Odyssey
hcuResetPwd.prg
1 <?php
2  /*
3  * File: hcuResetPwd.prg
4  *
5  * Purpose: Allow the user to reset their password and have the new one e-mailed to them.
6  *
7  */
8 
9  // ** SET SCRIPT LEVEL VARIABLE
10 
11  // ** INCLUDE MAIN GLOBAL SCRIPT -- Handles security / global variable values
12  $serviceSkipCredentials = true;
13  $serviceSkipSecurity = true;
14  $serviceShowInfo = false;
15  $serviceLoadMenu = false;
16 
17  require_once(dirname(__FILE__) . '/../library/hcuService.i');
18 
19  // ** IMPORT Variables from form
20  $HB_ENV["HCUPOST"]= array();
21  $dmsValuesList = array('resetLogin'=>'string', 'resetEmail'=>'string', 'action'=>'string');
22 
23  HCU_ImportVars($HB_ENV, 'HCUPOST', $dmsValuesList);
24 
25  // grab the action
26  $action = HCU_array_key_exists("action", $HB_ENV["HCUPOST"]) ? $HB_ENV["HCUPOST"]["action"] : "";
27 
28  // ** INSERT BUSINESS LOGIC FOR THIS FORM
29  $cu = preg_replace("/[^A-Za-z0-9]/","",$_GET['cu']);
30  $cu = substr($cu,0,12);
31  $chome = strtolower($cu);
32 
33  // see if there is an admin email
34  $sql= "select email from cuadmnotify
35  where role='preset' and cu='$cu'";
36  $sth = db_query($sql,$dbh);
37  list($admEmail) = db_fetch_array($sth,0);
38  $admEmail = preg_replace("/ +$/","",$admEmail);
39  $admEmail = trim( $admEmail );
40  db_free_result($sth);
41 
42  // get the return address for sending an email message to the user
43  $sql= "select email from cuadmnotify
44  where role='presetfrom' and cu='$cu'";
45  $sth = db_query($sql,$dbh);
46  list($admFrom) = db_fetch_array($sth,0);
47  $admFrom = preg_replace("/ +$/","",$admFrom);
48  $admFrom = trim( $admFrom );
49  db_free_result($sth);
50 
51  // get some configuration settings
52  $sql="select flagset, flagset2, coalesce(retrylimit,5), coalesce(gracelimit,5)
53  from cuadmin where cu='$cu'";
54  $sth = db_query($sql,$dbh);
55  list($flagset, $flagset2, $retry, $grace) = db_fetch_array($sth,0);
56  db_free_result($sth);
57 
58 
59  $featureNotSet = false;
60  if ( $admFrom == "" || ($flagset & $CU_MEMRESET) == 0 ) {
61  $screenTitle = $MC->msg("Feature Unavailable", HCU_DISPLAY_AS_HTML);
62  $screenContents = $MC->msg('Feature Not Set', HCU_DISPLAY_AS_HTML) . ". " . $MC->msg('Contact CU', HCU_DISPLAY_AS_HTML);
63  $featureNotSet = true;
64  } else if ( $action == "unlock" ) {
65  $msg="";
66  # make sure account is valid and email matches here. If not, set msg
67  #
68  $userName= $HB_ENV["HCUPOST"]["resetLogin"];
69  $member = strtolower($userName);
70  $member = trim($member);
71  if ( preg_match("/[\\\`,\"\s;]/", $member) ) {
72  $msg .= $MC->msg("Invalid Username or Password", HCU_DISPLAY_AS_HTML) . "<br>";
73  } else {
74  $qby='lower(user_name) = ';
75 
76  $sql= "select user_id, trim(user_name), email, passwd, failedremain,
77  userflags & {$MEM_FORCE_RESET}::int4 from {$HB_ENV["cu"]}user
78  where $qby '" . prep_save($member) . "'";
79  $sth = db_query($sql,$dbh);
80  $rcount = db_num_rows($sth);
81  list( $saveUserId, $saveUser, $savedEmail, $currPasswd, $fRemain, $fReset) =
82  db_fetch_array($sth,0);
83  $savedEmail = preg_replace("/ +$/","",$savedEmail);
84  db_free_result($sth);
85 
86  $resetEmail= trim( $HB_ENV["HCUPOST"]["resetEmail"] );
87  $resetEmail = ( validateEmail($resetEmail) ? $resetEmail : "");
