modules/Users/GeneratePassword.php

   1 <?php
   2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
   3 /*********************************************************************************
   4  * SugarCRM Community Edition is a customer relationship management program developed by
   5  * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
   6  *
   7  * This program is free software; you can redistribute it and/or modify it under
   8  * the terms of the GNU Affero General Public License version 3 as published by the
   9  * Free Software Foundation with the addition of the following permission added
  10  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
  11  * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
  12  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
  13  *
  14  * This program is distributed in the hope that it will be useful, but WITHOUT
  15  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  16  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
  17  * details.
  18  *
  19  * You should have received a copy of the GNU Affero General Public License along with
  20  * this program; if not, see http://www.gnu.org/licenses or write to the Free
  21  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  22  * 02110-1301 USA.
  23  *
  24  * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
  25  * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
  26  *
  27  * The interactive user interfaces in modified source and object code versions
  28  * of this program must display Appropriate Legal Notices, as required under
  29  * Section 5 of the GNU Affero General Public License version 3.
  30  *
  31  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
  32  * these Appropriate Legal Notices must retain the display of the "Powered by
  33  * SugarCRM" logo. If the display of the logo is not reasonably feasible for
  34  * technical reasons, the Appropriate Legal Notices must display the words
  35  * "Powered by SugarCRM".
  36  ********************************************************************************/
  37
  38 /*********************************************************************************
  39
  40  * Description:  TODO: To be written.
  41  * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
  42  * All Rights Reserved.
  43  * Contributor(s): ______________________________________..
  44  ********************************************************************************/
  45
  46     require_once('include/entryPoint.php');
  47
  48     require_once('modules/Users/language/en_us.lang.php');
  49     global $app_strings;
  50     global $sugar_config;
  51     global $new_pwd;
  52
  53         $mod_strings=return_module_language('','Users');
  54         $res=$GLOBALS['sugar_config']['passwordsetting'];
  55         $regexmail = "/^\w+(['\.\-\+]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,4})+\$/";
  56
  57 ///////////////////////////////////////////////////
  58 ///////  Retrieve user
  59
  60     $usr= new user();
  61     if(isset( $_POST['username']) && isset($_POST['user_email'] )){
  62         if ($_POST['username'] != '' && $_POST['user_email'] != ''){
  63                 $usr_id=$usr->retrieve_user_id($_POST['username']);
  64                 $usr->retrieve($usr_id);
  65                 if ($usr->email1 !=  $_POST['user_email']){
  66                     echo $mod_strings['ERR_PASSWORD_USERNAME_MISSMATCH'];
  67                     return;
  68             }
  69             if ($usr->portal_only || $usr->is_group){
  70                     echo $mod_strings['LBL_PROVIDE_USERNAME_AND_EMAIL'];
  71                     return;
  72             }
  73         }
  74         else
  75         {
  76                 echo  $mod_strings['LBL_PROVIDE_USERNAME_AND_EMAIL'];
  77                 return;
  78         }
  79     }
  80     else{
  81         if (isset($_POST['userId']) && $_POST['userId'] != ''){
  82             $usr->retrieve($_POST['userId']);
  83         }
  84         else{
  85                 if(isset( $_POST['sugar_user_name']) && isset($_POST['sugar_user_name'] )){
  86                                 $usr_id=$usr->retrieve_user_id($_POST['sugar_user_name']);
