha_private_key'])){
  63                 $privatekey = $admin->settings['captcha_private_key'];
  64         }else
  65                 echo("Captcha settings not found");
  66         $response = recaptcha_check_answer($privatekey,
  67                                                                                 $_SERVER["REMOTE_ADDR"],
  68                                                                                 $_REQUEST["recaptcha_challenge_field"],
  69                                                                                 $_REQUEST["recaptcha_response_field"]);
  70         if(!$response->is_valid){
  71                 switch ($response->error){
  72                 case 'invalid-site-private-key':
  73                         echo $mod_strings['LBL_RECAPTCHA_INVALID_PRIVATE_KEY'];
  74                         break;
  75                 case 'incorrect-captcha-sol' :
  76                         echo $mod_strings['LBL_RECAPTCHA_FILL_FIELD'];
  77                         break;
  78                 case 'invalid-request-cookie' :
  79                         echo $mod_strings['LBL_RECAPTCHA_INVALID_REQUEST_COOKIE'];
  80                         break;
  81                 case 'unknown' :
  82                         echo $mod_strings['LBL_RECAPTCHA_UNKNOWN'];
  83                         break;
  84
  85                 default:
  86                         echo "Invalid captcha entry, go back and fix. ". $response->error. " ";
  87                 }
  88         }
  89         else {
  90                 echo("Success");
  91         }
  92         return;
  93 }
  94 ////    RECAPTCHA CHECK ONLY
  95 ///////////////////////////////////////////////////////////////////////////////
  96
  97
  98 ///////////////////////////////////////////////////////////////////////////////
  99 ////    PASSWORD GENERATED LINK CHECK USING
 100 ////
 101 //// This script :  - check the link expiration
 102 ////                       - send the filled form to authenticate.php after changing the password in the database
 103 $redirect='1';
 104 if (isset($_REQUEST['guid']))
 105         {
 106         // Change 'deleted = 0' clause to 'COALESCE(deleted, 0) = 0' because by default the values were NULL
 107         $Q = "SELECT * FROM users_password_link WHERE id = '" . $_REQUEST['guid'] . "' AND COALESCE(deleted, 0) = '0'";
 108         $result =$GLOBALS['db']->limitQuery($Q,0,1,false);
 109         $row = $GLOBALS['db']->fetchByAssoc($result);
 110         if (!empty($row)){
 111                 $pwd_settings=$GLOBALS['sugar_config']['passwordsetting'];
 112             $expired='0';
 113             if($pwd_settings['linkexpiration']){
 114                 $delay=$pwd_settings['linkexpirationtime']*$pwd_settings['linkexpirationtype'];
 115             $stim = strtotime($row['date_generated']) + date('Z');
 116                         $expiretime = TimeDate::getInstance()->fromTimestamp($stim)->get("+$delay  minutes")->asDb();
 117                 $timenow = TimeDate::getInstance()->nowDb();
 118                 if ($timenow > $expiretime)
 119                         $expired='1';
 120             }
 121
 122             if (!$expired)
 123                 {
 124                         // if the form is filled and we want to login
 125                         if (isset($_REQUEST['login']) && $_REQUEST['login'] =='1'){
 126                                 if ( $row['username'] == $_POST['user_name'] ){
 127
 128                                                 $usr= new user();
 129                                                 $usr_id=$usr->retrieve_user_id($_POST['user_name']);
 130                                         $usr->retrieve($usr_id);
 131                                         $usr->setNewPassword($_POST['new_password']);
 132                                             $query2 = "UPDATE users_password_link SET deleted='1' where id='".$_REQUEST['guid']."'";
 133                                                 $GLOBALS['db']->query($query2, true, "Error setting link for $usr->user_name: ");
 134                                                 $_POST['user_name'] = $_REQUEST['user_name'];
 135                                                 $_POST['user_password'] = $_REQUEST['new_password'];
 136                                                 $_POST['module'] = 'Users';
 137                                                 $_POST['action'] = 'Authenticate';
 138                                                 $_POST['login_module'] = 'Home';
 139                                                 $_POST['login_action'] = 'index';
 140                                                 $_POST['Login'] = 'Login';
 141                                                 foreach($_POST as $k=>$v){
 142                                                         $_REQUEST[$k] = $v;
 143                                                         $_GET[$k]= $v;
 144                                                 }
 145                                                 unset($_REQUEST['entryPoint']);
 146                                                 unset($_GET['entryPoint']);
 147                                                 $GLOBALS['app']->execute();
 148                                                 die();
 149                                         }
 150                         }
 151                                 else
 152                                 $redirect='0';
 153                 }
 154                 else
 155                         {
 156                                 $query2 = "UPDATE users_password_link SET deleted='1' where id='".$_REQUEST['guid']."'";
 157                         $GLOBALS['db']->query($query2, true, "Error setting link");
 158                         }
 159                 }
 160         }
 161
 162 if ($redirect!='0')
 163         {
 164         header('location:index.php?action=Login&module=Users');
 165         exit ();
 166         }
 167