88 
89  if ($rcount == 0 || $resetEmail == "" || strtoupper($savedEmail) != strtoupper($resetEmail)) {
90  $msg .= $MC->msg("Email Address Mismatch", HCU_DISPLAY_AS_HTML). "<br>";
91  }
92  if ($fRemain < 0) {
93  $msg .= $MC->msg("Account Locked by Credit Union", HCU_DISPLAY_AS_HTML) . "<br>";
94  }
95  // FIRST AMERICAN ONLY -- REMOVING TEMPORARILY SO USERS CAN RESET PASSWORD IF SECURITY RESET IS ON
96  if ($fReset == 2) {
97  $msg .= $MC->msg("Account Flagged for Security Reset", HCU_DISPLAY_AS_HTML) . "<br>";
98  }
99 
100  // if password is "NULL PASSWORD" it means they haven't signed onto homebanking yet
101  if ( trim( $currPasswd ) == "NULL PASSWORD" ) {
102  $msg = $MC->msg('Never Logged In Reset', HCU_DISPLAY_AS_HTML);
103  }
104  }
105 
106  if (empty($msg)) {
107  // make the new password
108  $newPass =`/usr/bin/pwgen --numerals --no-capitalize 8 1`;
109  $hash = password_hash(rtrim($newPass), PASSWORD_DEFAULT);
110 
111  // update the user's entry
112  $updTable = array('user' => array(
113  array(
114  "_action" => "update",
115  "user_id" => $saveUserId
116  )
117  )
118  );
119  $updTable['user'][0]['passwd'] = $hash;
120  $updTable['user'][0]['forcechange'] = 'Y';
121  $updTable['user'][0]['failedremain'] = $retry;
122  $updTable['user'][0]['forceremain'] = $grace;
123  $updTable['user'][0]['pwchange'] = DBTIMESTAMP_USENOW;
124 
125  $updateResults = DataUserTableUpdate($dbh, $HB_ENV, $MC, $updTable, $saveUserId, 'U_UPD', $HB_ENV["platform"],
126  $HB_ENV["currentscript"], 'U', "Reset Password", $userName, $savedEmail,
127  $HB_ENV["remoteIp"] ); // don't suppress audit
128 
129  if ( $updateResults !== false ) {
130  db_free_result($sth);
131  # mail new pass ($newpass) to user at $saved_email address
132  $notify = new ErrorMail;
133  $notify->mailto= $savedEmail;
134  $notify->mailfromname = $HB_ENV['orgname'];
135  $notify->mailfrom= $admFrom;
136  $notify->replyto= $admFrom;
137  $notify->subject= $MC->msg("Home Banking Password", HCU_DISPLAY_AS_RAW);
138  $notify->msgbody = $MC->msg("password reset requested", HCU_DISPLAY_AS_RAW) . "\n\n";
139  $notify->msgbody .= $MC->msg("new password is", HCU_DISPLAY_AS_RAW) . " $newPass\n\n";
140  $notify->msgbody .= $MC->combo_msg("Must change password soon", HCU_DISPLAY_AS_RAW, "#NUMREMAIN#", $grace) . "\n\n";
141  $notify->msgbody .= date("m/d/Y H:i:s T");
142  $notify->callingfunction = __FUNCTION__;
143  $notify->file = __FILE__;
144  $notify->cu = $cu;
145  $notify->SendMail();
146 
147  # mail msg that user reset pwd to CU at $adm_email address, if configured
148  if ( $admEmail != "" ) {
149  $notify = new ErrorMail;
150  $notify->mailto=$admEmail;
151  $notify->replyto="support@homecu.net";
152  $notify->subject="Password Reset for Member $saveUser";
153  $notify->msgbody = "Password Reset for Member $saveUser\n\n";
154  $notify->msgbody .= "A new password has been generated for Member $saveUser\n";
155  $notify->msgbody .= "and mailed to $savedEmail\n\n";
156  $notify->msgbody .= date("m/d/Y H:i:s T");
157  $notify->SendMail();
158  }
159 
160  # show "Password changed and mailed" screen
161  $screenTitle = $MC->msg("Reset Password", HCU_DISPLAY_AS_HTML );
162  $screenContents = $MC->msg("Mailed Password", HCU_DISPLAY_AS_HTML) .
163  "<br /><br />" .