  87                         $usr->retrieve($usr_id);
  88                         }
  89                 else{
  90                         echo  $mod_strings['ERR_USER_INFO_NOT_FOUND'];
  91                 return;
  92                 }
  93         }
  94     }
  95
  96 ///////
  97 ///////////////////////////////////////////////////
  98
  99 ///////////////////////////////////////////////////
 100 ///////  Check email address
 101
 102         if (!preg_match($regexmail, $usr->emailAddress->getPrimaryAddress($usr))){
 103                 echo $mod_strings['ERR_EMAIL_INCORRECT'];
 104                 return;
 105         }
 106
 107 ///////
 108 ///////////////////////////////////////////////////
 109
 110
 111         // if i need to generate a password (not a link)
 112     if (!isset($_POST['link'])){
 113             $charBKT='';
 114             //chars to select from
 115             $LOWERCASE = "abcdefghijklmnpqrstuvwxyz";
 116             $NUMBER = "0123456789";
 117             $UPPERCASE = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
 118             $SPECIAL = '~!@#$%^&*()_+=-{}|';
 119             $condition = 0;
 120             $charBKT.=$UPPERCASE.$LOWERCASE.$NUMBER;
 121             $password="";
 122
 123                 $lenght='6';
 124             // Create random characters for the ones that doesnt have requirements
 125             for ($i=0;$i<$lenght-$condition;$i++)  // loop and create password
 126                $password = $password . substr ($charBKT, rand() % strlen($charBKT), 1);
 127
 128     }
 129
 130 ///////////////////////////////////////////////////
 131 ///////  Create URL
 132
 133 // if i need to generate a link
 134 if (isset($_POST['link']) && $_POST['link'] == '1'){
 135         global $timedate;
 136         $guid=create_guid();
 137         $url=$GLOBALS['sugar_config']['site_url']."/index.php?entryPoint=Changenewpassword&guid=$guid";
 138         $time_now=TimeDate::getInstance()->nowDb();
 139         //$q2="UPDATE `users_password_link` SET `deleted` = '1' WHERE `username` = '".$_POST['username']."'";
 140         //$usr->db->query($q2);
 141         $q = "INSERT INTO users_password_link (id, username, date_generated) VALUES('".$guid."','".$_POST['username']."',' ".$time_now."' ) ";
 142         $usr->db->query($q);
 143 }
 144 ///////
 145 ///////////////////////////////////////////////////
 146
 147 ///////  Email creation
 148         global $sugar_config, $current_user;
 149     if (isset($_POST['link']) && $_POST['link'] == '1')
 150         $emailTemp_id = $res['lostpasswordtmpl'];
 151     else
 152         $emailTemp_id = $res['generatepasswordtmpl'];
 153
 154     $emailTemp = new EmailTemplate();
 155     $emailTemp->disable_row_level_security = true;
 156     if ($emailTemp->retrieve($emailTemp_id) == ''){
 157         echo $mod_strings['LBL_EMAIL_TEMPLATE_MISSING'];
 158         $new_pwd='4';
 159         return;}
 160
 161     //replace instance variables in email templates
 162     $htmlBody = $emailTemp->body_html;
 163     $body = $emailTemp->body;
 164     if (isset($_POST['link']) && $_POST['link'] == '1'){
 165         $htmlBody = str_replace('$contact_user_link_guid', $url, $htmlBody);
 166         $body = str_replace('$contact_user_link_guid', $url, $body);
 167     }
 168     else{
 169         $htmlBody = str_replace('$contact_user_user_hash', $password, $htmlBody);
 170         $body = str_replace('$contact_user_user_hash', $password, $body);
 171     }
 172     // Bug 36833 - Add replacing of special value $instance_url
 173     $htmlBody = str_replace('$config_site_url',$sugar_config['site_url'], $htmlBody);
 174     $body = str_replace('$config_site_url',$sugar_config['site_url'], $body);
 175
 176     $htmlBody = str_replace('$contact_user_user_name', $usr->user_name, $htmlBody);
 177     $htmlBody = str_replace('$contact_user_pwd_last_changed', TimeDate::getInstance()->nowDb(), $htmlBody);
 178     $body = str_replace('$contact_user_user_name', $usr->user_name, $body);
 179     $body = str_replace('$contact_user_pwd_last_changed', TimeDate::getInstance()->nowDb(), $body);
 180     // Bug #36250 Replacement of all template variables.
