| 8 |
- |
1 |
#!/usr/bin/perl
|
|
|
2 |
|
| 56 |
bgadell |
3 |
# Redirect error messages to a log of my choosing. (it's annoying to filter for errors in the shared env)
|
|
|
4 |
my $error_log_path = $ENV{SERVER_NAME} eq "volunteers.rollercon.com" ? "/home3/rollerco/logs/" : "/tmp/";
|
|
|
5 |
close STDERR;
|
|
|
6 |
open STDERR, '>>', $error_log_path.'vorc_error.log' or warn "Failed to open redirected logfile ($0): $!";
|
|
|
7 |
#warn "Redirecting errors to ${error_log_path}vorc_error.log";
|
|
|
8 |
|
| 8 |
- |
9 |
use strict;
|
|
|
10 |
use cPanelUserConfig;
|
|
|
11 |
use RollerCon;
|
|
|
12 |
use CGI;
|
|
|
13 |
use CGI::Cookie;
|
|
|
14 |
|
|
|
15 |
#my $cookie_string = authenticate(1) || die;
|
|
|
16 |
#my ($EML, $PWD, $LVL) = split /&/, $cookie_string;
|
|
|
17 |
my $query = new CGI;
|
|
|
18 |
my ($FORM, $userref, $buttonValue, $RCid);
|
|
|
19 |
my ($USRMSG, $USRMSGERR, $RO, $RCid_input) = ("", "", "", "");
|
|
|
20 |
|
|
|
21 |
if ($ENV{'QUERY_STRING'}) {
|
|
|
22 |
$FORM->{email} = $query->param('email');
|
|
|
23 |
$FORM->{action} = $query->param('action');
|
|
|
24 |
|
|
|
25 |
if ($FORM->{action} eq "Cancel") {
|
|
|
26 |
$FORM->{email} = "";
|
|
|
27 |
$FORM->{action} = "";
|
|
|
28 |
$buttonValue = "Lookup";
|
|
|
29 |
} elsif ($FORM->{action} eq "Lookup") {
|
|
|
30 |
if ($userref = getUser($FORM->{email})) {
|
|
|
31 |
$USRMSG = "User info found. Click Reset to reset your password, or Cancel to go back";
|
|
|
32 |
$buttonValue = "Reset";
|
|
|
33 |
$RO = "readonly";
|
|
|
34 |
$RCid_input = "<input type=hidden name=RCid value=$userref->{RCid}>";
|
|
|
35 |
} else {
|
|
|
36 |
$USRMSGERR = "No user found with that email address.";
|
|
|
37 |
$buttonValue = "Lookup";
|
|
|
38 |
}
|
|
|
39 |
} elsif ($FORM->{action} eq "Reset") {
|
|
|
40 |
if ($userref = getUser($FORM->{email})) {
|
|
|
41 |
if ($userref->{RCid} eq $query->param('RCid')) {
|
|
|
42 |
&resetPass($FORM->{email});
|
|
|
43 |
logit($userref->{RCid}, "Automated Password Reset");
|
|
|
44 |
exit;
|
|
|
45 |
} else {
|
|
|
46 |
$USRMSGERR = "There appear to be shenanigans afoot. Please don't.";
|
|
|
47 |
$buttonValue = "Lookup";
|
|
|
48 |
}
|
|
|
49 |
} else {
|
|
|
50 |
$USRMSGERR = "There appears to be tomfoolery afoot. Please don't.";
|
|
|
51 |
$buttonValue = "Lookup";
|
|
|
52 |
}
|
|
|
53 |
}
|
|
|
54 |
|
|
|
55 |
} else {
|
|
|
56 |
$FORM->{email} = "";
|
|
|
57 |
$FORM->{action} = "";
|
|
|
58 |
$buttonValue = "Lookup";
|
|
|
59 |
}
|
|
|
60 |
|
|
|
61 |
|
|
|
62 |
print CGI::header();
|
|
|
63 |
|
|
|
64 |
#foreach (sort keys %ENV) {
|
|
|
65 |
# print "$_: $ENV{$_}\n<br>";
|
|
|
66 |
#}
|
|
|
67 |
|
|
|
68 |
printRCHeader("Password Reset");
|
|
|
69 |
print<<page1;
|
|
|
70 |
|
|
|
71 |
<p class="hint">This will reset a user's password to a random string and email that new password to them.<br>
|
|
|
72 |
They will still need access to their email to get logged back in.</p>
|
|
|
73 |
|
|
|
74 |
<FORM method=GET action=password_reset.pl> $RCid_input
|
|
|
75 |
<TR><TD colspan=2> </TD></TR>
|
|
|
76 |
