ljr/livejournal/htdocs/lostinfo.bml

<?page
title=><?_ml .title _ml?>
body<=
<?_code
{
    use strict;
    use vars qw(%POST);

    LJ::set_active_crumb('lostinfo');

    return LJ::server_down_html() if $LJ::SERVER_DOWN;

    # no post action, just show query form
    unless (LJ::did_post()) {
        my $ret;

        $ret .= "<?h1 $ML{'.lostpassword.title'} h1?>\n";
        $ret .= "<?p $ML{'.lostpassword.text'} p?>\n";

        $ret .= "<form action='lostinfo.bml' method='post'>\n";
        $ret .= "<?standout $ML{'.enter_username'}<br />\n";
        $ret .= LJ::html_text({ 'name' => 'user', 'size' => 30, 'maxlength' => 15 }) . "<br /><br />\n";
        $ret .= "$ML{'.enter_email_optional'}<br />\n";
        $ret .= LJ::html_text({ 'name' => 'email_p', 'size' => 30, 'maxlength' => 50 }) . "\n";
        $ret .= LJ::html_submit('lostpass', $ML{'.btn.proceed'}) . "\n";
        $ret .= "standout?>\n</form>\n";

        $ret .= "<form action='lostinfo.bml' method='post'>\n";
        $ret .= "<?h1 $ML{'.lostusername.title'} h1?>\n";
        $ret .= "<?p $ML{'.lostusername.text'} p?>\n";
        $ret .= "<?standout $ML{'.enter_email'}<br />\n";
        $ret .= LJ::html_text({ 'name' => 'email_u', 'size' => 30, 'maxlength' => 50 }) . "\n";
        $ret .= LJ::html_submit('lostuser', $ML{'.btn.proceed'}) . "\n";
        $ret .= "standout?>\n</form>\n";

        return $ret;
    }

    # we have a post action

    # note: some lostinfo_do.bml translation strings are used below
    # because the code was once in lostinfo_do.bml, but later
    # was merged into this file

    if ($POST{'lostpass'}) {
        my $email = LJ::trim($POST{'email_p'});
        
        my $u = LJ::load_user($POST{'user'});
        return LJ::bad_input($ML{'error.username_notfound'})
            unless $u;

        my $err = sub {
            my ($title, $msg) = @_;
            if ($title && ! $msg) {
                $msg = $title;
                $title = $ML{'Error'};
            }
            return "<?h1 $title h1?>\n<?p $msg p?>";
        };

        return LJ::bad_input($ML{'.error.toofrequent'}) unless LJ::rate_log($u, "lostinfo", 1);

        if ($u->{'journaltype'} eq 'Y') {
            return $err->( $ML{'.error.syndicated'} );
        }

        if ($u->{'journaltype'} eq 'C' && !length $u->{'password'}) {
            # community with no password
            return $err->( $ML{'.error.commnopassword'} );
        }

        if ($u->{'statusvis'} eq 'X') {
            return $err->( $ML{'.error.purged'} );
        }

        if ($u->{'statusvis'} eq 'R') {
            return $err->( $ML{'.error.renamed'} );
        }

        # Check to see if they are banned from sending a password
        if (LJ::sysban_check('lostpassword', $u->{'user'})) {
            LJ::sysban_note($u->{'userid'}, "Password retrieval blocked based on user",
                            { 'user' => $u->{'user'} });
            return $err->( $ML{'Sorry'}, $ML{'.error.sysbanned'} );
        }
        
        # can we send them the password where they want it?
        # if blank email, then yes.
        if (! $email) {
            $email = $u->{'email'};
        
        # if their current email address, then yes.
        # otherwise, check:
        # if an old validated email address, then yes.
        } elsif (lc($email) ne lc($u->{'email'})) {

            # use the master here, to make sure the results really match
            # the master and what they see on the old email management page
            my $dbh = LJ::get_db_writer();
            return LJ::bad_input($ML{'/lostinfo_do.bml.error1.text'})
                unless $dbh->selectrow_array("SELECT COUNT(*) FROM infohistory ".
                                             "WHERE userid=? AND what='email' ".
                                             "AND oldvalue=? AND other='A'",
                                             undef, $u->{'userid'}, $email);
        }

