xref: /web-bugs/www/bug-pwd-finder.php (revision 9d47b05f) 
1<?php
2
3/* Procedure for emailing a password reminder to a user */
4
5use App\Utils\Captcha;
6
7// Obtain common includes
8require_once '../include/prepend.php';
9
10// Start session (for captcha!)
11session_start();
12
13$captcha = $container->get(Captcha::class);
14
15$errors  = [];
16$success = false;
17$bug_id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : 0;
18$bug_id = $bug_id ? $bug_id : '';
19
20if (isset($_POST['captcha']) && $bug_id != '') {
21     // Check if session answer is set, then compare it with the post captcha value.
22     // If it's not the same, then it's an incorrect password.
23    if (!isset($_SESSION['answer']) || $_POST['captcha'] != $_SESSION['answer']) {
24        $errors[] = 'Incorrect Captcha';
25    }
26
27    // Try to find the email and the password
28    if (empty($errors)) {
29        $query = "SELECT email, passwd FROM bugdb WHERE id = '{$bug_id}'";
30
31        // Run the query
32        $row = $dbh->prepare($query)->execute()->fetch();
33
34        if (is_null($row)) {
35            $errors[] = "Invalid bug id provided: #{$bug_id}";
36        } else {
37            if (empty($row['passwd'])) {
38                $errors[] = "No password found for #$bug_id bug report, sorry.";
39            } else {
40                $new_passwd = bugs_gen_passwd();
41
42                $dbh->prepare(
43                'UPDATE bugdb
44                 SET passwd = ?
45                 WHERE id = ?
46                ')->execute([bugs_get_hash($new_passwd), $bug_id]);
47
48                $resp = bugs_mail($row['email'],
49                         "Password for {$siteBig} bug report #{$bug_id}",
50                         "The password for {$siteBig} bug report #{$bug_id} has been set to: {$new_passwd}",
51                         'From: noreply@php.net');
52
53                if ($resp) {
54                    $success = "The password for bug report #{$bug_id} has been sent to the address associated with this report.";
55                } else {
56                    $errors[] = 'Sorry. Mail can not be sent at this time, please try again later.';
57                }
58            }
59        }
60    }
61}
62
63// Authenticate
64bugs_authenticate($user, $pw, $logged_in, $user_flags);
65
66response_header('Bug Report Password Finder');
67
68echo "<h1>Bug Report Password Finder</h1>\n";
69
70display_bug_error($errors);
71
72if ($success) {
73    echo '<div class="success">'.$success.'</div>';
74}
75
76$_SESSION['answer'] = $captcha->getAnswer();
77
78?>
79
80<p>
81If you need to modify a bug report that you submitted, but have
82forgotten what password you used, this utility can help you.
83</p>
84
85<p>
86Enter in the number of the bug report, press the Send button
87and the password will be mailed to the email address specified
88in the bug report.
89</p>
90
91<form method="post" action="bug-pwd-finder.php">
92<p><b>Bug Report ID:</b> #<input type="text" size="20" name="id" value="<?php echo $bug_id; ?>">
93<p><b>Solve the problem:<br><?php echo $captcha->getQuestion(); ?> <input type="text" name="captcha"></p>
94
95<input type="submit" value="Send"></p>
96</form>
97
98<?php response_footer();
99