verify.php

   1 <?php
   2 # MantisBT - A PHP based bugtracking system
   3
   4 # MantisBT is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License as published by
   6 # the Free Software Foundation, either version 2 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # MantisBT is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * @package MantisBT
  19  * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
  20  * @copyright Copyright (C) 2002 - 2010  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  21  * @author Marcello Scata' <marcelloscata at users.sourceforge.net> ITALY
  22  * @link http://www.mantisbt.org
  23  *
  24  * @uses core.php
  25  * @uses authentication_api.php
  26  * @uses config_api.php
  27  * @uses constant_inc.php
  28  * @uses gpc_api.php
  29  * @uses print_api.php
  30  * @uses user_api.php
  31  */
  32
  33 # don't auto-login when trying to verify new user
  34 $g_login_anonymous = false;
  35
  36 require_once( 'core.php' );
  37 require_api( 'authentication_api.php' );
  38 require_api( 'config_api.php' );
  39 require_api( 'constant_inc.php' );
  40 require_api( 'gpc_api.php' );
  41 require_api( 'print_api.php' );
  42 require_api( 'user_api.php' );
  43
  44 # check if at least one way to get here is enabled
  45 if ( OFF == config_get( 'allow_signup' ) &&
  46         OFF == config_get( 'lost_password_feature' ) &&
  47         OFF == config_get( 'send_reset_password' ) ) {
  48         trigger_error( ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR );
  49 }
  50
  51 $f_user_id = gpc_get_string('id');
  52 $f_confirm_hash = gpc_get_string('confirm_hash');
  53
  54 # force logout on the current user if already authenticated
  55 if( auth_is_user_authenticated() ) {
  56         auth_logout();
  57
  58         # reload the page after logout
  59         print_header_redirect( "verify.php?id=$f_user_id&confirm_hash=$f_confirm_hash" );
  60 }
  61
  62 $t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id );
  63
  64 if ( $f_confirm_hash != $t_calculated_confirm_hash ) {
  65         trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR );
  66 }
  67
  68 # set a temporary cookie so the login information is passed between pages.
  69 auth_set_cookies( $f_user_id, false );
  70
  71 user_reset_failed_login_count_to_zero( $f_user_id );
  72 user_reset_lost_password_in_progress_count_to_zero( $f_user_id );
  73
  74 # fake login so the user can set their password
  75 auth_attempt_script_login( user_get_field( $f_user_id, 'username' ) );
  76
  77 user_increment_failed_login_count( $f_user_id );
  78
  79 include ( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'account_page.php' );
  80