        # email address is okay, build email body
        my $encoding = 'utf-8';
        my $subject = $ML{'/lostinfo_do.bml.lostpasswordmail.subject'};
        if (!LJ::is_ascii($subject)) {
            $subject = MIME::Words::encode_mimeword($subject, 'B', $encoding);
        }

        my $body = BML::ml('/lostinfo_do.bml.lostpasswordmail.part1',
                           { 'sitename' => $LJ::SITENAME,
                             'username' => $u->{'user'},
                             'password' => $u->{'password'},
                             'emailadr' => $u->{'email'} }) . "\n\n";

        if ($u->{'status'} ne "A") {
            my $aa = LJ::register_authaction($u->{'userid'}, "validateemail", $u->{'email'});
            $body .= $ML{'/lostinfo_do.bml.lostpasswordmail.part2'} . "\n\n";
            $body .= "    $LJ::SITEROOT/confirm/$aa->{'aaid'}.$aa->{'authcode'}\n\n";
        }

        $body .= BML::ml('/lostinfo_do.bml.lostpasswordmail.part3',
                         { 'remoteip' => BML::get_remote_host() . " (" . BML::get_remote_ip() . ")" });
        $body .= "\n\n";

        # section 4 is optional, and blank in 'en'
        my $mline = $ML{'/lostinfo_do.bml.lostpasswordmail.part4'};
        $body .= $mline . "\n\n" if $mline;

        $body .= BML::ml('/lostinfo_do.bml.lostpasswordmail.part5',
                         { 'journalurl' => "$LJ::SITEROOT/users/$u->{'user'}/",
                           'updateurl'  => "$LJ::SITEROOT/update.bml?$u->{'user'}",
                           'rooturl'    => "$LJ::SITEROOT/" }) . "\n";

        LJ::send_mail({
            'to' => $email,
            'from' => $LJ::ADMIN_EMAIL,
            'fromname' => $LJ::SITENAME,
            'charset' => $encoding,
            'subject' => $subject,
            'body' => $body,
        }) or die "Error: couldn't send email";

        return "<?h1 $ML{'/lostinfo_do.bml.password_mailed.title'} h1?>\n" .
               "<?p $ML{'/lostinfo_do.bml.password_mailed.text'} p?>";
    }

    if ($POST{'lostuser'}) {

        my $sendto = "";
        my $email = LJ::trim($POST{'email_u'});
        return LJ::bad_input($ML{'.error.no_email'})
            unless $email;
        
        my $dbr = LJ::get_db_reader();
        my $sth = $dbr->prepare("SELECT user, status FROM user WHERE email=?");
        $sth->execute($email);
        my @users;
        while (my ($ru, $rs) = $sth->fetchrow_array) {
            my $u = LJ::load_user($ru);
            next unless $u;
            # As the idea is to limit spam to one e-mail address, if any of their username's are
            # over the limit, then don't send them any more e-mail.
            return LJ::bad_input($ML{'.error.toofrequent'}) unless LJ::rate_log($u, "lostinfo", 1);
            push @users, $ru;
        }
        
        return LJ::bad_input(BML::ml('/lostinfo_do.bml.error.no_usernames_for_email',
                                     { 'address' => LJ::ehtml($email) || 'none' }))
            unless @users;
        
        # we have valid usernames, build email body
        my $body;
        $body .= "This is your requested username reminder from $LJ::SITENAME.  ";
        $body .= "Below are the usernames you have registered for the email address $email:\n\n";

        $body .= "          $_\n" foreach @users;
        
        $body .= "\nThis information was requested on the website from " . BML::get_remote_host() . 
                 " (" . BML::get_remote_ip() . ").\n\n";
        $body .= "Regards,\n$LJ::SITENAME Team\n\n$LJ::SITEROOT/\n";
        
        LJ::send_mail({
            'to' => $email,
            'from' => $LJ::ADMIN_EMAIL,
            'fromname' => $LJ::SITENAME,
            'charset' => 'utf-8',
            'subject' => "Lost Username",
            'body' => $body,
        }) or die "Error: couldn't send email";
        
        return "<?h1 $ML{'/lostinfo_do.bml.username_mailed.title'} h1?>\n" .
               "<?p $ML{'/lostinfo_do.bml.username_mailed.text'} p?>";
    }
        
    # post, but they didn't press a button?
    return $ML{'error.nobutton'};
}
_code?>
<=body
page?><?_c <LJDEP>
post: htdocs/lostinfo.bml
</LJDEP> _c?>