2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM Community Edition is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
38 /*********************************************************************************
40 * Description: TODO: To be written.
41 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
42 * All Rights Reserved.
43 * Contributor(s): ______________________________________..
44 ********************************************************************************/
46 require_once('include/entryPoint.php');
48 require_once('modules/Users/language/en_us.lang.php');
53 $mod_strings=return_module_language('','Users');
54 $res=$GLOBALS['sugar_config']['passwordsetting'];
55 $regexmail = "/^\w+(['\.\-\+]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,4})+\$/";
57 ///////////////////////////////////////////////////
61 if(isset( $_POST['username']) && isset($_POST['user_email'] )){
62 if ($_POST['username'] != '' && $_POST['user_email'] != ''){
63 $usr_id=$usr->retrieve_user_id($_POST['username']);
64 $usr->retrieve($usr_id);
65 if ($usr->email1 != $_POST['user_email']){
66 echo $mod_strings['ERR_PASSWORD_USERNAME_MISSMATCH'];
69 if ($usr->portal_only || $usr->is_group){
70 echo $mod_strings['LBL_PROVIDE_USERNAME_AND_EMAIL'];
76 echo $mod_strings['LBL_PROVIDE_USERNAME_AND_EMAIL'];
81 if (isset($_POST['userId']) && $_POST['userId'] != ''){
82 $usr->retrieve($_POST['userId']);
85 if(isset( $_POST['sugar_user_name']) && isset($_POST['sugar_user_name'] )){
86 $usr_id=$usr->retrieve_user_id($_POST['sugar_user_name']);
87 $usr->retrieve($usr_id);
90 echo $mod_strings['ERR_USER_INFO_NOT_FOUND'];
97 ///////////////////////////////////////////////////
99 ///////////////////////////////////////////////////
100 /////// Check email address
102 if (!preg_match($regexmail, $usr->emailAddress->getPrimaryAddress($usr))){
103 echo $mod_strings['ERR_EMAIL_INCORRECT'];
108 ///////////////////////////////////////////////////
111 // if i need to generate a password (not a link)
112 if (!isset($_POST['link'])){
114 //chars to select from
115 $LOWERCASE = "abcdefghijklmnpqrstuvwxyz";
116 $NUMBER = "0123456789";
117 $UPPERCASE = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
118 $SPECIAL = '~!@#$%^&*()_+=-{}|';
120 $charBKT.=$UPPERCASE.$LOWERCASE.$NUMBER;
124 // Create random characters for the ones that doesnt have requirements
125 for ($i=0;$i<$lenght-$condition;$i++) // loop and create password
126 $password = $password . substr ($charBKT, rand() % strlen($charBKT), 1);
130 ///////////////////////////////////////////////////
133 // if i need to generate a link
134 if (isset($_POST['link']) && $_POST['link'] == '1'){
137 $url=$GLOBALS['sugar_config']['site_url']."/index.php?entryPoint=Changenewpassword&guid=$guid";
138 $time_now=TimeDate::getInstance()->nowDb();
139 //$q2="UPDATE `users_password_link` SET `deleted` = '1' WHERE `username` = '".$_POST['username']."'";
140 //$usr->db->query($q2);
141 $q = "INSERT INTO users_password_link (id, username, date_generated) VALUES('".$guid."','".$_POST['username']."',' ".$time_now."' ) ";
145 ///////////////////////////////////////////////////
147 /////// Email creation
148 global $sugar_config, $current_user;
149 if (isset($_POST['link']) && $_POST['link'] == '1')
150 $emailTemp_id = $res['lostpasswordtmpl'];
152 $emailTemp_id = $res['generatepasswordtmpl'];
154 $emailTemp = new EmailTemplate();
155 $emailTemp->disable_row_level_security = true;
156 if ($emailTemp->retrieve($emailTemp_id) == ''){
157 echo $mod_strings['LBL_EMAIL_TEMPLATE_MISSING'];
161 //replace instance variables in email templates
162 $htmlBody = $emailTemp->body_html;
163 $body = $emailTemp->body;
164 if (isset($_POST['link']) && $_POST['link'] == '1'){
165 $htmlBody = str_replace('$contact_user_link_guid', $url, $htmlBody);
166 $body = str_replace('$contact_user_link_guid', $url, $body);
169 $htmlBody = str_replace('$contact_user_user_hash', $password, $htmlBody);
170 $body = str_replace('$contact_user_user_hash', $password, $body);
172 // Bug 36833 - Add replacing of special value $instance_url
173 $htmlBody = str_replace('$config_site_url',$sugar_config['site_url'], $htmlBody);
174 $body = str_replace('$config_site_url',$sugar_config['site_url'], $body);
176 $htmlBody = str_replace('$contact_user_user_name', $usr->user_name, $htmlBody);
177 $htmlBody = str_replace('$contact_user_pwd_last_changed', TimeDate::getInstance()->nowDb(), $htmlBody);
178 $body = str_replace('$contact_user_user_name', $usr->user_name, $body);
179 $body = str_replace('$contact_user_pwd_last_changed', TimeDate::getInstance()->nowDb(), $body);
180 // Bug #36250 Replacement of all template variables.