164  $MC->combo_msg("Mailed Password Warn Junk",HCU_DISPLAY_AS_HTML,"#adm_from#","$admFrom");
165  } else {
166  $screenTitle = $MC->msg("Reset Password", HCU_DISPLAY_AS_HTML );
167  $screenContents = $MC->msg("Unable to update password", HCU_DISPLAY_AS_HTML);
168  }
169  } else {
170  $screenTitle = $MC->msg("Reset Password", HCU_DISPLAY_AS_HTML );
171  $screenContents = $msg;
172 
173  $action = "error";
174  }
175  }
176 
177  // ** Load any fragments here
178  if ( $action != "unlock" ) {
179  $resetNoticeAry = Get_NoticeInfo($dbh, $HB_ENV, $MC, "D", "resetMemberPwd");
180 
181  $noticeDisplay ="";
182  if ($resetNoticeAry['status']['code'] === '000' && count($resetNoticeAry['notice']) > 0 && !$featureNotSet) {
183  $noticeDisplay = $resetNoticeAry['notice'][0]['notice_text'];
184  } else {
185  $screenTitle = $MC->msg("Reset Password", HCU_DISPLAY_AS_HTML );
186  $screenContents = $MC->msg("Feature Unavailable", HCU_DISPLAY_AS_HTML);
187 
188  // This is an error case.
189  $action = "error";
190  }
191  }
192 
193  // ** INCLUDE PRE CONTENT SCRIPT
194  require_once(dirname(__FILE__) . '/../includes/hcuPreContent.i');
195 
196  /*
197  * ** START CONTENT
198  */
199  ?>
200 
201  <style type="text/css">
202  .container-fluid-margin {
203  margin: 15px;
204  }
205 
206  .k-block > .k-header {
207  white-space: normal;
208  height: 100%;
209  }
210 
211  .hcu-info-margin, .hcu-error-margin {
212  margin: 15px 0;
213  }
214 
215  .hcu-info-padding, .hcu-error-padding {
216  padding: 15px;
217  }
218 
219  .hcu-full-width {
220  width: 100%;
221  }
222  /* top-bottom margin */
223  .hcu-container-margin {
224  margin: 15px 0;
225  }
226 
227  .hcu-template .hcu-edit-buttons {
228  bottom: initial;
229  }
230 
231  .hide-for-apps {
232  <?php if ( isset( $_COOKIE["cookie"] ) && $_COOKIE["cookie"] == "mobile_app_access" ) { ?>
233  display: none;
234  <?php } ?>
235  }
236  </style>
237  <?php if ( $action == "unlock") { ?>
238  <div class="container-fluid container-fluid-margin hcu-template">
239  <div class='well well-sm col-xs-12 col-md-8 col-lg-6'>
240 
241  <h3><?php echo $screenTitle; ?></h3>
242 
243  <div class='k-block k-info-colored hcu-info-margin'>
244  <div class="hcu-info-padding">
245  <span><?php print $screenContents; ?></span>
246  </div>
247  </div>
248  <div class="hcu-edit-buttons k-state-default">
249  <a href="##" id="btnStartOver"><?php echo $MC->msg('Start Over', HCU_DISPLAY_AS_HTML) ?></a>
250  &emsp;
251  <a href="##" id="btnBack" class="k-button k-primary hide-for-apps">
252  <i class="fa fa-check fa-lg"></i><?php echo $MC->msg('Log In', HCU_DISPLAY_AS_HTML) ?>
253  </a>
254  </div>
255  </div>
256 
257  </div>
258 
259  <?php } else { ?>
260 
261 
262  <div class="container-fluid container-fluid-margin hcu-template">
263  <div class='well well-sm col-xs-12 col-md-8 col-lg-6'>
264  <h3><?php echo $MC->msg("Reset Password", HCU_DISPLAY_AS_HTML); ?></h3>
265 
266  <form class='formInputx' id='formReset' name='formReset' method="post">
267  <input type=hidden name='action' value='unlock'>
268 
269  <?php if ( strlen( $noticeDisplay ) ) { ?>
270  <div id='noticeContent' class='k-block k-info-colored hcu-info-margin'>
271  <div class="hcu-info-padding">
272  <span><?php print $noticeDisplay; ?></span>
273  </div>
274  </div>
275  <?php
276  }
277 
278  /*
279  * Need to setup the Login ID Text.
280  * Based on settings for the credit union in Monitor, they will either be entering
281  * a 'Login ID' or an 'Account Number'
282  *
283  */
284  if (($HB_ENV['flagset2'] & $GLOBALS['CU2_ALIAS_REQ']) > 0 || (($HB_ENV['flagset2'] & $GLOBALS['CU2_ALIAS_OK']) > 0)) {
285  // ** The Credit union IS setup for some form of user alias, required OR allowed
286  // * The member will be asked for Login ID
287  $hbLoginText = $MC->msg('Login ID', HCU_DISPLAY_AS_HTML);
288  $hbLoginValMsg = $MC->msg('Please enter your login id', HCU_DISPLAY_AS_HTML);
289  $hbLoginHelp = "<span class='fa fa-question-circle-o' id='loginTip'></span>";
290  } else {
291  // ** The Credit union does not have any alias set.
