WP File Manager
Current Path:
/
home
/
translil
/
www
/
amitram
/
multimedia
/
Name
Action
..
.gitignore
Edit
10_ans_depot_sequedin
10_ans_wattrelos
20_ans_ligne_touristique
50ans
LICENSE.txt
Edit
README.md
Edit
_data
about.php
Edit
action.php
Edit
admin
admin.php
Edit
collection_bus_etrangers
collection_bus_lrt
collection_metros
collection_tws_etrangers
collection_tws_lrt
collection_utilitaires
comments.php
Edit
config.php
Edit
deule_en_fete_2015
deule_en_fete_2017
doc
evenement_2012
expo_tourcoing_2016
feed.php
Edit
fete_musique_2015
galerie_15
galleries
histoire_amitram
i.php
Edit
identification.php
Edit
include
indox.php
Edit
install
install.php
Edit
language
local
lomme_halluin_2018
nbm.php
Edit
nettoyage_voies
notification.php
Edit
password.php
Edit
patrimoine_2014
patrimoine_2015
picture.php
Edit
plugins
popuphelp.php
Edit
presse
profile.php
Edit
psc.html
Edit
psc.pdf
Edit
qsearch.php
Edit
random.php
Edit
rapatriement_2012
rapatriement_4924
register.php
Edit
search.php
Edit
search_rules.php
Edit
sequedin_26_04_2015
tags.php
Edit
template-extension
tools
tracteurs_en_weppes_2013
travaux_114
travaux_182
travaux_399
travaux_4826
travaux_567
travaux_638
travaux_924
travaux_a200
travaux_divers
travaux_val
travaux_voie
travaux_wagons
upgrade.php
Edit
upgrade_feed.php
Edit
upload
videos
visite_amtuir_29_09_2018
ws.php
Edit
Editing: password.php
<?php // +-----------------------------------------------------------------------+ // | Piwigo - a PHP based photo gallery | // +-----------------------------------------------------------------------+ // | Copyright(C) 2008-2016 Piwigo Team http://piwigo.org | // | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | // | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | // +-----------------------------------------------------------------------+ // | This program is free software; you can redistribute it and/or modify | // | it under the terms of the GNU General Public License as published by | // | the Free Software Foundation | // | | // | This program is distributed in the hope that it will be useful, but | // | WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | // | General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | // | USA. | // +-----------------------------------------------------------------------+ // +-----------------------------------------------------------------------+ // | initialization | // +-----------------------------------------------------------------------+ define('PHPWG_ROOT_PATH','./'); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); // +-----------------------------------------------------------------------+ // | Check Access and exit when user status is not ok | // +-----------------------------------------------------------------------+ check_status(ACCESS_FREE); trigger_notify('loc_begin_password'); check_input_parameter('action', $_GET, false, '/^(lost|reset|none)$/'); // +-----------------------------------------------------------------------+ // | Functions | // +-----------------------------------------------------------------------+ /** * checks the validity of input parameters, fills $page['errors'] and * $page['infos'] and send an email with confirmation link * * @return bool (true if email was sent, false otherwise) */ function process_password_request() { global $page, $conf; if (empty($_POST['username_or_email'])) { $page['errors'][] = l10n('Invalid username or email'); return false; } $user_id = get_userid_by_email($_POST['username_or_email']); if (!is_numeric($user_id)) { $user_id = get_userid($_POST['username_or_email']); } if (!is_numeric($user_id)) { $page['errors'][] = l10n('Invalid username or email'); return false; } $userdata = getuserdata($user_id, false); // password request is not possible for guest/generic users $status = $userdata['status']; if (is_a_guest($status) or is_generic($status)) { $page['errors'][] = l10n('Password reset is not allowed for this user'); return false; } if (empty($userdata['email'])) { $page['errors'][] = l10n( 'User "%s" has no email address, password reset is not possible', $userdata['username'] ); return false; } $activation_key = generate_key(20); list($expire) = pwg_db_fetch_row(pwg_query('SELECT ADDDATE(NOW(), INTERVAL 1 HOUR)')); single_update( USER_INFOS_TABLE, array( 'activation_key' => pwg_password_hash($activation_key), 'activation_key_expire' => $expire, ), array('user_id' => $user_id) ); $userdata['activation_key'] = $activation_key; set_make_full_url(); $message = l10n('Someone requested that the password be reset for the following user account:') . "\r\n\r\n"; $message.= l10n( 'Username "%s" on gallery %s', $userdata['username'], get_gallery_home_url() ); $message.= "\r\n\r\n"; $message.= l10n('To reset your password, visit the following address:') . "\r\n"; $message.= get_root_url().'password.php?key='.$activation_key.'-'.urlencode($userdata['email']); $message.= "\r\n\r\n"; $message.= l10n('If this was a mistake, just ignore this email and nothing will happen.')."\r\n"; unset_make_full_url(); $message = trigger_change('render_lost_password_mail_content', $message); $email_params = array( 'subject' => '['.