<TR><TD colspan=2 align=center>$USRMSG <FONT color=red><b>$USRMSGERR</b></font></TD></TR>
|
|
|
77 |
<TR>
|
|
|
78 |
<TD valign=top align=right><b>Email Address: </b></td>
|
|
|
79 |
<TD valign=top><input type=text name=email value=$FORM->{email} $RO></TD>
|
|
|
80 |
</TR>
|
|
|
81 |
<TR><TD colspan=2> </TD></TR>
|
|
|
82 |
<TR><TD colspan=2 align=center><input type=submit name=action value=$buttonValue><input type=button name=action value=Cancel onClick="location.href='/schedule/'"></TD></TR>
|
|
|
83 |
</FORM>
|
|
|
84 |
</TABLE>
|
|
|
85 |
|
|
|
86 |
page1
|
|
|
87 |
|
|
|
88 |
sub updateDBPass {
|
|
|
89 |
my ($EM, $STR) = @_;
|
|
|
90 |
use DBI;
|
| 10 |
- |
91 |
use WebDB;
|
|
|
92 |
|
|
|
93 |
my $dbh = WebDB->connect;
|
| 8 |
- |
94 |
my $sth = $dbh->prepare("update official set password = password(?) where email=?");
|
|
|
95 |
$sth->execute($STR, $EM);
|
|
|
96 |
}
|
|
|
97 |
|
|
|
98 |
sub resetPass {
|
|
|
99 |
my $email = shift;
|
|
|
100 |
|
|
|
101 |
my @chars = ("A".."Z", "a".."z", "1".."0", "(", ")", "-", "_", "*", "^", "!", "[", "]");
|
|
|
102 |
my $string;
|
|
|
103 |
$string .= $chars[rand @chars] for 1..8;
|
|
|
104 |
|
|
|
105 |
&updateDBPass($email, $string);
|
|
|
106 |
|
|
|
107 |
use RCMailer;
|
|
|
108 |
my $subject = 'RollerCon Officials Schedule Manager - Password Reset';
|
|
|
109 |
my $body = "Greetings,
|
|
|
110 |
|
| 29 |
- |
111 |
It appears as though you've requested us to reset your password. We've done so, and your new password is '$string' (without the quotes).
|
| 8 |
- |
112 |
|
|
|
113 |
We'd recommend you log in and change it to your liking at the following link:
|
|
|
114 |
|
| 56 |
bgadell |
115 |
https://volunteers.rollercon.com/schedule/view_user.pl
|
| 8 |
- |
116 |
|
|
|
117 |
If you didn't make this request, well, you're still the only one who received this email, and this is now your password. You should probably let us know that someone is messing with you.
|
|
|
118 |
|
|
|
119 |
-RollerCon Officiating Management
|
|
|
120 |
";
|
|
|
121 |
|
|
|
122 |
# send the message
|
|
|
123 |
EmailUser($email, $subject, $body);
|
|
|
124 |
|
|
|
125 |
|
|
|
126 |
print CGI::header();
|
|
|
127 |
print<<resetPage;
|
|
|
128 |
|
|
|
129 |
<HTML><HEAD><TITLE>RollerCon Officials Schedule Manager - Password Reset</TITLE></HEAD>
|
|
|
130 |
<body text="#000000" bgcolor="#FFFFFF" link="#0000EE" vlink="#551A8B" alink="#FF0000">
|
|
|
131 |
<TABLE>
|
|
|
132 |
<TR>
|
|
|
133 |
<TD align=right><img SRC="/logo.jpg"></TD>
|
|
|
134 |
<TD align=center valign=middle><b><font size=+3>RollerCon Official<br>Schedule Manager<br>Password Reset</font></b></TD>
|
|
|
135 |
</TR>
|
|
|
136 |
<TR><TD colspan=2> </TD></TR>
|
|
|
137 |
<TR><TD colspan=2 align=center>Your password has been reset and emailed to the address on record.<br>Please check your email (including Spam folders). </TD></TR>
|
|
|
138 |
<TR><TD colspan=2> </TD></TR>
|
|
|
139 |
<TR><TD colspan=2 align=center><a href=/schedule/>[home]</a> </TD></TR>
|
|
|
140 |
</TABLE>
|
|
|
141 |
|
|
|
142 |
resetPage
|
|
|
143 |
}
|