modules/Users/GeneratePassword.php

   1 <?php
   2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
   3 /*********************************************************************************
   4  * SugarCRM Community Edition is a customer relationship management program developed by
   5  * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
   6  *
   7  * This program is free software; you can redistribute it and/or modify it under
   8  * the terms of the GNU Affero General Public License version 3 as published by the
   9  * Free Software Foundation with the addition of the following permission added
  10  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
  11  * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
  12  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
  13  *
  14  * This program is distributed in the hope that it will be useful, but WITHOUT
  15  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  16  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
  17  * details.
  18  *
  19  * You should have received a copy of the GNU Affero General Public License along with
  20  * this program; if not, see http://www.gnu.org/licenses or write to the Free
  21  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  22  * 02110-1301 USA.
  23  *
  24  * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
  25  * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
  26  *
  27  * The interactive user interfaces in modified source and object code versions
  28  * of this program must display Appropriate Legal Notices, as required under
  29  * Section 5 of the GNU Affero General Public License version 3.
  30  *
  31  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
  32  * these Appropriate Legal Notices must retain the display of the "Powered by
  33  * SugarCRM" logo. If the display of the logo is not reasonably feasible for
  34  * technical reasons, the Appropriate Legal Notices must display the words
  35  * "Powered by SugarCRM".
  36  ********************************************************************************/
  37
  38 /*********************************************************************************
  39
  40  * Description:  TODO: To be written.
  41  * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
  42  * All Rights Reserved.
  43  * Contributor(s): ______________________________________..
  44  ********************************************************************************/
  45
  46     require_once('include/entryPoint.php');
  47
  48     require_once('modules/Users/language/en_us.lang.php');
  49     global $app_strings;
  50     global $sugar_config;
  51     global $new_pwd;
  52
  53         $mod_strings=return_module_language('','Users');
  54         $res=$GLOBALS['sugar_config']['passwordsetting'];
  55         $regexmail = "/^\w+(['\.\-\+]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,4})+\$/";
  56
  57 ///////////////////////////////////////////////////
  58 ///////  Retrieve user
  59 $username = '';
  60 $useremail = '';
  61 if(isset( $_POST['user_name'])){
  62         $username = $_POST['user_name'];
  63 }else if(isset( $_POST['username'])){
  64         $username = $_POST['username'];
  65 }
  66
  67 if(isset( $_POST['Users0emailAddress0'])){
  68         $useremail = $_POST['Users0emailAddress0'];
  69 }else if(isset( $_POST['user_email'])){
  70         $useremail = $_POST['user_email'];
  71 }
  72
  73     $usr= new user();
  74     if(isset($username) && $username != '' && isset($useremail) && $useremail != '')
  75     {
  76         if ($username != '' && $useremail != ''){
  77             $usr_id=$usr->retrieve_user_id($username);
  78             $usr->retrieve($usr_id);
  79             if ($usr->email1 !=  $useremail){
  80                 echo $mod_strings['ERR_PASSWORD_USERNAME_MISSMATCH'];
  81                 return;
  82             }
  83
  84             if ($usr->portal_only || $usr->is_group){
  85                     echo $mod_strings['LBL_PROVIDE_USERNAME_AND_EMAIL'];
  86                     return;
  87             }
  88         }
  89         else
  90         {
  91                 echo  $mod_strings['LBL_PROVIDE_USERNAME_AND_EMAIL'];
  92                 return;
  93         }
  94     }
  95     else{
  96         if (isset($_POST['userId']) && $_POST['userId'] != ''){
  97             $usr->retrieve($_POST['userId']);
  98         }
  99         else{
 100                 if(isset( $_POST['sugar_user_name']) && isset($_POST['sugar_user_name'] )){
 101                                 $usr_id=$usr->retrieve_user_id($_POST['sugar_user_name']);
 102                         $usr->retrieve($usr_id);
 103                         }
 104                 else{
 105                         echo  $mod_strings['ERR_USER_INFO_NOT_FOUND'];
 106                 return;
 107                 }
 108         }
 109     }
 110
 111 ///////
 112 ///////////////////////////////////////////////////
 113
 114 ///////////////////////////////////////////////////
 115 ///////  Check email address
 116
 117         if (!preg_match($regexmail, $usr->emailAddress->getPrimaryAddress($usr))){
 118                 echo $mod_strings['ERR_EMAIL_INCORRECT'];
 119                 return;
 120         }
 121
 122 ///////
 123 ///////////////////////////////////////////////////
 124
 125
 126         // if i need to generate a password (not a link)
 127     if (!isset($_POST['link'])){
 128         $password = User::generatePassword();
 129     }
 130
 131 ///////////////////////////////////////////////////
 132 ///////  Create URL
 133
 134 // if i need to generate a link
 135 if (isset($_POST['link']) && $_POST['link'] == '1'){
 136         global $timedate;
 137         $guid=create_guid();
 138         $url=$GLOBALS['sugar_config']['site_url']."/index.php?entryPoint=Changenewpassword&guid=$guid";
 139         $time_now=TimeDate::getInstance()->nowDb();
 140         //$q2="UPDATE `users_password_link` SET `deleted` = '1' WHERE `username` = '".$username."'";
 141         //$usr->db->query($q2);
 142         $q = "INSERT INTO users_password_link (id, username, date_generated) VALUES('".$guid."','".$username."',' ".$time_now."' ) ";
 143         $usr->db->query($q);
 144 }
 145 ///////
 146 ///////////////////////////////////////////////////
 147
 148 ///////  Email creation
 149         global $current_user;
 150     if (isset($_POST['link']) && $_POST['link'] == '1')
 151         $emailTemp_id = $res['lostpasswordtmpl'];
 152     else
 153         $emailTemp_id = $res['generatepasswordtmpl'];
 154
 155     $additionalData = array(
 156         'link' => isset($_POST['link']) && $_POST['link'] == '1',
 157         'password' => $password
 158     );
 159     if (isset($url))
 160     {
 161         $additionalData['url'] = $url;
 162     }
 163     $result = $usr->sendEmailForPassword($emailTemp_id, $additionalData);
 164     if ($result['status'] == false && $result['message'] != '')
 165     {
 166         echo $result['message'];
 167         $new_pwd = '4';
 168         return;
 169     }
 170
 171     if ($result['status'] == true)
 172     {
 173         echo '1';
 174     } else {
 175         $new_pwd='4';
 176         if ($current_user->is_admin){
 177                 $email_errors=$mod_strings['ERR_EMAIL_NOT_SENT_ADMIN'];
 178                 if ($mail->Mailer == 'smtp')
 179                         $email_errors.="\n-".$mod_strings['ERR_SMTP_URL_SMTP_PORT'];
 180                 if ($mail->SMTPAuth)
 181                         $email_errors.="\n-".$mod_strings['ERR_SMTP_USERNAME_SMTP_PASSWORD'];
 182                 $email_errors.="\n-".$mod_strings['ERR_RECIPIENT_EMAIL'];
 183                 $email_errors.="\n-".$mod_strings['ERR_SERVER_STATUS'];
 184                 echo $email_errors;
 185         }
 186         else
 187                 echo $mod_strings['LBL_EMAIL_NOT_SENT'];
 188     }
 189     return;
 190
 191 ?>