ljr/livejournal/htdocs/lostinfo.bml

208 lines
7.9 KiB
Plaintext
Raw Normal View History

2019-02-05 21:49:12 +00:00
<?page
title=><?_ml .title _ml?>
body<=
<?_code
{
use strict;
use vars qw(%POST);
LJ::set_active_crumb('lostinfo');
return LJ::server_down_html() if $LJ::SERVER_DOWN;
# no post action, just show query form
unless (LJ::did_post()) {
my $ret;
$ret .= "<?h1 $ML{'.lostpassword.title'} h1?>\n";
$ret .= "<?p $ML{'.lostpassword.text'} p?>\n";
$ret .= "<form action='lostinfo.bml' method='post'>\n";
$ret .= "<?standout $ML{'.enter_username'}<br />\n";
$ret .= LJ::html_text({ 'name' => 'user', 'size' => 30, 'maxlength' => 15 }) . "<br /><br />\n";
$ret .= "$ML{'.enter_email_optional'}<br />\n";
$ret .= LJ::html_text({ 'name' => 'email_p', 'size' => 30, 'maxlength' => 50 }) . "\n";
$ret .= LJ::html_submit('lostpass', $ML{'.btn.proceed'}) . "\n";
$ret .= "standout?>\n</form>\n";
$ret .= "<form action='lostinfo.bml' method='post'>\n";
$ret .= "<?h1 $ML{'.lostusername.title'} h1?>\n";
$ret .= "<?p $ML{'.lostusername.text'} p?>\n";
$ret .= "<?standout $ML{'.enter_email'}<br />\n";
$ret .= LJ::html_text({ 'name' => 'email_u', 'size' => 30, 'maxlength' => 50 }) . "\n";
$ret .= LJ::html_submit('lostuser', $ML{'.btn.proceed'}) . "\n";
$ret .= "standout?>\n</form>\n";
return $ret;
}
# we have a post action
# note: some lostinfo_do.bml translation strings are used below
# because the code was once in lostinfo_do.bml, but later
# was merged into this file
if ($POST{'lostpass'}) {
my $email = LJ::trim($POST{'email_p'});
my $u = LJ::load_user($POST{'user'});
return LJ::bad_input($ML{'error.username_notfound'})
unless $u;
my $err = sub {
my ($title, $msg) = @_;
if ($title && ! $msg) {
$msg = $title;
$title = $ML{'Error'};
}
return "<?h1 $title h1?>\n<?p $msg p?>";
};
return LJ::bad_input($ML{'.error.toofrequent'}) unless LJ::rate_log($u, "lostinfo", 1);
if ($u->{'journaltype'} eq 'Y') {
return $err->( $ML{'.error.syndicated'} );
}
if ($u->{'journaltype'} eq 'C' && !length $u->{'password'}) {
# community with no password
return $err->( $ML{'.error.commnopassword'} );
}
if ($u->{'statusvis'} eq 'X') {
return $err->( $ML{'.error.purged'} );
}
if ($u->{'statusvis'} eq 'R') {
return $err->( $ML{'.error.renamed'} );
}
# Check to see if they are banned from sending a password
if (LJ::sysban_check('lostpassword', $u->{'user'})) {
LJ::sysban_note($u->{'userid'}, "Password retrieval blocked based on user",
{ 'user' => $u->{'user'} });
return $err->( $ML{'Sorry'}, $ML{'.error.sysbanned'} );
}
# can we send them the password where they want it?
# if blank email, then yes.
if (! $email) {
$email = $u->{'email'};
# if their current email address, then yes.
# otherwise, check:
# if an old validated email address, then yes.
} elsif (lc($email) ne lc($u->{'email'})) {
# use the master here, to make sure the results really match
# the master and what they see on the old email management page
my $dbh = LJ::get_db_writer();
return LJ::bad_input($ML{'/lostinfo_do.bml.error1.text'})
unless $dbh->selectrow_array("SELECT COUNT(*) FROM infohistory ".
"WHERE userid=? AND what='email' ".