 168 ////    PASSWORD GENERATED LINK CHECK USING
 169 ///////////////////////////////////////////////////////////////////////////////
 170
 171         require_once('include/MVC/View/SugarView.php');
 172         $view= new SugarView();
 173         $view->init();
 174         $view->displayHeader();
 175
 176         $sugar_smarty = new Sugar_Smarty();
 177
 178         $admin = new Administration();
 179         $admin->retrieveSettings('captcha');
 180         $add_captcha = 0;
 181         $captcha_privatekey = "";
 182         $captcha_publickey="";
 183         $captcha_js = "";
 184         $Captcha="";
 185         if(isset($admin->settings['captcha_on'])&& $admin->settings['captcha_on']=='1' && !empty($admin->settings['captcha_private_key']) && !empty($admin->settings['captcha_public_key'])){
 186                 $add_captcha = 1;
 187                 $captcha_privatekey = $admin->settings['captcha_private_key'];
 188                 $captcha_publickey = $admin->settings['captcha_public_key'];
 189                 $captcha_js .="<script type='text/javascript' src='" . getJSPath('cache/include/javascript/sugar_grp1_yui.js') . "'></script><script type='text/javascript' src='" . getJSPath('cache/include/javascript/sugar_grp_yui2.js') . "'></script>
 190                 <script type='text/javascript' src='http://api.recaptcha.net/js/recaptcha_ajax.js'></script>
 191                 <script> //var oldFormAction = document.getElementById('form').action; //save old action
 192                 function initCaptcha(){
 193                                 Recaptcha.create('$captcha_publickey' ,'captchaImage',{theme:'custom',callback:Recaptcha.focus_response_field});
 194                                 }
 195
 196                 window.onload=initCaptcha;
 197
 198                 var handleFailure=handleSuccess;
 199                 var handleSuccess = function(o){
 200                         if(o.responseText!==undefined && o.responseText =='Success'){
 201
 202                                 document.getElementById('user_password').value=document.getElementById('new_password').value;
 203                                 document.getElementById('ChangePasswordForm').submit();
 204                         }
 205                         else{
 206                                 alert(o.responseText);
 207                                 Recaptcha.reload();
 208
 209                         }
 210                 }
 211                 var callback2 =
 212                 {
 213                   success:handleSuccess,
 214                   failure: handleFailure
 215                 };
 216                 function validateCaptchaAndSubmit(){
 217                                 var form = document.getElementById('form');
 218                                 var url = '&to_pdf=1&module=Home&action=index&entryPoint=Changenewpassword&recaptcha_challenge_field='+Recaptcha.get_challenge()+'&recaptcha_response_field='+ Recaptcha.get_response();
 219                                 YAHOO.util.Connect.asyncRequest('POST','index.php',callback2,url);
 220
 221                 }
 222
 223         </script>";
 224         $Captcha.=$captcha_js;
 225         $Captcha.= "<tr>
 226                                         <td scope='row' width='20%'>".$mod_strings['LBL_RECAPTCHA_INSTRUCTION_OPPOSITE'].":</td>
 227                             <td width='70%'><input type='text' size='26' id='recaptcha_response_field' value=''></td>
 228                                 <th rowsapn='2' class='x-sqs-list' ><div  id='recaptcha_image'></div></th>
 229                             </tr>
 230
 231                             <tr>
 232                                 <td colspan='2'>
 233                                         <a href='javascript:Recaptcha.reload()'> ".$mod_strings['LBL_RECAPTCHA_NEW_CAPTCHA']."</a>&nbsp;&nbsp;
 234                                         <a class='recaptcha_only_if_image' href='javascript:Recaptcha.switch_type('audio')'>".$mod_strings['LBL_RECAPTCHA_SOUND']."</a>
 235                                         <a class='recaptcha_only_if_audio' href='javascript:Recaptcha.switch_type('image')'>".$mod_strings['LBL_RECAPTCHA_IMAGE']."</a>
 236                                 </td>
 237                         </tr>";
 238
 239         }else{
 240                 echo"<script>function validateCaptchaAndSubmit(){document.getElementById('user_password').value=document.getElementById('new_password').value;document.getElementById('ChangePasswordForm').submit();}</script>";
 241         }
 242 $pwd_settings=$GLOBALS['sugar_config']['passwordsetting'];
 243
 244 $sugar_smarty->assign('sugar_md',getWebPath('include/images/sugar_md_open.png'));
 245 $sugar_smarty->assign("MOD", $mod_strings);
 246 $sugar_smarty->assign("CAPTCHA", $Captcha);
 247 $sugar_smarty->assign("IS_ADMIN", '1');
 248 $sugar_smarty->assign("ENTRY_POINT", 'Changenewpassword');
 249 $sugar_smarty->assign('return_action', 'login');
 250 $sugar_smarty->assign("APP", $app_strings);
 251 $sugar_smarty->assign("INSTRUCTION", $app_strings['NTC_LOGIN_MESSAGE']);
 252 $sugar_smarty->assign("USERNAME_FIELD", '<td scope="row" width="30%">'.$mod_strings['LBL_USER_NAME'].':</td><td width="70%"><input type="text" size="20" tabindex="1" id="user_name" name="user_name"  value=""</td>');
 253 $sugar_smarty->assign('PWDSETTINGS', $GLOBALS['sugar_config']['passwordsetting']);
 254
 255
 256 $rules = "'','',''";
 257
 258 $sugar_smarty->assign('SUBMIT_BUTTON','<input title="'.$mod_strings['LBL_LOGIN_BUTTON_TITLE']
 259         .'" class="button" '
 260         . 'onclick="if(!set_password(form,newrules(' . $rules . '))) return false; validateCaptchaAndSubmit();" '
 261         . 'type="button" tabindex="3" id="login_button" name="Login" value="'.$mod_strings['LBL_LOGIN_BUTTON_LABEL'].'" /><br>&nbsp');
 262
 263 if(!empty($_REQUEST['guid'])) $sugar_smarty->assign("GUID", $_REQUEST['guid']);
 264 $sugar_smarty->display('modules/Users/Changenewpassword.tpl');
 265 $view->displayFooter();
 266 ?>