Subversion Repositories PEEPS

Rev

Rev 3 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed 

#!/usr/bin/perl

# Redirect error messages to a log of my choosing. (it's annoying to filter for errors in the shared env)
#my $error_log_path = $ENV{SERVER_NAME} eq "volunteers.rollercon.com" ? "/home3/rollerco/logs/" : "/tmp/";
#close STDERR;
#open STDERR, '>>', $error_log_path.'vorc_error.log' or warn "Failed to open redirected logfile ($0): $!";
#warn "Redirecting errors to ${error_log_path}vorc_error.log";

use strict;
use PEEPS;
use CGI qw/param header start_html url/;
use CGI::Cookie;
use Email::Valid;

#my $cookie_string = authenticate(1) || die;
#my ($EML, $PWD, $LVL) = split /&/, $cookie_string;
my $query = new CGI;
my ($FORM, $userref, $buttonValue, $PEEPSid);
my ($USRMSG, $USRMSGERR, $RO, $PEEPSid_input, $recovery_options) = ("", "", "", "", "");

#if ($ENV{'QUERY_STRING'}) {
if ($ENV{'REQUEST_METHOD'} eq "POST") {
        $FORM->{account} = $query->param('account');
        $FORM->{action} = $query->param('action');
        
        if ($FORM->{action} eq "Cancel") {
                $FORM->{account} = "";
                $FORM->{action} = "";
                $buttonValue = "Search";
        } elsif ($FORM->{action} eq "Search") {
#         if (! Email::Valid->address (-address => $FORM->{account}, -mxcheck => 1, -tldcheck => 1)) {
#           $USRMSGERR = "Mal-formatted (or fake) Email Address!";
#           $FORM->{account} = "";
#           $buttonValue = "Search";
#         } elsif ($userref = getUser($FORM->{account})) {
          if ($userref = getUser($FORM->{account})) {
                        $RO = "readonly";
                        $PEEPSid_input = "<input type=hidden name=PEEPSid value=$userref->{id}>";
                        $USRMSG = "Account found";
                        if ((Email::Valid->address (-address => $FORM->{account}, -mxcheck => 1, -tldcheck => 1) and $FORM->{account} ne $userref->{username}) or $FORM->{account} =~ /^\d+$/) {
                          if ($userref->{username}) {
                                ## account has been set up
                          my $mask = ($userref->{username} =~ s/(..).+(..)/$1 . '*' x (length($&)-4) . $2/e);
                          $USRMSG .= " with Username: $userref->{username}<br>We can either email your username or reset your password...";
                          $recovery_options = " <TR>
                                  <TD valign=top>How can we help?</td>
                                            <TD><input type=radio name=help value=username onclick=\"changeButtonLabel('Email')\"> Email Username<br>
                                                <input type=radio name=help value=password onclick=\"changeButtonLabel('Reset')\"> Reset Password</TD>    
                                    </TR>";
          $buttonValue = "&lt;select&gt;";
            } elsif ($FORM->{account} =~ /^\d+$/) {
                ## account hasn't been set up, and we found it from member id
                          my $mask = $userref->{email};
                          $mask =~ s/(..).+(..@)/$1 . '*' x (length($&)-5) . $2/e;
                $USRMSG .= " with email: $mask, but no Username has been set yet.<br>We can email a temporary password and set your Username to your email address...";
                                  $buttonValue = "Setup";               
            } else {
                ## account hasn't been set up, but they used email address
                $USRMSG .= ", but no Username has been set yet.<br>We can email a temporary password and set your Username to your email address...";
                                  $buttonValue = "Setup";
            }
                        } else {
                          $USRMSG = "Username found.  Click Reset to reset your password, or Cancel to go back";
                          $buttonValue = "Reset";
                        }
                        
                } else {
                        $USRMSGERR = "No user account found.";
                        $buttonValue = "Search";
                }
        } elsif ($FORM->{action} eq "Email") {
          sendUsername ($FORM->{account});
                logit($userref->{id}, "Username Emailed");
                exit;
        } elsif ($FORM->{action} eq "Reset" or $FORM->{action} eq "Setup") {
                if ($userref = getUser($FORM->{account})) {
                        if ($userref->{id} eq $query->param('PEEPSid')) {
#        $userref->{username} = setUsername ($userref) unless $userref->{username};
                resetPass ($userref);
                                exit;                           
                        } else {
                                $USRMSGERR = "There appear to be shenanigans afoot. Please don't.";
                                $buttonValue = "Search";
                        }
                } else {
                        $USRMSGERR = "There appears to be tomfoolery afoot. Please don't.";
                        $buttonValue = "Search";
                }
        }
                
} else {
        $FORM->{account} = "";  
        $FORM->{action} = "";
        $buttonValue = "Search";
}


print CGI::header();

#foreach (sort keys %ENV) {
#       print "$_: $ENV{$_}\n<br>";
#}

printRCHeader("Password Reset");
my $pageURL = url;
$USRMSGERR .= "<TR><TD colspan=2>&nbsp</TD></TR>" if $USRMSGERR;
$USRMSG    .= "<TR><TD colspan=2>&nbsp</TD></TR>" if $USRMSG;

print<<page1;

<p class="hint">Find your account by searching for your username, email address, or member id.<br>

 <FORM method=POST action=$pageURL> $PEEPSid_input
 <table>
        <TR><TD colspan=2>&nbsp</TD></TR>
        <TR><TD colspan=2 align=center>$USRMSG <FONT color=red><b>$USRMSGERR</b></font></TD></TR>
        <TR>
                <TD valign=top align=right><b>Lookup: </b></td>
                <TD valign=top><input type=text name=account value=$FORM->{account} $RO></TD>
        </TR>
        $recovery_options
        <TR><TD colspan=2>&nbsp</TD></TR>
        <TR><TD colspan=2 align=center><input type=submit id=subbutton name=action value=$buttonValue onclick="if (this.value === '&lt;select&gt;') { return false; }"><input type=button name=action value=Cancel onClick="location.href='/'"></TD></TR>
 </table></FORM>
</TABLE>

