forked from GibbonEdu/core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
passwordResetProcess.php
executable file
·117 lines (101 loc) · 3.65 KB
/
passwordResetProcess.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<?php
/*
Gibbon, Flexible & Open School System
Copyright (C) 2010, Ross Parker
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include "./functions.php" ;
include "./config.php" ;
//New PDO DB connection
try {
$connection2=new PDO("mysql:host=$databaseServer;dbname=$databaseName;charset=utf8", $databaseUsername, $databasePassword);
$connection2->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$connection2->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
}
catch(PDOException $e) {
echo $e->getMessage();
}
//Start session
@session_start() ;
//Set timezone from session variable
date_default_timezone_set($_SESSION[$guid]["timezone"]);
//Check to see if academic year id variables are set, if not set them
if (($_SESSION[$guid]["gibbonAcademicYearID"]=="") OR ($_SESSION[$guid]["gibbonAcademicYearID"]=="")) {
setCurrentSchoolYear($guid, $connection2) ;
}
//Create password
$password=randomPassword(8);
//Check email address is not blank
$input=$_POST["email"] ;
$URL=$_SESSION[$guid]["absoluteURL"] . "/index.php?q=passwordReset.php" ;
if ($input=="") {
$URL=$URL. "&editReturn=fail0" ;
header("Location: {$URL}");
}
//Otherwise proceed
else {
//If answer insert fails...
$salt=getSalt() ;
$passwordStrong=hash("sha256", $salt.$password) ;
try {
$data=array("email"=>$input, "username"=>$input);
$sql="SELECT gibbonPersonID, email, username FROM gibbonPerson WHERE (email=:email OR username=:username) AND gibbonPerson.status='Full' AND NOT email=''";
$result=$connection2->prepare($sql);
$result->execute($data);
}
catch(PDOException $e) {
$URL=$URL. "&editReturn=fail1" ;
header("Location: {$URL}");
break ;
}
if ($result->rowCount()!=1) {
$URL=$URL. "&editReturn=fail2" ;
header("Location: {$URL}");
}
else {
$row=$result->fetch() ;
$gibbonPersonID=$row["gibbonPersonID"] ;
$email=$row["email"] ;
$username=$row["username"] ;
try {
$data=array("passwordStrong"=>$passwordStrong, "passwordStrongSalt"=>$salt, "gibbonPersonID"=>$gibbonPersonID);
$sql="UPDATE gibbonPerson SET password='', passwordStrong=:passwordStrong, passwordStrongSalt=:passwordStrongSalt, failCount=0, passwordForceReset='Y' WHERE gibbonPersonID=:gibbonPersonID";
$result=$connection2->prepare($sql);
$result->execute($data);
}
catch(PDOException $e) {
$URL=$URL. "&editReturn=fail1" ;
header("Location: {$URL}");
break ;
}
if ($result->rowCount()!=1) {
$URL=$URL. "&editReturn=fail2" ;
header("Location: {$URL}");
}
else {
$to=$email;
$subject=$_SESSION[$guid]["organisationNameShort"] . " Gibbon Password Reset";
$body="Your new password for account $username is as follows:\n\n$password\n\nPlease log in an change your password as soon as possible.\n\n" . $_SESSION[$guid]["systemName"] . " Administrator";
$headers="From: " . $_SESSION[$guid]["organisationAdministratorEmail"] ;
if (mail($to, $subject, $body, $headers)) {
$_SESSION[$guid]["password"]=$passwordHash ;
$URL=$URL. "&editReturn=success0" ;
header("Location: {$URL}");
}
else {
$URL=$URL. "&editReturn=fail3" ;
header("Location: {$URL}");
}
}
}
}
?>