182 $template_data = $emailTemp->parse_email_template(
184 'subject' => $emailTemp->subject,
185 'body_html' => $htmlBody,
192 $emailTemp->subject = $template_data['subject'];
193 $emailTemp->body_html = $template_data['body_html'];
194 $emailTemp->body = $template_data['body'];
195 // Bug #36250 is ended
196 require_once('include/SugarPHPMailer.php');
198 $itemail=$usr->emailAddress->getPrimaryAddress($usr);
199 //retrieve IT Admin Email
200 //_ppd( $emailTemp->body_html);
201 //retrieve email defaults
202 $emailObj = new Email();
203 $defaults = $emailObj->getSystemDefaultEmail();
204 $mail = new SugarPHPMailer();
205 $mail->setMailerForSystem();
206 //$mail->IsHTML(true);
207 $mail->From = $defaults['email'];
208 $mail->FromName = $defaults['name'];
209 $mail->ClearAllRecipients();
210 $mail->ClearReplyTos();
211 $mail->Subject=from_html($emailTemp->subject);
212 if($emailTemp->text_only != 1){
214 $mail->Body=from_html($emailTemp->body_html);
215 $mail->AltBody=from_html($emailTemp->body);
218 $mail->Body_html=from_html($emailTemp->body_html);
219 $mail->Body=from_html($emailTemp->body);
221 if($mail->Body == '' && $current_user->is_admin){
222 echo $app_strings['LBL_EMAIL_TEMPLATE_EDIT_PLAIN_TEXT'];
225 if($mail->Mailer == 'smtp' && $mail->Host ==''&& $current_user->is_admin){
226 echo $mod_strings['ERR_SERVER_SMTP_EMPTY'];
230 $mail->prepForOutbound();
231 $hasRecipients = false;
233 if (!empty($itemail)){
235 $mail->AddBCC($itemail);
237 $mail->AddAddress($itemail);
239 $hasRecipients = true;
243 $success = @$mail->Send();
249 $emailObj->team_id = 1;
250 $emailObj->to_addrs= '';
251 $emailObj->type= 'archived';
252 $emailObj->deleted = '0';
253 $emailObj->name = $mail->Subject ;
254 $emailObj->description = $mail->Body;
255 $emailObj->description_html =null;
256 $emailObj->from_addr = $mail->From;
257 $emailObj->parent_type = 'User';
258 $emailObj->date_sent =TimeDate::getInstance()->nowDb();
259 $emailObj->modified_user_id = '1';
260 $emailObj->created_by = '1';
261 $emailObj->status='sent';
262 $retId = $emailObj->save();
264 if (!isset($_POST['link'])){
265 $user_hash = strtolower(md5($password));
266 $usr->setPreference('loginexpiration','0');
267 $usr->setPreference('lockout','');
268 $usr->setPreference('loginfailed','0');
269 $usr->savePreferencesToDB();
271 $now=TimeDate::getInstance()->nowDb();
272 $query = "UPDATE $usr->table_name SET user_hash='$user_hash', system_generated_password='1', pwd_last_changed='$now' where id='$usr->id'";
273 $usr->db->query($query, true, "Error setting new password for $usr->user_name: ");
277 if ($current_user->is_admin){
278 $email_errors=$mod_strings['ERR_EMAIL_NOT_SENT_ADMIN'];
279 if ($mail->Mailer == 'smtp')
280 $email_errors.="\n-".$mod_strings['ERR_SMTP_URL_SMTP_PORT'];
282 $email_errors.="\n-".$mod_strings['ERR_SMTP_USERNAME_SMTP_PASSWORD'];
283 $email_errors.="\n-".$mod_strings['ERR_RECIPIENT_EMAIL'];
284 $email_errors.="\n-".$mod_strings['ERR_SERVER_STATUS'];
288 echo $mod_strings['LBL_EMAIL_NOT_SENT'];