reSIProcate/repro  9694
generatepassword.php
Go to the documentation of this file.
00001 <?php
00002 /*
00003 System:  Repro
00004 File:    generatepassword
00005 Purpose: Take a username and an email address and, if that email address matches
00006 the username, then generate a new, random, password, set that users
00007 password to the new password, and email the password to the user.
00008 Author:  S. Chanin
00009 */
00010 
00011 require('reprofunctions.php');
00012 
00013 // edit checks on values entered
00014 $error="";
00015 
00016 // pull out the post variables
00017 $username=$_POST['username'];
00018 $email=$_POST['email'];
00019 
00020 // ensure that all required values have been filled in
00021 if (empty($username)) {
00022     $error = $error . "Username must be non-blank.<br />"; }
00023 if (empty($email)) {
00024         $error = $error . "Email must be non-blank.<br />"; }
00025 
00026 /* validate that the username and email address match a known user.
00027  note -- this error could occur either because the username is unknown
00028  or because the email address doesn't match.  I don't show this
00029  distinction to avoid creating an easy way to fish for usernames. 
00030 
00031  This function also requires that the username correspond to an active account.
00032  We do not allow passwords to be reset for unverified or disabled accounts.
00033 */
00034 if (!matchUserAndEmail($username,$email)) {
00035         $error = $error . "That username does not match the email address provided for any of our active accounts.<br />";      
00036 }
00037 
00038 if (!empty($error)) {
00039         header("Location: http://" . $_SERVER['HTTP_HOST'] . 
00040                         dirname($_SERVER['PHP_SELF']) . 
00041                         "/forgotpassword.php?username=$username&email=$email&error=" . urlencode($error));
00042                 exit;
00043 }
00044 ?>
00045 
00046 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
00047 
00048 <html>
00049 <head>
00050 <link rel="stylesheet" type="text/css" href="repro_style.css" />
00051 <title>Sending New Password</title>
00052 </head>
00053 
00054 
00055 <body>
00056 <h1 class="title">Repro</h1>
00057 
00058 <?php
00059 // generate a random password
00060 // TODO -- think about whether this works in a unicode, non-english environment
00061 $password = "";
00062 for($i=0; $i<8; $i++) {
00063         $type = rand(0,2);
00064         
00065         if (0 == $type) {
00066                 // generate a lower case letter
00067                 $password .= chr(rand(97,122));
00068         } else if (1 == $type) {
00069                 // generate an upper case letter
00070                 $password .= chr(rand(65,90));
00071         } else {
00072                 // generate a number
00073                 $password .= chr(rand(48,57));
00074         }
00075 }
00076 
00077 // update the account to use that password
00078 $encryptedPassword = createPassword($username,$password);
00079 
00080 if (!updatePassword($username,$encryptedPassword)) {
00081         // an error occurred while updating the password
00082         ?>
00083         <h2>Error -- Internal Error Saving New Password.</h2>
00084         <p>An internal error occurred while attempting to change the password on
00085         your account.  Please contact an administrator for assistance.</p>
00086         <?php
00087 } else {
00088         // generate the email 
00089         // subject
00090         $subject = "Password Reset Notice";
00091 
00092         // message
00093         $message = '
00094 <html>
00095 <head><title>Password Reset Notice</title></head>
00096 <body>
00097 <p>At your request, we have reset the password on your account to a new, random
00098 password.  Your new password is:</p><p>' . $password .
00099 '</p><p>Please change the password to one that you will remember on your next
00100 log in.</p></body></html>';
00101 
00102         // To send HTML mail, the Content-type header must be set
00103         $headers  = 'MIME-Version: 1.0' . "\r\n";
00104         $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
00105 
00106         // Additional headers
00107         $headers .= "From: $providerEmail". "\r\n";
00108 
00109         // Mail it
00110         if (!mail($email, $subject, $message, $headers)) {
00111                 // mail returned an error
00112                 ?>
00113                 <h2>Error -- Internal Error Sending Confirmation Email.</h2>
00114                 <p>An internal error occurred while sending you the email with your
00115                 new password.  Please contact an administrator for assistance.</p>
00116         <?php
00117         } else {
00118                 // show confirmation message
00119                 // also my temp copy of the message since email isn't working
00120                 ?>
00121                 <h2>Email sent</h2>
00122                 <p>An email has been sent to <?php echo $email ?> with a new temporary
00123                 password that has been created for you.  Please use that password to
00124                 log back into the site and then change your password to one that you
00125                 can remember.</p>
00126                 
00127                 <br /><hr />
00128                 <p>Since I don't have a working SMTP server on this machine, I need to
00129                 echo the new password to this page so I can test it.</p><br />
00130                 <p>Your new password is:</p>
00131                 <?php echo $password;
00132         }
00133 }
00134 ?>
00135 
00136 <br /><hr />
00137 <a href="index.php">Return to Welcome Page</a>
00138 <br />
00139 
00140 </body>
00141 </html>
Generated on Sun May 20 2012 02:14:56 for reSIProcate/repro by   doxygen 1.7.5.1