292  // * the member will be asked for Account Number
293  $hbLoginText = $MC->msg('Account Number', HCU_DISPLAY_AS_HTML);
294  $hbLoginValMsg = $MC->msg('Please enter your account number', HCU_DISPLAY_AS_HTML);
295  $hbLoginHelp = "";
296  }
297 
298  ?>
299  <fieldset class="row">
300  <div class="col-xs-12 col-sm-12 hcu-container-margin">
301  <label for="resetLogin">
302  <?php echo $hbLoginText; ?>: <?php echo $hbLoginHelp ?>
303  </label>
304  <input type="text" id="resetLogin" name="resetLogin" class="k-textbox hcu-full-width" value="" required
305  placeholder="<?php echo $hbLoginValMsg; ?>"
306  data-required-msg="<?php echo $MC->msg('Username Required', HCU_DISPLAY_AS_HTML) ?>."/>
307  </div>
308 
309  <div class="col-xs-12 col-sm-12 hcu-container-margin">
310  <label for="resetEmail"><?php echo $MC->msg('Email Address', HCU_DISPLAY_AS_HTML); ?>:
311  <span class="fa fa-question-circle-o" id="emailTip"></span>
312  </label>
313  <input type="email" id="resetEmail" name="resetEmail" class="k-textbox hcu-full-width" value="" required
314  placeholder="<?php echo $MC->msg('Email Address', HCU_DISPLAY_AS_HTML); ?>"
315  data-required-msg="<?php echo $MC->msg('EMail Missing', HCU_DISPLAY_AS_HTML) ?>."
316  data-email-msg="<?php echo $MC->msg('Email appears invalid', HCU_DISPLAY_AS_HTML); ?>"/>
317  </div>
318  </fieldset>
319 
320 
321  <br/>
322 
323  <div class="hcu-edit-buttons k-state-default">
324  <a href="##" id="btnBack" class="hide-for-apps"><?php echo $MC->msg('Back', HCU_DISPLAY_AS_HTML) ?></a>
325  &emsp;
326  <a href="##" id="btnReset" class="k-button k-primary">
327  <i class="fa fa-check fa-lg"></i><?php echo $MC->msg('Reset Password', HCU_DISPLAY_AS_HTML) ?>
328  </a>
329  </div>
330 
331  </form>
332  </div>
333 
334 
335  </div>
336 
337 <?php } ?>
338 <script type="text/javascript">
339 $(document).ready(function() {
340  CloseWaitWindow();
341 
342  homecuTooltip.bind({ emailTip: "<?php echo $MC->msg("Match Saved Email", HCU_DISPLAY_AS_JS); ?>" });
343 
344  <?php if ( isset($hbLoginHelp) && strlen( $hbLoginHelp ) > 0 ) { ?>
345 
346  homecuTooltip.bind({ loginTip: "<?php echo $MC->msg("Username NoBypass Unlock", HCU_DISPLAY_AS_JS); ?>" });
347 
348  <?php } ?>
349 
350  if ($("#formReset").length > 0) {
351  $.homecuValidator.setup({
352  formValidate:'formReset',
353  formErrorTitle: "<?php echo $MC->msg("Error Occurred", HCU_DISPLAY_AS_JS) ?>",
354  formStatusField: 'formStatus',
355  validateOnClick: 'btnReset'});
356  }
357 
358  $('#btnReset').click(function() {
359  if ($.homecuValidator.validate()) {
360  ShowWaitWindow('Loading Data');
361  $('#formReset').submit();
362  }
363  });
364 
365  $('#formReset').keypress(function(e) {
366  if (e.which === 13) {
367  $('#btnReset').trigger('click');
368  return false;
369  }
370  });
371 
372  //if there is an error, display in formStatus
373  <?php if($action == "error") { ?>
374  $.homecuValidator.displayMessage(<?php echo HCU_JsonEncode($screenContents); ?>, $.homecuValidator.settings.statusError);
375  <?php } ?>
376 
377  $('#btnBack').click(function() {
378  window.location = '<?php echo $HB_ENV['loginscript'] . "?" . $HB_ENV['cuquery']; ?>';
379  });
380 
381  $('#btnStartOver').click(function() {
382  window.location = '<?php echo $HB_ENV['loginpath'] . "/" . $HB_ENV["currentscript"] . "?" . $HB_ENV['cuquery']; ?>';
383  });
384 });
385 </script>
386 
387 <?php
388  /*
389  * ** END CONTENT
390  */
391 
392  // ** INCLUDE POST CONTENT SCRIPT
393  require_once(dirname(__FILE__) . '/../includes/hcuPostContent.i');
394 
395 ?>
Generated by   doxygen 1.8.15