Subversion Repositories VORC

Rev

Rev 65 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
8 - 1 
#!/usr/bin/perl
2 
 
56 bgadell 3 
# Redirect error messages to a log of my choosing. (it's annoying to filter for errors in the shared env)
4 
my $error_log_path = $ENV{SERVER_NAME} eq "volunteers.rollercon.com" ? "/home3/rollerco/logs/" : "/tmp/";
5 
close STDERR;
6 
open STDERR, '>>', $error_log_path.'vorc_error.log' or warn "Failed to open redirected logfile ($0): $!";
7 
#warn "Redirecting errors to ${error_log_path}vorc_error.log";
8 
 
8 - 9 
use strict;
10 
use cPanelUserConfig;
11 
use RollerCon;
12 
use CGI;
13 
use CGI::Cookie;
14 
 
15 
#my $cookie_string = authenticate(1) || die;
16 
#my ($EML, $PWD, $LVL) = split /&/, $cookie_string;
17 
my $query = new CGI;
18 
my ($FORM, $userref, $buttonValue, $RCid);
19 
my ($USRMSG, $USRMSGERR, $RO, $RCid_input) = ("", "", "", "");
20 
 
21 
if ($ENV{'QUERY_STRING'}) {
22 
	$FORM->{email} = $query->param('email');
23 
	$FORM->{action} = $query->param('action');
24 
 
25 
	if ($FORM->{action} eq "Cancel") {
26 
		$FORM->{email} = "";
27 
		$FORM->{action} = "";
28 
		$buttonValue = "Lookup";
29 
	} elsif ($FORM->{action} eq "Lookup") {
30 
		if ($userref = getUser($FORM->{email})) {
31 
			$USRMSG = "User info found.  Click Reset to reset your password, or Cancel to go back";
32 
			$buttonValue = "Reset";
33 
			$RO = "readonly";
34 
			$RCid_input = "<input type=hidden name=RCid value=$userref->{RCid}>";
35 
		} else {
36 
			$USRMSGERR = "No user found with that email address.";
37 
			$buttonValue = "Lookup";
38 
		}
39 
	} elsif ($FORM->{action} eq "Reset") {
40 
		if ($userref = getUser($FORM->{email})) {
41 
			if ($userref->{RCid} eq $query->param('RCid')) {
42 
				&resetPass($FORM->{email});
43 
				logit($userref->{RCid}, "Automated Password Reset");
44 
				exit;
45 
			} else {
46 
				$USRMSGERR = "There appear to be shenanigans afoot. Please don't.";
47 
				$buttonValue = "Lookup";
48 
			}
49 
		} else {
50 
			$USRMSGERR = "There appears to be tomfoolery afoot. Please don't.";
51 
			$buttonValue = "Lookup";
52 
		}
53 
	}
54 
 
55 
} else {
56 
	$FORM->{email} = "";
57 
	$FORM->{action} = "";
58 
	$buttonValue = "Lookup";
59 
}
60 
 
61 
 
62 
print CGI::header();
63 
 
64 
#foreach (sort keys %ENV) {
65 
#	print "$_: $ENV{$_}\n<br>";
66 
#}
67 
 
68 
printRCHeader("Password Reset");
69 
print<<page1;
70 
 
71 
<p class="hint">This will reset a user's password to a random string and email that new password to them.<br>
72 
They will still need access to their email to get logged back in.</p>
73 
 
74 
 <FORM method=GET action=password_reset.pl> $RCid_input
75 
	<TR><TD colspan=2>&nbsp</TD></TR>
76 
	<TR><TD colspan=2 align=center>$USRMSG <FONT color=red><b>$USRMSGERR</b></font></TD></TR>
77 
	<TR>
78 
		<TD valign=top align=right><b>Email Address: </b></td>
79 
		<TD valign=top><input type=text name=email value=$FORM->{email} $RO></TD>
80 
	</TR>
81 
	<TR><TD colspan=2>&nbsp</TD></TR>
82 
	<TR><TD colspan=2 align=center><input type=submit name=action value=$buttonValue><input type=button name=action value=Cancel onClick="location.href='/schedule/'"></TD></TR>
83 
 </FORM>
84 
</TABLE>
85 
page1
86 
 
87 
sub updateDBPass {
88 
	my ($EM, $STR) = @_;
89 
	use DBI;
10 - 90 
	use WebDB;
91 
 
92 
	my $dbh = WebDB->connect;
65 bgadell 93 
 
94 
	my ($test) = $dbh->selectrow_array("select count(*) from official where email = ?", undef, $EM);
95 
	return "ERROR: Email address [$EM] not found." unless $test;
96 
 
8 - 97 
	my $sth = $dbh->prepare("update official set password = password(?) where email=?");
98 
	$sth->execute($STR, $EM);
65 bgadell 99 
	return 0;
8 - 100 
}
101 
 
102 
sub resetPass {
103 
	my $email = shift;
104 
 
105 
	my @chars = ("A".."Z", "a".."z", "1".."0", "(", ")", "-", "_", "*", "^", "!", "[", "]");
106 
	my $string;
107 
	$string .= $chars[rand @chars] for 1..8;
108 
 
65 bgadell 109 
	my $error = &updateDBPass($email, $string);
110 
 
111 
  if (!$error) {
112 
  	use RCMailer;
113 
  	my $subject = 'RollerCon Officials Schedule Manager - Password Reset';
114 
  	my $body = "Greetings,<br><br>
8 - 115 
 
65 bgadell 116 
It appears as though you've requested us to reset your password.  We've done so, and your new password is '$string' (without the quotes).<br><br>
8 - 117 
 
65 bgadell 118 
We'd recommend you log in and change it to your liking at the following link:<br><br>
8 - 119 
 
65 bgadell 120 
https://volunteers.rollercon.com/schedule/view_user.pl<br><br>
8 - 121 
 
65 bgadell 122 
If you didn't make this request, well, you're still the only one who received this email, and this is now your password.  You should probably let us know that someone is messing with you.<br><br>
8 - 123 
 
124 
-RollerCon Officiating Management
125 
";
126 
 
65 bgadell 127 
  	# send the message
128 
  	EmailUser($email, $subject, $body);
129 
  }
8 - 130 
 
131 
 
132 
print CGI::header();
133 
print<<resetPage;
134 
 
135 
<HTML><HEAD><TITLE>RollerCon Officials Schedule Manager - Password Reset</TITLE></HEAD>
136 
<body text="#000000" bgcolor="#FFFFFF" link="#0000EE" vlink="#551A8B" alink="#FF0000">
137 
<TABLE>
138 
	<TR>
139 
		<TD align=right><img SRC="/logo.jpg"></TD>
140 
		<TD align=center valign=middle><b><font size=+3>RollerCon Official<br>Schedule Manager<br>Password Reset</font></b></TD>
141 
	</TR>
65 bgadell 142 
	<TR><TD colspan=2><div class="error">$error</div>&nbsp</TD></TR>
143 
	<TR><TD colspan=2 align=center>If an account was found, your password was reset and emailed to the address on record.<br>Please check your email (including Spam folders).&nbsp</TD></TR>
8 - 144 
	<TR><TD colspan=2>&nbsp</TD></TR>
145 
	<TR><TD colspan=2 align=center><a href=/schedule/>[home]</a>&nbsp</TD></TR>
146 
</TABLE>
147 
 
148 
resetPage
149 
}