 181     $macro_nv=array();
 182     $template_data =  $emailTemp->parse_email_template(
 183         array(
 184             'subject' => $emailTemp->subject,
 185             'body_html' => $htmlBody,
 186             'body' => $body
 187         ),
 188         $usr->module_dir,
 189         $usr,
 190         $macro_nv
 191     );
 192     $emailTemp->subject = $template_data['subject'];
 193     $emailTemp->body_html = $template_data['body_html'];
 194     $emailTemp->body = $template_data['body'];
 195     // Bug #36250 is ended
 196     require_once('include/SugarPHPMailer.php');
 197
 198     $itemail=$usr->emailAddress->getPrimaryAddress($usr);
 199     //retrieve IT Admin Email
 200     //_ppd( $emailTemp->body_html);
 201     //retrieve email defaults
 202     $emailObj = new Email();
 203     $defaults = $emailObj->getSystemDefaultEmail();
 204     $mail = new SugarPHPMailer();
 205     $mail->setMailerForSystem();
 206     //$mail->IsHTML(true);
 207     $mail->From = $defaults['email'];
 208     $mail->FromName = $defaults['name'];
 209     $mail->ClearAllRecipients();
 210     $mail->ClearReplyTos();
 211     $mail->Subject=from_html($emailTemp->subject);
 212     if($emailTemp->text_only != 1){
 213         $mail->IsHTML(true);
 214         $mail->Body=from_html($emailTemp->body_html);
 215         $mail->AltBody=from_html($emailTemp->body);
 216     }
 217     else {
 218         $mail->Body_html=from_html($emailTemp->body_html);
 219         $mail->Body=from_html($emailTemp->body);
 220     }
 221     if($mail->Body == '' && $current_user->is_admin){
 222         echo $app_strings['LBL_EMAIL_TEMPLATE_EDIT_PLAIN_TEXT'];
 223         $new_pwd='4';
 224         return;}
 225     if($mail->Mailer == 'smtp' && $mail->Host ==''&& $current_user->is_admin){
 226         echo $mod_strings['ERR_SERVER_SMTP_EMPTY'];
 227         $new_pwd='4';
 228         return;}
 229
 230     $mail->prepForOutbound();
 231     $hasRecipients = false;
 232
 233     if (!empty($itemail)){
 234         if($hasRecipients){
 235             $mail->AddBCC($itemail);
 236         }else{
 237             $mail->AddAddress($itemail);
 238         }
 239         $hasRecipients = true;
 240     }
 241     $success = false;
 242     if($hasRecipients){
 243         $success = @$mail->Send();
 244     }
 245
 246     //now create email
 247     if($success){
 248
 249         $emailObj->team_id = 1;
 250         $emailObj->to_addrs= '';
 251         $emailObj->type= 'archived';
 252         $emailObj->deleted = '0';
 253         $emailObj->name = $mail->Subject ;
 254         $emailObj->description = $mail->Body;
 255         $emailObj->description_html =null;
 256         $emailObj->from_addr = $mail->From;
 257         $emailObj->parent_type = 'User';
 258         $emailObj->date_sent =TimeDate::getInstance()->nowDb();
 259         $emailObj->modified_user_id = '1';
 260         $emailObj->created_by = '1';
 261         $emailObj->status='sent';
 262         $retId = $emailObj->save();
 263         echo '1';
 264         if (!isset($_POST['link'])){
 265                 $user_hash = strtolower(md5($password));
 266                 $usr->setPreference('loginexpiration','0');
 267                 $usr->setPreference('lockout','');
 268                 $usr->setPreference('loginfailed','0');
 269                 $usr->savePreferencesToDB();
 270                 //set new password
 271                 $now=TimeDate::getInstance()->nowDb();
 272                 $query = "UPDATE $usr->table_name SET user_hash='$user_hash', system_generated_password='1', pwd_last_changed='$now' where id='$usr->id'";
 273                 $usr->db->query($query, true, "Error setting new password for $usr->user_name: ");
 274         }
 275     }else{
 276         $new_pwd='4';
 277         if ($current_user->is_admin){
 278                 $email_errors=$mod_strings['ERR_EMAIL_NOT_SENT_ADMIN'];
 279                 if ($mail->Mailer == 'smtp')
 280                         $email_errors.="\n-".$mod_strings['ERR_SMTP_URL_SMTP_PORT'];
 281                 if ($mail->SMTPAuth)
 282                         $email_errors.="\n-".$mod_strings['ERR_SMTP_USERNAME_SMTP_PASSWORD'];
 283                 $email_errors.="\n-".$mod_strings['ERR_RECIPIENT_EMAIL'];
 284                 $email_errors.="\n-".$mod_strings['ERR_SERVER_STATUS'];
 285                 echo $email_errors;
 286         }
 287         else
 288                 echo $mod_strings['LBL_EMAIL_NOT_SENT'];
 289     }
 290     return;
 291
 292 ?>