/trunk/admin/login/forgot/index.php - WB 2.11.0 - Tracking

wb-2_10_x/trunk/admin/login/forgot/index.php @ 2

       <?php
       /**
+       *
        * @category        admin
        * @package         login
        * @author          Ryan Djurovich, WebsiteBaker Project
        * @copyright       WebsiteBaker Org. e.V.
        * @link            http://websitebaker.org/
        * @license         http://www.gnu.org/licenses/gpl.html
        * @platform        WebsiteBaker 2.8.3
        * @requirements    PHP 5.3.6 and higher
        * @version         $Id: index.php 2 2017-07-02 15:14:29Z Manuela $
        * @filesource      $HeadURL: svn://isteam.dynxs.de/wb/2.10.x/trunk/admin/login/forgot/index.php $
        * @lastmodified    $Date: 2017-07-02 17:14:29 +0200 (Sun, 02 Jul 2017) $
+       *
       */
       // Include the configuration file
       if ( !defined('WB_PATH') ){ require(dirname(dirname(dirname(__DIR__)))."/config.php"); }
       // Include the language file
       require(WB_PATH.'/languages/'.DEFAULT_LANGUAGE.'.php');
       // Include the database class file and initiate an object
       require(WB_PATH.'/framework/class.admin.php');
       $admin = new admin('Start', 'start', false, false);
       // Check if the user has already submitted the form, otherwise show it
       if(isset($_POST['email']) && $_POST['email'] != "") {
           $email = htmlspecialchars($_POST['email'],ENT_QUOTES);
           // Check if the email exists in the database
           $query = 'SELECT `user_id`, `username`, `display_name`, `email`, `last_reset`, `password` FROM `'.TABLE_PREFIX.'users` '
           . 'WHERE `email` = \''.$database->escapeString($_POST['email']).'\'';
           $oRes = $database->query($query);
           if($oRes->numRows() > 0) {
               // Get the id, username, email, and last_reset from the above db query
               $results_array = $oRes->fetchRow(MYSQLI_ASSOC);
               // Check if the password has been reset in the last 2 hours
               $last_reset = $results_array['last_reset'];
               $time_diff = time()-$last_reset; // Time since last reset in seconds
               $time_diff = $time_diff/60/60; // Time since last reset in hours
               if($time_diff < 2) {
                   // Tell the user that their password cannot be reset more than once per hour
                   $message = $MESSAGE['FORGOT_PASS_ALREADY_RESET'];
               } else {
                   $old_pass = $results_array['password'];
                   // Generate a random password then update the database with it
                   $new_pass = '';
                   $salt = "abchefghjkmnpqrstuvwxyz0123456789";
                   srand((double)microtime()*1000000);
                   $i = 0;
                   while ($i <= 7) {
                       $num = rand() % 33;
                       $tmp = substr($salt, $num, 1);
                       $new_pass = $new_pass . $tmp;
                       $i++;
+                  }
                   $sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET '
                         . '`password` = \''.$database->escapeString(md5($new_pass)).'\', '
                         . '`last_reset` = '.time().' '
                         . 'WHERE `user_id` = '.$results_array['user_id'].'';
                   $database->query($sql);
                   if($database->is_error()) {
                       // Error updating database
                       $message = $database->get_error();
                   } else {
                       // Setup email to send
                       $mail_to = $email;
                       $mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO'];
                       // Replace placeholders from language variable with values
                       $search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
                       $replace = array($results_array['display_name'], WEBSITE_TITLE, 'xxxxxxxxxx', $new_pass);
                       $mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_FORGOT']);
                       // Try sending the email
                       if($admin->mail( SERVER_EMAIL, $mail_to, $mail_subject, $mail_message )) {
                           $message = $MESSAGE['FORGOT_PASS_PASSWORD_RESET'];
                           $display_form = false;
                       } else {
                           $sql = 'UPDATE `'.TABLE_PREFIX.'users` SET '
                           . '`password` = \''.$database->escapeString($old_pass).'\' '
                           . 'WHERE `user_id` = '.$results_array['user_id'].'';
       //                    $database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'");
                           $database->query($sql);
                           $message = $MESSAGE['FORGOT_PASS_CANNOT_EMAIL'];
+                      }
+                  }
+              }
           } else {
               // Email doesn't exist, so tell the user
               $message = $MESSAGE['FORGOT_PASS_EMAIL_NOT_FOUND'];
               // and delete the wrong Email
               $email = '';
+          }
       } else {
           $email = '';
+      }
       if(!isset($message)) {
           $message = $MESSAGE['FORGOT_PASS_NO_DATA'];
           $message_color = '000000';
       } else {
           $message_color = 'FF0000';
+      }
       // Setup template object, parse vars to it, then parse it
       // Create new template object
       $template = new Template(dirname($admin->correct_theme_source('login_forgot.htt')));
       $template->set_file('page', 'login_forgot.htt');
       $template->set_block('page', 'main_block', 'main');
       if(defined('FRONTEND')) {
           $template->set_var('ACTION_URL', 'forgot.php');
       } else {
           $template->set_var('ACTION_URL', 'index.php');
+      }
       $template->set_var('EMAIL', $email);
       if(isset($display_form)) {
           $template->set_var('DISPLAY_FORM', 'display:none;');
+      }
       $template->set_var(array(
                       'SECTION_FORGOT' => $MENU['FORGOT'],
                       'MESSAGE_COLOR' => $message_color,
                       'MESSAGE' => $message,
                       'WB_URL' => WB_URL,
                       'ADMIN_URL' => ADMIN_URL,
                       'THEME_URL' => THEME_URL,
                       'LANGUAGE' => strtolower(LANGUAGE),
                       'TEXT_EMAIL' => $TEXT['EMAIL'],
                       'TEXT_SEND_DETAILS' => $TEXT['SEND_DETAILS'],
                       'TEXT_HOME' => $TEXT['HOME'],
                       'TEXT_NEED_TO_LOGIN' => $TEXT['NEED_TO_LOGIN'],
                       'TEXT_SAVE' => $TEXT['SAVE'],
                       'TEXT_RESET' => $TEXT['RESET'],
+                      )
                 );
       if(defined('FRONTEND')) {
           $template->set_var('LOGIN_URL', WB_URL.'/account/login.php');
       } else {
           $template->set_var('LOGIN_URL', ADMIN_URL.'/login/index.php');
+      }
       $template->set_var('INTERFACE_URL', ADMIN_URL.'/interface');
       if(defined('DEFAULT_CHARSET')) {
           $charset=DEFAULT_CHARSET;
       } else {
           $charset='utf-8';
+      }
       $template->set_var('CHARSET', $charset);
       $template->parse('main', 'main_block', false);
       $template->pparse('output', 'page');

(1-1/1)

Project

General

Profile

WB 2.11.0