| Textpattern | PHP Cross Reference | Content Management Systems |
1 <?php 2 3 /* 4 $HeadURL: https://textpattern.googlecode.com/svn/releases/4.5.4/source/textpattern/lib/txplib_admin.php $ 5 $LastChangedRevision: 3818 $ 6 */ 7 8 //------------------------------------------------------------- 9 10 function send_password($RealName, $name, $email, $password) 11 { 12 global $sitename; 13 14 require_privs('admin.edit'); 15 16 $message = gTxt('greeting').' '.$RealName.','. 17 18 n.n.gTxt('you_have_been_registered').' '.$sitename. 19 20 n.n.gTxt('your_login_is').': '.$name. 21 n.gTxt('your_password_is').': '.$password. 22 23 n.n.gTxt('log_in_at').': '.hu.'textpattern/index.php'; 24 25 return txpMail($email, "[$sitename] ".gTxt('your_login_info'), $message); 26 } 27 28 // ------------------------------------------------------------- 29 30 function send_new_password($password, $email, $name) 31 { 32 global $txp_user, $sitename; 33 34 if ( empty( $name)) $name = $txp_user; 35 36 $message = gTxt('greeting').' '.$name.','. 37 38 n.n.gTxt('your_password_is').': '.$password. 39 40 n.n.gTxt('log_in_at').': '.hu.'textpattern/index.php'; 41 42 return txpMail($email, "[$sitename] ".gTxt('your_new_password'), $message); 43 } 44 45 // ------------------------------------------------------------- 46 47 function send_reset_confirmation_request($name) 48 { 49 global $sitename; 50 51 $rs = safe_row('email, nonce', 'txp_users', "name = '".doSlash($name)."'"); 52 53 if ($rs) 54 { 55 extract($rs); 56 57 $confirm = bin2hex(pack('H*', substr(md5($nonce), 0, 10)).$name); 58 59 $message = gTxt('greeting').' '.$name.','. 60 61 n.n.gTxt('password_reset_confirmation').': '. 62 n.hu.'textpattern/index.php?confirm='.$confirm; 63 64 if (txpMail($email, "[$sitename] ".gTxt('password_reset_confirmation_request'), $message)) 65 { 66 return gTxt('password_reset_confirmation_request_sent'); 67 } 68 else 69 { 70 return gTxt('could_not_mail'); 71 } 72 } 73 74 else 75 { 76 // Though 'unknown_author' could be thrown, send generic 'request_sent' message 77 // instead so that (non-)existence of account names are not leaked 78 return gTxt('password_reset_confirmation_request_sent'); 79 } 80 } 81 82 // ------------------------------------------------------------- 83 84 function generate_password($length = 10) 85 { 86 $pass = ''; 87 $chars = '23456789abcdefghijkmnopqrstuvwxyz'; 88 $length = min(strlen($chars), $length); 89 $i = 0; 90 91 while ($i < $length) 92 { 93 $char = substr($chars, mt_rand(0, strlen($chars)-1), 1); 94 95 if (!strstr($pass, $char)) 96 { 97 $pass .= $char; 98 $i++; 99 } 100 } 101 102 return $pass; 103 } 104 105 // ------------------------------------------------------------- 106 107 function reset_author_pass($name) 108 { 109 $email = safe_field('email', 'txp_users', "name = '".doSlash($name)."'"); 110 111 $new_pass = generate_password(PASSWORD_LENGTH); 112 $hash = doSlash(txp_hash_password($new_pass)); 113 114 $rs = safe_update('txp_users', "pass = '$hash'", "name = '".doSlash($name)."'"); 115 116 if ($rs) 117 { 118 if (send_new_password($new_pass, $email, $name)) 119 { 120 return(gTxt('password_sent_to').' '.$email); 121 } 122 123 else 124 { 125 return(gTxt('could_not_mail').' '.$email); 126 } 127 } 128 129 else 130 { 131 return(gTxt('could_not_update_author').' '.txpspecialchars($name)); 132 } 133 } 134 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
title