add('name', PLUGIN_EVENT_FORGOTPASSWORD_NAME); $propbag->add('description', PLUGIN_EVENT_FORGOTPASSWORD_DESC); $propbag->add('stackable', false); $propbag->add('author', 'Omid Mottaghi'); $propbag->add('version', '0.12.3'); $propbag->add('requirements', array( 'serendipity' => '0.9.1', 'smarty' => '2.6.7', 'php' => '4.1.0' )); $propbag->add('event_hooks', array('backend_login_page' => true)); $propbag->add('configuration', array('nomailinfo', 'nomailadd', 'nomailtxt')); $propbag->add('groups', array('BACKEND_FEATURES')); $propbag->add('legal', array( 'services' => array( 'mail' => array( 'url' => '#', 'desc' => 'Sends E-Mails to user-specified addresses' ), ), 'frontend' => array( ), 'backend' => array( 'This plugin sends tokens/links via e-mail as the result of a "forgot login" function.', ), 'cookies' => array( ), 'stores_user_input' => false, 'stores_ip' => false, 'uses_ip' => false, 'transmits_user_input' => true )); } function generate_content(&$title) { $title = $this->title; } function introspect_config_item($name, &$propbag) { switch($name) { case 'nomailinfo': $propbag->add('type', 'text'); $propbag->add('name', PLUGIN_EVENT_FORGOTPASSWORD_MAILER); $propbag->add('description', ''); $propbag->add('default', PLUGIN_EVENT_FORGOTPASSWORD_MAILER_DEFAULT); break; case 'nomailtxt': $propbag->add('type', 'text'); $propbag->add('name', PLUGIN_EVENT_FORGOTPASSWORD_MAILER_MAILTXT); $propbag->add('description', ''); $propbag->add('default', PLUGIN_EVENT_FORGOTPASSWORD_MAILER_MAILTXT_DEFAULT); break; case 'nomailadd': $propbag->add('type', 'string'); $propbag->add('name', PLUGIN_EVENT_FORGOTPASSWORD_MAILER_MAIL); $propbag->add('description', ''); $propbag->add('default', ''); break; } return true; } function event_hook($event, &$bag, &$eventData, $addData = null) { global $serendipity; $hooks = &$bag->get('event_hooks'); if (isset($hooks[$event])) { switch($event) { case 'backend_login_page': // first LINK if (!isset($_GET['forgotpassword']) && !isset($_GET['username']) && !isset($_POST['username'])) { $eventData['footer'] = '

'.PLUGIN_EVENT_FORGOTPASSWORD_LOST_PASSWORD.'

'; return true; // first FORM } elseif (!isset($_POST['username']) && !isset($_GET['uid'])) { $eventData['footer'] = ' '; return true; // submitted FORM (send an email to user and show a simple page) } elseif (!isset($_POST['uid']) && isset($_POST['username'])) { $q = 'SELECT email, authorid FROM '.$serendipity['dbPrefix'].'authors where username = \''.serendipity_db_escape_string($_POST['username']).'\''; $sql = serendipity_db_query($q); if (!is_array($sql) || count($sql) < 1) { $eventData['footer'] = '

' . PLUGIN_EVENT_FORGOTPASSWORD_USER_NOT_EXIST . '

'; return true; } if ($sql && is_array($sql)) { if (empty($sql[0]['email'])) { $eventData['footer'] = '

' . $this->get_config('nomailinfo') . '

'; if ($this->get_config('nomailadd') != '') { $sent = serendipity_sendMail($this->get_config('nomailadd'), PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_SUBJECT, sprintf($this->get_config('nomailtxt'), $_POST['username']), NULL); } return true; } $res = $sql[0]; $email = $res['email']; $authorid = $res['authorid']; $md5 = md5(uniqid(time())); $q = 'INSERT INTO '.$serendipity['dbPrefix'].'forgotpassword VALUES (\''.$md5.'\', \''.$authorid.'\')'; $sql = serendipity_db_query($q); if(!$sql){ $eventData['footer'] = '

'.PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_DB_ERROR.'

'; return true; } $sent = serendipity_sendMail($email, PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_SUBJECT, PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_BODY.$serendipity['baseURL'].'serendipity_admin.php?username='.$authorid.'&uid='.$md5, NULL); if ($sent) { $eventData['footer'] = '

'.PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_SENT.'

'; } else { $eventData['footer'] = '

'.PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_CANNOT_SEND.'

'; } return true; } else { $eventData['footer'] = '

'.PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_DB_ERROR.'

'; return true; } // clicked link in user email } elseif (isset($_GET['uid']) && isset($_GET['username']) && !isset($_POST['password'])){ $eventData['footer'] = ' '; return true; // changed password page } elseif (isset($_POST['uid']) && isset($_POST['username']) && isset($_POST['password'])){ $q = 'SELECT * FROM '.$serendipity['dbPrefix'].'forgotpassword where authorid = \''.serendipity_db_escape_string($_POST['username']).'\' and uid = \''.serendipity_db_escape_string($_POST['uid']).'\''; $sql = serendipity_db_query($q); if ($sql && is_array($sql)) { $res = $sql[0]; $authorid = $res['authorid']; if (function_exists('serendipity_hash')) { $password = serendipity_hash($_POST['password']); $q = 'UPDATE '.$serendipity['dbPrefix'].'authors SET hashtype=1, password=\''.$password.'\' where authorid = \''.serendipity_db_escape_string($_POST['username']).'\''; } else { $password = md5($_POST['password']); $q = 'UPDATE '.$serendipity['dbPrefix'].'authors SET password=\''.$password.'\' where authorid = \''.serendipity_db_escape_string($_POST['username']).'\''; } $sql = serendipity_db_query($q); if (!$sql){ $eventData['footer'] = '

'.PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_DB_ERROR.'

'; return true; } $q = 'DELETE FROM '.$serendipity['dbPrefix'].'forgotpassword where authorid = \''.serendipity_db_escape_string($_POST['username']).'\''; $sql = serendipity_db_query($q); $eventData['footer'] = '

'.PLUGIN_EVENT_FORGOTPASSWORD_PASSWORD_CHANGED.'

'; return true; } else { $eventData['footer'] = '

'.PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_DB_ERROR.'

'; return true; } } break; default: return false; } } else { return false; } return false; } function install() { global $serendipity; //create table xxxx_forgotpassword $q = "CREATE TABLE {$serendipity['dbPrefix']}forgotpassword ( uid varchar(32) not null, authorid int(11) not null )"; serendipity_db_schema_import($q); } function uninstall(&$propbag) { global $serendipity; // Drop tables $q = "DROP TABLE ".$serendipity['dbPrefix']."forgotpassword"; serendipity_db_schema_import($q); } } /* vim: set sts=4 ts=4 expandtab : */

'.PLUGIN_EVENT_FORGOTPASSWORD_ENTER_USERNAME.'
'.USERNAME.'

'.PLUGIN_EVENT_FORGOTPASSWORD_ENTER_PASSWORD.'
'.PASSWORD.'