<?php // +----------------------------------------------------------------------+ // | OpenConf | // +----------------------------------------------------------------------+ // | Copyright (c) 2002-2016 Zakon Group LLC. All Rights Reserved. | // +----------------------------------------------------------------------+ // | This source file is subject to the OpenConf License, available on | // | the OpenConf web site: www.OpenConf.com | // +----------------------------------------------------------------------+ require_once "../include.php"; printHeader(oc_('Reset Password'), 3); if (isset($_POST['ocaction']) && ($_POST['ocaction'] == "Reset Password") && preg_match("/^\d+$/",$_POST['pid']) && !empty($_POST['email'])) { // check for valid email if (!validEmail($_POST['email'])) { print '<p style="text-align: center" class="warn">' . oc_('Email address entered is invalid') . '</p>'; printFooter(); exit; } $q = "SELECT `" . OCC_TABLE_AUTHOR . "`.`email` FROM `" . OCC_TABLE_PAPER . "`, `" . OCC_TABLE_AUTHOR . "` WHERE `" . OCC_TABLE_PAPER . "`.`paperid`='" . safeSQLstr($_POST['pid']) . "' AND `" . OCC_TABLE_AUTHOR . "`.`paperid`=`" . OCC_TABLE_PAPER . "`.`paperid` AND `" . OCC_TABLE_AUTHOR . "`.`position`=`" . OCC_TABLE_PAPER . "`.`contactid` AND `" . OCC_TABLE_AUTHOR . "`.`email`='" . safeSQLstr(oc_strtolower($_POST['email'])) . "'"; $r = ocsql_query($q) or err(oc_('Error checking submission ID')); if (ocsql_num_rows($r) != 1) { print '<p style="text-align: center" class="warn">' . oc_("Submission ID or contact author's email invalid.") . ' ' . sprintf(oc_('Please contact the <a href="mailto:%1$s?subject=%2$s">Chair</a>.'), $OC_configAR['OC_pcemail'], 'Unable to Reset Password') . '</p>'; printFooter(); exit; } else { $newpwd = oc_password_generate(); $q2 = "UPDATE `" . OCC_TABLE_PAPER . "` SET `password`='" . safeSQLstr(oc_password_hash($newpwd)) . "' WHERE `paperid`='" . safeSQLstr($_POST['pid']) . "'"; $r2 = ocsql_query($q2) or err(oc_('Unable to update password')); $msg = "\n" . sprintf(oc_('Per your request, we have issued you a new password for accessing the %s OpenConf system. The new password is:'), $OC_configAR['OC_confName']) . "\n " . $newpwd . "\n\n" . oc_('You may change this password by signing in to the OpenConf system and editing your submission.'); sendEmail($_POST['email'], oc_('Author Password Reset'), $msg, $OC_configAR['OC_notifyAuthorReset']); print oc_('We have emailed you a new password.'); printFooter(); exit; } } else { print '<p style="text-align: center;">' . oc_('Please enter your submission id and the contact author\'s email below') . "</p>\n"; } print ' <form method="post" action="' . $_SERVER['PHP_SELF'] . '" id="resetform"> <input type="hidden" name="ocaction" value="Reset Password" /> <table border="0" style="margin: 0 auto"> <tr><td><strong>' . oc_('Submission ID') . ':</strong></td><td><input size=20 name="pid" value="' . safeHTMLstr(varValue('pid', $_POST)) . '"></td></tr> <tr><td><strong>' . oc_('Email') . ':</strong></td><td><input size=20 name="email" value="' . safeHTMLstr(varValue('email', $_POST)) . '"></td></tr> <tr><th align="center" colspan=2><br><input type="submit" name="submit" class="submit" value="' . oc_('Reset Password') . '"></th></tr> </table> '; if (oc_hookSet('author-reset-bottom')) { foreach ($GLOBALS['OC_hooksAR']['author-reset-bottom'] as $hook) { require_once $hook; } } printFooter(); ?>