mibew/src/messenger/webim/operator/restore.php

<?php
/*
 * Copyright 2005-2013 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

require_once('../libs/common.php');
require_once('../libs/operator.php');
require_once('../libs/settings.php');
require_once('../libs/notify.php');

$errors = array();
$page = array('version' => $version);
$loginoremail = "";

if (isset($_POST['loginoremail'])) {
	$loginoremail = getparam("loginoremail");

	$torestore = is_valid_email($loginoremail) ? operator_by_email($loginoremail) : operator_by_login($loginoremail);
	if (!$torestore) {
		$errors[] = getlocal("no_such_operator");
	}

	$email = $torestore['vcemail'];
	if (count($errors) == 0 && !is_valid_email($email)) {
		$errors[] = "Operator hasn't set his e-mail";
	}

	if (count($errors) == 0) {

		$token = sha1($torestore['vclogin'] . (function_exists('openssl_random_pseudo_bytes') ? openssl_random_pseudo_bytes(32) : (time() + microtime()) . mt_rand(0, 99999999)));

		$link = connect();
		$query = sprintf("update ${mysqlprefix}chatoperator set dtmrestore = CURRENT_TIMESTAMP, vcrestoretoken = '%s' where operatorid = %s", mysql_real_escape_string($token, $link), intval($torestore['operatorid']));
		perform_query($query, $link);

		$href = get_app_location(true, false) . "/operator/resetpwd.php?id=" . $torestore['operatorid'] . "&token=$token";
		webim_mail($email, $email, getstring("restore.mailsubj"), getstring2("restore.mailtext", array(get_operator_name($torestore), $href)), $link);
		mysql_close($link);

		$page['isdone'] = true;
		require('../view/restore.php');
		exit;
	}
}

$page['formloginoremail'] = topage($loginoremail);

$page['localeLinks'] = get_locale_links("$webimroot/operator/restore.php");
$page['isdone'] = false;
start_html_output();
require('../view/restore.php');
?>
operator email, password retrieval - part 1 git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@650 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-09-01 02:43:30 +04:00			`<?php`
			`/*`
apache 2 license in php headers 2013-03-07 01:22:53 +04:00			`* Copyright 2005-2013 the original author or authors.`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
operator email, password retrieval - part 1 git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@650 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-09-01 02:43:30 +04:00			`*/`

			`require_once('../libs/common.php');`
			`require_once('../libs/operator.php');`
			`require_once('../libs/settings.php');`
add "Notifications Log" page, record sent mails, fast history search, fix redirection to groups git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@720 c66351dc-e62f-0410-b875-e3a5c0b9693f 2010-01-10 16:39:49 +03:00			`require_once('../libs/notify.php');`
operator email, password retrieval - part 1 git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@650 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-09-01 02:43:30 +04:00
			`$errors = array();`
			`$page = array('version' => $version);`
			`$loginoremail = "";`

			`if (isset($_POST['loginoremail'])) {`
			`$loginoremail = getparam("loginoremail");`
format code 2011-02-27 01:48:41 +03:00
operator email, password retrieval - part 1 git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@650 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-09-01 02:43:30 +04:00			`$torestore = is_valid_email($loginoremail) ? operator_by_email($loginoremail) : operator_by_login($loginoremail);`
format code 2011-02-27 01:48:41 +03:00			`if (!$torestore) {`
operator email, password retrieval - part 1 git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@650 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-09-01 02:43:30 +04:00			`$errors[] = getlocal("no_such_operator");`
			`}`
format code 2011-02-27 01:48:41 +03:00
operator email, password retrieval - part 1 git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@650 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-09-01 02:43:30 +04:00			`$email = $torestore['vcemail'];`
format code 2011-02-27 01:48:41 +03:00			`if (count($errors) == 0 && !is_valid_email($email)) {`
operator email, password retrieval - part 1 git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@650 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-09-01 02:43:30 +04:00			`$errors[] = "Operator hasn't set his e-mail";`
			`}`
format code 2011-02-27 01:48:41 +03:00
operator email, password retrieval - part 1 git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@650 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-09-01 02:43:30 +04:00			`if (count($errors) == 0) {`
Switch to a more secure method for generation of the token for request for a password restore 2013-09-13 19:36:56 +04:00
			`$token = sha1($torestore['vclogin'] . (function_exists('openssl_random_pseudo_bytes') ? openssl_random_pseudo_bytes(32) : (time() + microtime()) . mt_rand(0, 99999999)));`
format code 2011-02-27 01:48:41 +03:00
operator email, password retrieval - part 1 git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@650 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-09-01 02:43:30 +04:00			`$link = connect();`
Fix multiple (potential) SQL Injections 2013-09-10 16:07:21 +04:00			`$query = sprintf("update ${mysqlprefix}chatoperator set dtmrestore = CURRENT_TIMESTAMP, vcrestoretoken = '%s' where operatorid = %s", mysql_real_escape_string($token, $link), intval($torestore['operatorid']));`
operator email, password retrieval - part 1 git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@650 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-09-01 02:43:30 +04:00			`perform_query($query, $link);`
format code 2011-02-27 01:48:41 +03:00
			`$href = get_app_location(true, false) . "/operator/resetpwd.php?id=" . $torestore['operatorid'] . "&token=$token";`
			`webim_mail($email, $email, getstring("restore.mailsubj"), getstring2("restore.mailtext", array(get_operator_name($torestore), $href)), $link);`
add "Notifications Log" page, record sent mails, fast history search, fix redirection to groups git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@720 c66351dc-e62f-0410-b875-e3a5c0b9693f 2010-01-10 16:39:49 +03:00			`mysql_close($link);`
operator email, password retrieval - part 1 git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@650 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-09-01 02:43:30 +04:00
			`$page['isdone'] = true;`
			`require('../view/restore.php');`
			`exit;`
format code 2011-02-27 01:48:41 +03:00			`}`
operator email, password retrieval - part 1 git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@650 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-09-01 02:43:30 +04:00			`}`

			`$page['formloginoremail'] = topage($loginoremail);`

			`$page['localeLinks'] = get_locale_links("$webimroot/operator/restore.php");`
			`$page['isdone'] = false;`
			`start_html_output();`
			`require('../view/restore.php');`
Added support for multiple installations in one database. User can add a prefix to the tables in the database. This is set in the variable $mysqlprefix in /libs/config.php 2010-10-26 11:53:44 +04:00			`?>`