body<= \n"; $ret .= "\n"; $ret .= "

\n"; $ret .= "\n"; $ret .= LJ::html_text({ 'name' => 'user', 'size' => 30, 'maxlength' => 15 }) . "

\n"; $ret .= "$ML{'.enter_email_optional'}
\n"; $ret .= LJ::html_text({ 'name' => 'email_p', 'size' => 30, 'maxlength' => 50 }) . "\n"; $ret .= LJ::html_submit('lostpass', $ML{'.btn.proceed'}) . "\n"; $ret .= "standout?>\n

\n"; $ret .= "

\n"; $ret .= "\n"; $ret .= "\n"; $ret .= "\n"; $ret .= LJ::html_text({ 'name' => 'email_u', 'size' => 30, 'maxlength' => 50 }) . "\n"; $ret .= LJ::html_submit('lostuser', $ML{'.btn.proceed'}) . "\n"; $ret .= "standout?>\n

\n"; return $ret; } # we have a post action # note: some lostinfo_do.bml translation strings are used below # because the code was once in lostinfo_do.bml, but later # was merged into this file if ($POST{'lostpass'}) { my $email = LJ::trim($POST{'email_p'}); my $u = LJ::load_user($POST{'user'}); return LJ::bad_input($ML{'error.username_notfound'}) unless $u; my $err = sub { my ($title, $msg) = @_; if ($title && ! $msg) { $msg = $title; $title = $ML{'Error'}; } return "\n"; }; return LJ::bad_input($ML{'.error.toofrequent'}) unless LJ::rate_log($u, "lostinfo", 1); if ($u->{'journaltype'} eq 'Y') { return $err->( $ML{'.error.syndicated'} ); } if ($u->{'journaltype'} eq 'C' && !length $u->{'password'}) { # community with no password return $err->( $ML{'.error.commnopassword'} ); } if ($u->{'statusvis'} eq 'X') { return $err->( $ML{'.error.purged'} ); } if ($u->{'statusvis'} eq 'R') { return $err->( $ML{'.error.renamed'} ); } # Check to see if they are banned from sending a password if (LJ::sysban_check('lostpassword', $u->{'user'})) { LJ::sysban_note($u->{'userid'}, "Password retrieval blocked based on user", { 'user' => $u->{'user'} }); return $err->( $ML{'Sorry'}, $ML{'.error.sysbanned'} ); } # can we send them the password where they want it? # if blank email, then yes. if (! $email) { $email = $u->{'email'}; # if their current email address, then yes. # otherwise, check: # if an old validated email address, then yes. } elsif (lc($email) ne lc($u->{'email'})) { # use the master here, to make sure the results really match # the master and what they see on the old email management page my $dbh = LJ::get_db_writer(); return LJ::bad_input($ML{'/lostinfo_do.bml.error1.text'}) unless $dbh->selectrow_array("SELECT COUNT(*) FROM infohistory ". "WHERE userid=? AND what='email' ". "AND oldvalue=? AND other='A'", undef, $u->{'userid'}, $email); } # email address is okay, build email body my $encoding = 'utf-8'; my $subject = $ML{'/lostinfo_do.bml.lostpasswordmail.subject'}; if (!LJ::is_ascii($subject)) { $subject = MIME::Words::encode_mimeword($subject, 'B', $encoding); } my $body = BML::ml('/lostinfo_do.bml.lostpasswordmail.part1', { 'sitename' => $LJ::SITENAME, 'username' => $u->{'user'}, 'password' => $u->{'password'}, 'emailadr' => $u->{'email'} }) . "\n\n"; if ($u->{'status'} ne "A") { my $aa = LJ::register_authaction($u->{'userid'}, "validateemail", $u->{'email'}); $body .= $ML{'/lostinfo_do.bml.lostpasswordmail.part2'} . "\n\n"; $body .= " $LJ::SITEROOT/confirm/$aa->{'aaid'}.$aa->{'authcode'}\n\n"; } $body .= BML::ml('/lostinfo_do.bml.lostpasswordmail.part3', { 'remoteip' => BML::get_remote_host() . " (" . BML::get_remote_ip() . ")" }); $body .= "\n\n"; # section 4 is optional, and blank in 'en' my $mline = $ML{'/lostinfo_do.bml.lostpasswordmail.part4'}; $body .= $mline . "\n\n" if $mline; $body .= BML::ml('/lostinfo_do.bml.lostpasswordmail.part5', { 'journalurl' => "$LJ::SITEROOT/users/$u->{'user'}/", 'updateurl' => "$LJ::SITEROOT/update.bml?$u->{'user'}", 'rooturl' => "$LJ::SITEROOT/" }) . "\n"; LJ::send_mail({ 'to' => $email, 'from' => $LJ::ADMIN_EMAIL, 'fromname' => $LJ::SITENAME, 'charset' => $encoding, 'subject' => $subject, 'body' => $body, }) or die "Error: couldn't send email"; return "\n" . ""; } if ($POST{'lostuser'}) { my $sendto = ""; my $email = LJ::trim($POST{'email_u'}); return LJ::bad_input($ML{'.error.no_email'}) unless $email; my $dbr = LJ::get_db_reader(); my $sth = $dbr->prepare("SELECT user, status FROM user WHERE email=?"); $sth->execute($email); my @users; while (my ($ru, $rs) = $sth->fetchrow_array) { my $u = LJ::load_user($ru); next unless $u; # As the idea is to limit spam to one e-mail address, if any of their username's are # over the limit, then don't send them any more e-mail. return LJ::bad_input($ML{'.error.toofrequent'}) unless LJ::rate_log($u, "lostinfo", 1); push @users, $ru; } return LJ::bad_input(BML::ml('/lostinfo_do.bml.error.no_usernames_for_email', { 'address' => LJ::ehtml($email) || 'none' })) unless @users; # we have valid usernames, build email body my $body; $body .= "This is your requested username reminder from $LJ::SITENAME. "; $body .= "Below are the usernames you have registered for the email address $email:\n\n"; $body .= " $_\n" foreach @users; $body .= "\nThis information was requested on the website from " . BML::get_remote_host() . " (" . BML::get_remote_ip() . ").\n\n"; $body .= "Regards,\n$LJ::SITENAME Team\n\n$LJ::SITEROOT/\n"; LJ::send_mail({ 'to' => $email, 'from' => $LJ::ADMIN_EMAIL, 'fromname' => $LJ::SITENAME, 'charset' => 'utf-8', 'subject' => "Lost Username", 'body' => $body, }) or die "Error: couldn't send email"; return "\n" . ""; } # post, but they didn't press a button? return $ML{'error.nobutton'}; } _code?> <=body page?> post: htdocs/lostinfo.bml _c?>