Index: trunk/kernel/frontaction.php
===================================================================
diff -u -r842 -r858
--- trunk/kernel/frontaction.php (.../frontaction.php) (revision 842)
+++ trunk/kernel/frontaction.php (.../frontaction.php) (revision 858)
@@ -91,9 +91,35 @@
}
}
break;
-
+
+ case "m_resetpw":
+ $passed_arr = explode(';', base64_decode($_GET['user_key']));
+ $found = false;
+
+ $u = $objUsers->GetItemByField("Email", $passed_arr[1]);
+ if(is_object($u)) {
+ $found = ($u->Get("PortalUserId")==$passed_arr[0] && $u->Get("Status")==1) && strlen($u->Get("Password"));
+ }
+
+ if($found)
+ {
+ $newpw = makepassword();
+ $objSession->Set('password', $newpw);
+ $u->Set("Password",$newpw);
+ $u->Set("PassResetTime", time());
+ $u->Update();
+ $u->SendUserEventMail("USER.PSWD",$u->Get("PortalUserId"));
+ $u->SendAdminEventMail("USER.PSWD");
+ $u->Set("Password",md5($newpw));
+ $u->Update();
+ $u->Clean();
+ }
+ break;
+
case "m_forgotpw":
$MissingCount = SetMissingDataErrors("forgotpw");
+ $pass_reset_add = $objConfig->Get("Users_AllowReset");
+
if($MissingCount==0)
{
$username = $_POST["username"];
@@ -111,16 +137,21 @@
if(is_object($u))
$found = ($u->Get("Email")==$email && $u->Get("Status")==1) && strlen($u->Get("Password"));
}
- if($found)
+
+ $allow_reset = $u->Get("PassResetTime") + $pass_reset_add;
+
+ if($found && $allow_reset <= time())
{
- $newpw = makepassword();
- $objSession->Set('password', $newpw);
- $u->Set("Password",$newpw);
- $u->Update();
- $u->SendUserEventMail("USER.PSWD",$u->Get("PortalUserId"));
- $u->SendAdminEventMail("USER.PSWD");
- $u->Set("Password",md5($newpw));
- $u->Update();
+ //$newpw = makepassword();
+ //$objSession->Set('password', $newpw);
+ $objSession->Set('tmp_user_id', $u->Get("PortalUserId"));
+ $objSession->Set('tmp_email', $u->Get("Email"));
+ //$u->Set("Password",$newpw);
+ //$u->Update();
+ $u->SendUserEventMail("USER.PSWDC",$u->Get("PortalUserId"));
+ //$u->SendAdminEventMail("USER.PSWDC");
+ //$u->Set("Password",md5($newpw));
+ //$u->Update();
$u->Clean();
}
else
@@ -136,6 +167,10 @@
$FormError["forgotpw"]["username"] = language("lu_ferror_unknown_username");
if(strlen($email))
$FormError["forgotpw"]["email"] = language("lu_ferror_unknown_email");
+ if ($allow_reset > time()) {
+ $FormError["forgotpw"]["username"] = language("lu_ferror_reset_denied");
+ //$FormError["forgotpw"] = language("lu_ferror_reset_denied");
+ }
$MissingCount++;
}
if(strlen($_GET["error"]))
@@ -837,6 +872,7 @@
case 1: /* category */
//echo "Searching for categories
";
$objAdvSearch = new clsAdvancedSearchResults("Category","clsCategory");
+
foreach($objSearchConfig->Items as $field)
{
$fld = $field->Get("FieldName");
@@ -865,7 +901,7 @@
default:
$Conjuction = "";
break;
- }
+ }
if(strlen($Verb)>0 && $Verb!="any")
{
//echo "Adding CAT SearchField: [".$field->Get("TableName")."]; [".$field->Get("FieldName")."]; [$Verb]; [$Value]; [$Conjuction]
";