Code Coverage for /data/phpBB/includes/ucp/ucp

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	CRAP	0.00% covered (danger)	0.00%	0 / 101
ucp_remind	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	182	0.00% covered (danger)	0.00%	0 / 97
main				0.00% covered (danger)	0.00%	0 / 1	182	0.00% covered (danger)	0.00%	0 / 97

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	if (!defined('IN_PHPBB'))
18	{
19	exit;
20	}
21
22	/**
23	* ucp_remind
24	* Sending password reminders
25	*/
26	class ucp_remind
27	{
28	var $u_action;
29
30	function main($id, $mode)
31	{
32	global $config, $phpbb_root_path, $phpEx, $request;
33	global $db, $user, $template, $phpbb_container, $phpbb_dispatcher;
34
35	if (!$config['allow_password_reset'])
36	{
37	trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'));
38	}
39
40	$username = $request->variable('username', '', true);
41	$email = strtolower($request->variable('email', ''));
42	$submit = (isset($_POST['submit'])) ? true : false;
43
44	add_form_key('ucp_remind');
45
46	if ($submit)
47	{
48	if (!check_form_key('ucp_remind'))
49	{
50	trigger_error('FORM_INVALID');
51	}
52
53	if (empty($email))
54	{
55	trigger_error('NO_EMAIL_USER');
56	}
57
58	$sql_array = array(
59	'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason',
60	'FROM' => array(USERS_TABLE => 'u'),
61	'WHERE' => "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'" .
62	(!empty($username) ? " AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : ''),
63	);
64
65	/**
66	* Change SQL query for fetching user data
67	*
68	* @event core.ucp_remind_modify_select_sql
69	* @var string email User's email from the form
70	* @var string username User's username from the form
71	* @var array sql_array Fully assembled SQL query with keys SELECT, FROM, WHERE
72	* @since 3.1.11-RC1
73	*/
74	$vars = array(
75	'email',
76	'username',
77	'sql_array',
78	);
79	extract($phpbb_dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars)));
80
81	$sql = $db->sql_build_query('SELECT', $sql_array);
82	$result = $db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need
83	$rowset = $db->sql_fetchrowset($result);
84
85	if (count($rowset) > 1)
86	{
87	$db->sql_freeresult($result);
88
89	$template->assign_vars(array(
90	'USERNAME_REQUIRED' => true,
91	'EMAIL' => $email,
92	));
93	}
94	else
95	{
96	$message = $user->lang['PASSWORD_UPDATED_IF_EXISTED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
97
98	if (empty($rowset))
99	{
100	trigger_error($message);
101	}
102
103	$user_row = $rowset[0];
104	$db->sql_freeresult($result);
105
106	if (!$user_row)
107	{
108	trigger_error($message);
109	}
110
111	if ($user_row['user_type'] == USER_IGNORE \|\| $user_row['user_type'] == USER_INACTIVE)
112	{
113	trigger_error($message);
114	}
115
116	// Check users permissions
117	$auth2 = new \phpbb\auth\auth();
118	$auth2->acl($user_row);
119
120	if (!$auth2->acl_get('u_chgpasswd'))
121	{
122	trigger_error($message);
123	}
124
125	$server_url = generate_board_url();
126
127	// Make password at least 8 characters long, make it longer if admin wants to.
128	// gen_rand_string() however has a limit of 12 or 13.
129	$user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
130
131	// For the activation key a random length between 6 and 10 will do.
132	$user_actkey = gen_rand_string(mt_rand(6, 10));
133
134	// Instantiate passwords manager
135	/* @var $manager \phpbb\passwords\manager */
136	$passwords_manager = $phpbb_container->get('passwords.manager');
137
138	$sql = 'UPDATE ' . USERS_TABLE . "
139	SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
140	WHERE user_id = " . $user_row['user_id'];
141	$db->sql_query($sql);
142
143	include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
144
145	$messenger = new messenger(false);
146
147	$messenger->template('user_activate_passwd', $user_row['user_lang']);
148
149	$messenger->set_addresses($user_row);
150
151	$messenger->anti_abuse_headers($config, $user);
152
153	$messenger->assign_vars(array(
154	'USERNAME' => htmlspecialchars_decode($user_row['username']),
155	'PASSWORD' => htmlspecialchars_decode($user_password),
156	'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
157	);
158
159	$messenger->send($user_row['user_notify_type']);
160
161	trigger_error($message);
162	}
163	}
164
165	$template->assign_vars(array(
166	'USERNAME' => $username,
167	'EMAIL' => $email,
168	'S_PROFILE_ACTION' => append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword'))
169	);
170
171	$this->tpl_name = 'ucp_remind';
172	$this->page_title = 'UCP_REMIND';
173	}
174	}