forked from Kitware/CDash
-
Notifications
You must be signed in to change notification settings - Fork 0
/
recoverPassword.php
97 lines (80 loc) · 2.98 KB
/
recoverPassword.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<?php
/*=========================================================================
Program: CDash - Cross-Platform Dashboard System
Module: $Id$
Language: PHP
Date: $Date$
Version: $Revision$
Copyright (c) 2002 Kitware, Inc. All rights reserved.
See Copyright.txt or http://www.cmake.org/HTML/Copyright.html for details.
This software is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the above copyright notices for more information.
=========================================================================*/
include("cdash/config.php");
require_once("cdash/pdo.php");
include_once("cdash/common.php");
include_once("cdash/version.php");
require_once("cdash/cdashmail.php");
$db = pdo_connect("$CDASH_DB_HOST", "$CDASH_DB_LOGIN","$CDASH_DB_PASS");
pdo_select_db("$CDASH_DB_NAME",$db);
$xml = begin_XML_for_XSLT();
$xml .= "<title>Recover password</title>";
if(isset($CDASH_NO_REGISTRATION) && $CDASH_NO_REGISTRATION==1)
{
$xml .= add_XML_value("noregister","1");
}
@$recover = $_POST["recover"];
if($recover)
{
$email = pdo_real_escape_string($_POST["email"]);
$emailResult = pdo_query("SELECT id FROM ".qid("user")." where email='$email'");
add_last_sql_error("recoverPassword");
if(pdo_num_rows($emailResult) == 0)
{
$xml .= "<warning>This email is not registered.</warning>";
}
else
{
// Create a new password
$keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$%&";
$length = 10;
// seed with microseconds
function make_seed_recoverpass()
{
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 100000);
}
srand(make_seed_recoverpass());
$password = "";
$max=strlen($keychars)-1;
for ($i=0;$i<=$length;$i++)
{
$password .= substr($keychars, rand(0, $max), 1);
}
$currentURI = get_server_URI();
$url = $currentURI."/user.php";
$text = "Hello,\n\n You have asked to recover your password for CDash.\n\n";
$text .= "Your new password is: ".$password."\n";
$text .= "Please go to this page to login: ";
$text .= "$url\n";
$text .= "\n\nGenerated by CDash";
if(cdashmail("$email","CDash password recovery", $text,
"From: CDash <".$CDASH_EMAIL_FROM.">\nReply-To: ".$CDASH_EMAIL_REPLY."\nContent-type: text/plain; charset=utf-8\nX-Mailer: PHP/" . phpversion()."\nMIME-Version: 1.0" ))
{
$md5pass = md5($password);
// If we can send the email we update the database
pdo_query("UPDATE ".qid("user")." SET password='$md5pass' WHERE email='$email'");
add_last_sql_error("recoverPassword");
$xml .= "<message>A confirmation message has been sent to your inbox.</message>";
}
else
{
$xml .= "<warning>Cannot send recovery email</warning>";
}
}
}
$xml .= "</cdash>";
// Now doing the xslt transition
generate_XSLT($xml,"recoverPassword");
?>