##############################################################
## MOD Title: Visual Confirmation for lost password
## MOD Author: Atomo64 < atomo64@atomo64.tk > (Raphael) http://www.atomo64.tk
## MOD Description: This MOD adds a visual confirmation check when a visitor requests to send a new password
## MOD Version: 1.0.1
## 
## Installation Level: Easy
## Installation Time: ~3 Minutes 
## Files To Edit: includes/usercp_sendpasswd.php,
##      templates/subSilver/profile_send_pass.tpl
## Included Files: N/A
## License: http://opensource.org/licenses/gpl-license.php GNU General Public License v2
##############################################################
## For security purposes, please check: http://www.phpbb.com/mods/ 
## for the latest version of this MOD. Although MODs are checked 
## before being allowed in the MODs Database there is no guarantee 
## that there are no security problems within the MOD. No support 
## will be given for MODs not found within the MODs Database which 
## can be found at http://www.phpbb.com/mods/
##############################################################
## Author Notes: 
## None
##############################################################
## MOD History: 
## 
##   2006-03-25 - Version 0.1 
##      - First version
## 
##   2006-04-25 - Version 1.0 
##      - Updated to use new phpBB 2.0.20 Visual Confirmation Code generation
##      - Updated to work with EasyMOD
## 
##   2006-04-25 - Version 1.0.1 
##      - Fixed a small mistake caused because of the change of the code generation update
## 
############################################################## 
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD 
############################################################## 

# 
#-----[ OPEN ]------------------------------------------ 
# 
includes/usercp_sendpasswd.php
# 
#-----[ FIND ]------------------------------------------ 
# 
			if ( !$row['user_active'] )
			{
				message_die(GENERAL_MESSAGE, $lang['No_send_account_inactive']);
			}
# 
#-----[ AFTER, ADD ]------------------------------------------ 
# 
			//
			//Visual Confirmation
			//
			if ( $board_config['enable_confirm'] )
			{
				if ( empty($HTTP_POST_VARS['confirm_id']) || empty($HTTP_POST_VARS['confirm_code']) )
				{
					message_die(GENERAL_MESSAGE, $lang['Confirm_code_wrong']);
				}
				else
				{
					$confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']);
					if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id))
					{
						$confirm_id = '';
					}

					$sql_vc = 'SELECT code
								FROM ' . CONFIRM_TABLE . "
									WHERE confirm_id = '$confirm_id'
									AND session_id = '" . $userdata['session_id'] . "'";
					if (!($result_vc = $db->sql_query($sql_vc)))
					{
						message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql_vc);
					}

					if ($row_vc = $db->sql_fetchrow($result_vc))
					{
						if ($row_vc['code'] != $HTTP_POST_VARS['confirm_code'])
						{
							message_die(GENERAL_MESSAGE, $lang['Confirm_code_wrong']);
						}
						else
						{
							$sql_vc = 'DELETE FROM ' . CONFIRM_TABLE . "
										WHERE confirm_id = '$confirm_id'
										AND session_id = '" . $userdata['session_id'] . "'";
							if (!$db->sql_query($sql_vc))
							{
								message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql_vc);
							}
						}
					}
					else
					{
						message_die(GENERAL_MESSAGE, $lang['Confirm_code_wrong']);
					}
					$db->sql_freeresult($result_vc);
				}
			}
			//
			//End of Visual Confirmation
			//
# 
#-----[ FIND ]------------------------------------------ 
# 
make_jumpbox('viewforum.'.$phpEx);
# 
#-----[ AFTER, ADD ]------------------------------------------ 
# 
//
//Visual Confirmation
//
$confirm_image = '';
if ( $board_config['enable_confirm'] )
{
	$sql = 'SELECT session_id
				FROM ' . SESSIONS_TABLE; 
	if (!($result = $db->sql_query($sql)))
	{
		message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql);
	}

	if ($row = $db->sql_fetchrow($result))
	{
		$confirm_sql = '';
		do
		{
			$confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'";
		}
		while ($row = $db->sql_fetchrow($result));

		$sql = 'DELETE FROM ' .  CONFIRM_TABLE . "
					WHERE session_id NOT IN ($confirm_sql)";
		if (!$db->sql_query($sql))
		{
			message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql);
		}
	}
	$db->sql_freeresult($result);

	$sql = 'SELECT COUNT(session_id) AS attempts 
		FROM ' . CONFIRM_TABLE . " 
		WHERE session_id = '" . $userdata['session_id'] . "'";
	if (!($result = $db->sql_query($sql)))
	{
		message_die(GENERAL_ERROR, 'Could not obtain confirm code count', '', __LINE__, __FILE__, $sql);
	}

	if ($row = $db->sql_fetchrow($result))
	{
		if ($row['attempts'] > 3)
		{
			message_die(GENERAL_MESSAGE, $lang['Too_many_registers']);
		}
	}
	$db->sql_freeresult($result);
	
	// Generate the required confirmation code
	// NB 0 (zero) could get confused with O (the letter) so we make change it
	$code = dss_rand();
	$code = strtoupper(str_replace('0', 'o', substr($code, 6)));
	$confirm_id = md5(uniqid($user_ip));
	$sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code) 
		VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')";
	if (!$db->sql_query($sql))
	{
		message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql);
	}

	unset($code);
		
      $confirm_image = '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id") . '" alt="" title="" />';
	$hidden_form_fields = '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';

	$template->assign_block_vars('switch_confirm', array());
}
//
//End of visual Confirmation
//
# 
#-----[ FIND ]------------------------------------------ 
# 
'L_EMAIL_ADDRESS' => $lang['Email_address'],
# 
#-----[ AFTER, ADD ]------------------------------------------ 
# 
'L_CONFIRM_CODE_IMPAIRED'=> sprintf($lang['Confirm_code_impaired'], '<a href="mailto:' . $board_config['board_email'] . '">', '</a>'),
'L_CONFIRM_CODE' => $lang['Confirm_code'],
'L_CONFIRM_CODE_EXPLAIN' => $lang['Confirm_code_explain'],
# 
#-----[ FIND ]------------------------------------------ 
# 
'S_HIDDEN_FIELDS' => '',
# 
#-----[ REPLACE WITH ]------------------------------------------ 
# 
'CONFIRM_IMG' => $confirm_image,
'S_HIDDEN_FIELDS' => $hidden_form_fields,
# 
#-----[ OPEN ]------------------------------------------ 
# 
templates/subSilver/profile_send_pass.tpl
# 
#-----[ FIND ]------------------------------------------ 
# 
	<tr> 
	  <td class="row1"><span class="gen">{L_EMAIL_ADDRESS}: *</span></td>
	  <td class="row2"> 
		<input type="text" class="post" style="width: 200px" name="email" size="25" maxlength="255" value="{EMAIL}" />
	  </td>
	</tr>
# 
#-----[ AFTER, ADD ]------------------------------------------ 
# 
	<!-- Visual Confirmation -->
	<!-- BEGIN switch_confirm -->
	<tr>
	  <td class="row1" colspan="2" align="center"><span class="gensmall">{L_CONFIRM_CODE_IMPAIRED}</span><br /><br />{CONFIRM_IMG}<br /><br /></td>
	</tr>
	<tr> 
	  <td class="row1"><span class="gen">{L_CONFIRM_CODE}: * </span><br /><span class="gensmall">{L_CONFIRM_CODE_EXPLAIN}</span></td>
	  <td class="row2"><input type="text" class="post" style="width: 200px" name="confirm_code" size="7" maxlength="7" value="" /></td>
	</tr>
	<!-- END switch_confirm -->
# 
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------ 
# 
# EoM