$conf['gallery_title'].'] '.l10n('Password Reset'), 'content' => $message, 'email_format' => 'text/plain', ); if (pwg_mail($userdata['email'], $email_params)) { $page['infos'][] = l10n('Check your email for the confirmation link'); return true; } else { $page['errors'][] = l10n('Error sending email'); return false; } } /** * checks the activation key: does it match the expected pattern? is it * linked to a user? is this user allowed to reset his password? * * @return mixed (user_id if OK, false otherwise) */ function check_password_reset_key($reset_key) { global $page, $conf; list($key, $email) = explode('-', $reset_key, 2); if (!preg_match('/^[a-z0-9]{20}$/i', $key)) { $page['errors'][] = l10n('Invalid key'); return false; } $user_ids = array(); $query = ' SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['email'].' = \''.pwg_db_real_escape_string($email).'\' ;'; $user_ids = query2array($query, null, 'id'); if (count($user_ids) == 0) { $page['errors'][] = l10n('Invalid username or email'); return false; } $user_id = null; $query = ' SELECT user_id, status, activation_key, activation_key_expire, NOW() AS dbnow FROM '.USER_INFOS_TABLE.' WHERE user_id IN ('.implode(',', $user_ids).') ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { if (pwg_password_verify($key, $row['activation_key'])) { if (strtotime($row['dbnow']) > strtotime($row['activation_key_expire'])) { // key has expired $page['errors'][] = l10n('Invalid key'); return false; } if (is_a_guest($row['status']) or is_generic($row['status'])) { $page['errors'][] = l10n('Password reset is not allowed for this user'); return false; } $user_id = $row['user_id']; } } if (empty($user_id)) { $page['errors'][] = l10n('Invalid key'); return false; } return $user_id; } /** * checks the passwords, checks that user is allowed to reset his password, * update password, fills $page['errors'] and $page['infos']. * * @return bool (true if password was reset, false otherwise) */ function reset_password() { global $page, $conf; if ($_POST['use_new_pwd'] != $_POST['passwordConf']) { $page['errors'][] = l10n('The passwords do not match'); return false; } if (!isset($_GET['key'])) { $page['errors'][] = l10n('Invalid key'); } $user_id = check_password_reset_key($_GET['key']); if (!is_numeric($user_id)) { return false; } single_update( USERS_TABLE, array($conf['user_fields']['password'] => $conf['password_hash']($_POST['use_new_pwd'])), array($conf['user_fields']['id'] => $user_id) ); single_update( USER_INFOS_TABLE, array( 'activation_key' => null, 'activation_key_expire' => null, ), array('user_id' => $user_id) ); deactivate_user_auth_keys($user_id); $page['infos'][] = l10n('Your password has been reset'); $page['infos'][] = '<a href="'.get_root_url().'identification.php">'.l10n('Login').'</a>'; return true; } // +-----------------------------------------------------------------------+ // | Process form | // +-----------------------------------------------------------------------+ if (isset($_POST['submit'])) { check_pwg_token(); if ('lost' == $_GET['action']) { if (process_password_request()) { $page['action'] = 'none'; } } if ('reset' == $_GET['action']) { if (reset_password()) { $page['action'] = 'none'; } } } // +-----------------------------------------------------------------------+ // | key and action | // +-----------------------------------------------------------------------+ // a connected user can't reset the password from a mail if (isset($_GET['key']) and !is_a_guest()) { unset($_GET['key']); } if (isset($_GET['key']) and !isset($_POST['submit'])) { $user_id = check_password_reset_key($_GET['key']); if (is_numeric($user_id)) { $userdata = getuserdata($user_id, false); $page['username'] = $userdata['username']; $template->assign('key', $_GET['key']); if (!isset($page['action'])) { $page['action'] = 'reset'; } } else { $page['action'] = 'none'; } } if (!isset($page['action'])) { if (!isset($_GET['action'])) { $page['action'] = 'lost'; } elseif (in_array($_GET['action'], array('lost', 'reset', 'none'))) { $page['action'] = $_GET['action']; } } if ('reset' == $page['action'] and !isset($_GET['key']) and (is_a_guest() or is_generic())) { redirect(get_gallery_home_url()); } if ('lost' == $page['action'] and !is_a_guest()) { redirect(get_gallery_home_url()); } // +-----------------------------------------------------------------------+ // | template initialization | // +-----------------------------------------------------------------------+ $title = l10n('Password Reset'); if ('lost' == $page['action']) { $title = l10n('Forgot your password?'); if (isset($_POST['username_or_email'])) { $template->assign('username_or_email', htmlspecialchars(stripslashes($_POST['username_or_email']))); } } $page['body_id'] = 'thePasswordPage'; $template->set_filenames(array('password'=>'password.tpl')); $template->assign( array( 'title' => $title, 'form_action'=> get_root_url().'password.php', 'action' => $page['action'], 'username' => isset($page['username']) ? $page['username'] : $user['username'], 'PWG_TOKEN' => get_pwg_token(), ) ); // include menubar $themeconf = $template->get_template_vars('themeconf'); if (!isset($themeconf['hide_menu_on']) OR !in_array('thePasswordPage', $themeconf['hide_menu_on'])) { include( PHPWG_ROOT_PATH.'include/menubar.inc.php'); } // +-----------------------------------------------------------------------+ // | html code display | // +-----------------------------------------------------------------------+ include(PHPWG_ROOT_PATH.'include/page_header.php'); trigger_notify('loc_end_password'); flush_page_messages(); $template->pparse('password'); include(PHPWG_ROOT_PATH.'include/page_tail.php'); ?>