"AND oldvalue=? AND other='A'",
undef, $u->{'userid'}, $email);
}
# email address is okay, build email body
my $encoding = 'utf-8';
my $subject = $ML{'/lostinfo_do.bml.lostpasswordmail.subject'};
if (!LJ::is_ascii($subject)) {
$subject = MIME::Words::encode_mimeword($subject, 'B', $encoding);
}
my $body = BML::ml('/lostinfo_do.bml.lostpasswordmail.part1',
{ 'sitename' => $LJ::SITENAME,
'username' => $u->{'user'},
'password' => $u->{'password'},
'emailadr' => $u->{'email'} }) . "\n\n";
if ($u->{'status'} ne "A") {
my $aa = LJ::register_authaction($u->{'userid'}, "validateemail", $u->{'email'});
$body .= $ML{'/lostinfo_do.bml.lostpasswordmail.part2'} . "\n\n";
$body .= " $LJ::SITEROOT/confirm/$aa->{'aaid'}.$aa->{'authcode'}\n\n";
}
$body .= BML::ml('/lostinfo_do.bml.lostpasswordmail.part3',
{ 'remoteip' => BML::get_remote_host() . " (" . BML::get_remote_ip() . ")" });
$body .= "\n\n";
# section 4 is optional, and blank in 'en'
my $mline = $ML{'/lostinfo_do.bml.lostpasswordmail.part4'};
$body .= $mline . "\n\n" if $mline;
$body .= BML::ml('/lostinfo_do.bml.lostpasswordmail.part5',
{ 'journalurl' => "$LJ::SITEROOT/users/$u->{'user'}/",
'updateurl' => "$LJ::SITEROOT/update.bml?$u->{'user'}",
'rooturl' => "$LJ::SITEROOT/" }) . "\n";
LJ::send_mail({
'to' => $email,
'from' => $LJ::ADMIN_EMAIL,
'fromname' => $LJ::SITENAME,
'charset' => $encoding,
'subject' => $subject,
'body' => $body,
}) or die "Error: couldn't send email";
return "<?h1 $ML{'/lostinfo_do.bml.password_mailed.title'} h1?>\n" .
"<?p $ML{'/lostinfo_do.bml.password_mailed.text'} p?>";
}
if ($POST{'lostuser'}) {
my $sendto = "";
my $email = LJ::trim($POST{'email_u'});
return LJ::bad_input($ML{'.error.no_email'})
unless $email;
my $dbr = LJ::get_db_reader();
my $sth = $dbr->prepare("SELECT user, status FROM user WHERE email=?");
$sth->execute($email);
my @users;
while (my ($ru, $rs) = $sth->fetchrow_array) {
my $u = LJ::load_user($ru);
next unless $u;
# As the idea is to limit spam to one e-mail address, if any of their username's are
# over the limit, then don't send them any more e-mail.
return LJ::bad_input($ML{'.error.toofrequent'}) unless LJ::rate_log($u, "lostinfo", 1);
push @users, $ru;
}
return LJ::bad_input(BML::ml('/lostinfo_do.bml.error.no_usernames_for_email',
{ 'address' => LJ::ehtml($email) || 'none' }))
unless @users;
# we have valid usernames, build email body
my $body;
$body .= "This is your requested username reminder from $LJ::SITENAME. ";
$body .= "Below are the usernames you have registered for the email address $email:\n\n";
$body .= " $_\n" foreach @users;
$body .= "\nThis information was requested on the website from " . BML::get_remote_host() .
" (" . BML::get_remote_ip() . ").\n\n";
$body .= "Regards,\n$LJ::SITENAME Team\n\n$LJ::SITEROOT/\n";
LJ::send_mail({
'to' => $email,
'from' => $LJ::ADMIN_EMAIL,
'fromname' => $LJ::SITENAME,
'charset' => 'utf-8',
'subject' => "Lost Username",
'body' => $body,
}) or die "Error: couldn't send email";
return "<?h1 $ML{'/lostinfo_do.bml.username_mailed.title'} h1?>\n" .
"<?p $ML{'/lostinfo_do.bml.username_mailed.text'} p?>";
}
# post, but they didn't press a button?
return $ML{'error.nobutton'};
}
_code?>
<=body
page?><?_c <LJDEP>
post: htdocs/lostinfo.bml
</LJDEP> _c?>