<script>
  function changeButtonLabel(newlabel) {
    const myButton = document.getElementById('subbutton');
    myButton.value = newlabel;
  }
</script>

page1

sub updateDBPass {
        my ($acctref, $STR) = @_;
        use DBI;
        use WebDB;
        
        my $dbh = WebDB::connect;
        
        my ($test, $PEEPSID) = $dbh->selectrow_array("select count(*), id from person where email = ? group by email", undef, $acctref->{email});
        return "ERROR: Email address [$acctref->{email}] not found." unless $test;
        return "ERROR: Too many accounts found [$acctref->{email}]." unless $test == 1;
        
        my $sth = $dbh->prepare("update authentication set password = password(?) where person_id=?");
        $sth->execute($STR, $PEEPSID);
  
  logit($PEEPSID, "Automated Password Reset");
        return;
}

sub resetPass {
        my $accountref = shift;
        my $pageURL = url;
        $pageURL =~ s|/[^/]+$|/|;
        $pageURL .= "view_user";

        my @chars = ("A".."Z", "a".."z", "1".."0", "(", ")", "-", "_", "*", "^", "!", "[", "]");
        my $string;
        $string .= $chars[rand @chars] for 1..8;
        
        my $include_username;
        if (!$accountref->{username}) {
          $accountref->{username} = setUsername ($accountref);
          $include_username = "Your Username has also been set to: $accountref->{username}<br><br>";
        }
  
        my $error = updateDBPass ($accountref, $string);
  
  if (!$error) {
        use PEEPSMailer;
        my $subject = 'WFTDI PEEPS - Password Reset';
        my $body = "Greetings,<br><br>

It appears as though you've requested us to reset your password.  We've done so, and your new password is:<br><br>$string<br><br>$include_username

We'd recommend you log in and change it to your liking at the following link:<br><br>

$pageURL<br><br>

If you didn't make this request, well, you're still the only one who received this email, and this is now your password.  You should probably let us know that someone is messing with you.<br><br>

-WFTDI PEEPS Automation
";

        # send the message
        EmailUser($accountref->{email}, $subject, $body);
  }


print CGI::header();
print<<resetPage;

<HTML><HEAD><TITLE>WFTDI PEEPS - Password Reset</TITLE></HEAD>
<body text="#000000" bgcolor="#FFFFFF" link="#0000EE" vlink="#551A8B" alink="#FF0000">
<TABLE>
        <TR>
                <TD align=right><img SRC="/images/wftda-insurance-logo.svg" width="250" height="75"></TD>
                <TD align=center valign=middle><b><font size=+3>WFTDI PEEPS<br>Password Reset</font></b></TD>
        </TR>
        <TR><TD colspan=2><div class="error">$error</div>&nbsp</TD></TR>
        <TR><TD colspan=2 align=center>If an account was found, your password was reset and emailed to the address on record.<br>Please check your email (including Spam folders).&nbsp</TD></TR>
        <TR><TD colspan=2>&nbsp</TD></TR>
        <TR><TD colspan=2 align=center><a href=/>[home]</a>&nbsp</TD></TR>
</TABLE>

resetPage
}

sub setUsername {
  my $account = shift;
  
  my $dbh = WebDB::connect;
  $dbh->do ("insert into authentication (person_id, username, activation, locked) values (?, ?, ?, ?)", undef, $account->{id}, $account->{email}, "active", 0);
  
  logit($account->{id}, "Setting Username to Email");
  
  return $account->{email};
}

sub sendUsername {
        my $account = shift;
        my ($pageMSG, $error);
        my $pageURL = url;
        
        $pageURL =~ s|/[^/]+$|/|;
  
        if ($userref = getUser($account)) {
  
    if ($userref->{username}) {
        use PEEPSMailer;
        my $subject = 'WFTDI PEEPS - Username';
        my $body = "Greetings,<br><br>

It appears as though you've requested us to send your username.<br><br>
  
  Username: $userref->{username}

Hopefully this helps you log in.<br><br>

$pageURL<br><br>

If you didn't make this request, well, you're the only one who received this email.<br><br>

-WFTDI PEEPS Automation
";

        # send the message
        EmailUser($userref->{email}, $subject, $body);
        $pageMSG = "Your Username has been emailed to the address on record.<br>Please check your email (including Spam folders).";
    } else {
      $error = "Oddly, we didn't find a Username.";
    }
  } else {
    $error = "Oddly, we didn't find an account.";
  }


print CGI::header();
print<<postSendPage;

<HTML><HEAD><TITLE>WFTDI PEEPS - Password Reset</TITLE></HEAD>
<body text="#000000" bgcolor="#FFFFFF" link="#0000EE" vlink="#551A8B" alink="#FF0000">
<TABLE>
        <TR>
                <TD align=right><img SRC="/images/wftda-insurance-logo.svg" width="250" height="75"></TD>
                <TD align=center valign=middle><b><font size=+3>WFTDI PEEPS<br>Password Reset</font></b></TD>
        </TR>
        <TR><TD colspan=2><div class="error">$error</div>&nbsp</TD></TR>
        <TR><TD colspan=2 align=center>$pageMSG &nbsp;</TD></TR>
        <TR><TD colspan=2>&nbsp</TD></TR>
        <TR><TD colspan=2 align=center><a href=/>[home]</a>&nbsp</TD></TR>
</TABLE>

postSendPage
}