Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         login
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7
 * @copyright       WebsiteBaker Org. e.V.
8
 * @link            http://websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.3
11
 * @requirements    PHP 5.3.6 and higher
12
 * @version         $Id: index.php 2 2017-07-02 15:14:29Z Manuela $
13
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb/2.10.x/trunk/admin/login/forgot/index.php $
14
 * @lastmodified    $Date: 2017-07-02 17:14:29 +0200 (Sun, 02 Jul 2017) $
15
 *
16
*/
17

    
18
// Include the configuration file
19
if ( !defined('WB_PATH') ){ require(dirname(dirname(dirname(__DIR__)))."/config.php"); }
20
// Include the language file
21
require(WB_PATH.'/languages/'.DEFAULT_LANGUAGE.'.php');
22
// Include the database class file and initiate an object
23
require(WB_PATH.'/framework/class.admin.php');
24
$admin = new admin('Start', 'start', false, false);
25
// Check if the user has already submitted the form, otherwise show it
26
if(isset($_POST['email']) && $_POST['email'] != "") {
27
    $email = htmlspecialchars($_POST['email'],ENT_QUOTES);
28
    // Check if the email exists in the database
29
    $query = 'SELECT `user_id`, `username`, `display_name`, `email`, `last_reset`, `password` FROM `'.TABLE_PREFIX.'users` '
30
    . 'WHERE `email` = \''.$database->escapeString($_POST['email']).'\'';
31
    $oRes = $database->query($query);
32
    if($oRes->numRows() > 0) {
33
        // Get the id, username, email, and last_reset from the above db query
34
        $results_array = $oRes->fetchRow(MYSQLI_ASSOC);
35
        // Check if the password has been reset in the last 2 hours
36
        $last_reset = $results_array['last_reset'];
37
        $time_diff = time()-$last_reset; // Time since last reset in seconds
38
        $time_diff = $time_diff/60/60; // Time since last reset in hours
39
        if($time_diff < 2) {
40
            // Tell the user that their password cannot be reset more than once per hour
41
            $message = $MESSAGE['FORGOT_PASS_ALREADY_RESET'];
42
        } else {
43
            $old_pass = $results_array['password'];
44
            // Generate a random password then update the database with it
45
            $new_pass = '';
46
            $salt = "abchefghjkmnpqrstuvwxyz0123456789";
47
            srand((double)microtime()*1000000);
48
            $i = 0;
49
            while ($i <= 7) {
50
                $num = rand() % 33;
51
                $tmp = substr($salt, $num, 1);
52
                $new_pass = $new_pass . $tmp;
53
                $i++;
54
            }
55

    
56
            $sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET '
57
                  . '`password` = \''.$database->escapeString(md5($new_pass)).'\', '
58
                  . '`last_reset` = '.time().' '
59
                  . 'WHERE `user_id` = '.$results_array['user_id'].'';
60
            $database->query($sql);
61
            if($database->is_error()) {
62
                // Error updating database
63
                $message = $database->get_error();
64
            } else {
65
                // Setup email to send
66
                $mail_to = $email;
67
                $mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO'];
68
                // Replace placeholders from language variable with values
69
                $search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
70
                $replace = array($results_array['display_name'], WEBSITE_TITLE, 'xxxxxxxxxx', $new_pass); 
71
                $mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_FORGOT']);
72
                // Try sending the email
73
                if($admin->mail( SERVER_EMAIL, $mail_to, $mail_subject, $mail_message )) { 
74
                    $message = $MESSAGE['FORGOT_PASS_PASSWORD_RESET'];
75
                    $display_form = false;
76
                } else {
77
                    $sql = 'UPDATE `'.TABLE_PREFIX.'users` SET '
78
                    . '`password` = \''.$database->escapeString($old_pass).'\' '
79
                    . 'WHERE `user_id` = '.$results_array['user_id'].'';
80
//                    $database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'");
81
                    $database->query($sql);
82
                    $message = $MESSAGE['FORGOT_PASS_CANNOT_EMAIL'];
83
                }
84
            }
85
        }
86
    } else {
87
        // Email doesn't exist, so tell the user
88
        $message = $MESSAGE['FORGOT_PASS_EMAIL_NOT_FOUND'];
89
        // and delete the wrong Email
90
        $email = '';
91
    }
92
} else {
93
    $email = '';
94
}
95

    
96
if(!isset($message)) {
97
    $message = $MESSAGE['FORGOT_PASS_NO_DATA'];
98
    $message_color = '000000';
99
} else {
100
    $message_color = 'FF0000';
101
}
102
// Setup template object, parse vars to it, then parse it
103
// Create new template object
104
$template = new Template(dirname($admin->correct_theme_source('login_forgot.htt')));
105
$template->set_file('page', 'login_forgot.htt');
106
$template->set_block('page', 'main_block', 'main');
107
if(defined('FRONTEND')) {
108
    $template->set_var('ACTION_URL', 'forgot.php');
109
} else {
110
    $template->set_var('ACTION_URL', 'index.php');
111
}
112
$template->set_var('EMAIL', $email);
113

    
114
if(isset($display_form)) {
115
    $template->set_var('DISPLAY_FORM', 'display:none;');
116
}
117

    
118
$template->set_var(array(
119
                'SECTION_FORGOT' => $MENU['FORGOT'],
120
                'MESSAGE_COLOR' => $message_color,
121
                'MESSAGE' => $message,
122
                'WB_URL' => WB_URL,
123
                'ADMIN_URL' => ADMIN_URL,
124
                'THEME_URL' => THEME_URL,
125
                'LANGUAGE' => strtolower(LANGUAGE),
126
                'TEXT_EMAIL' => $TEXT['EMAIL'],
127
                'TEXT_SEND_DETAILS' => $TEXT['SEND_DETAILS'],
128
                'TEXT_HOME' => $TEXT['HOME'],
129
                'TEXT_NEED_TO_LOGIN' => $TEXT['NEED_TO_LOGIN'],
130
                'TEXT_SAVE' => $TEXT['SAVE'],
131
                'TEXT_RESET' => $TEXT['RESET'],
132
                )
133
          );
134

    
135
if(defined('FRONTEND')) {
136
    $template->set_var('LOGIN_URL', WB_URL.'/account/login.php');
137
} else {
138
    $template->set_var('LOGIN_URL', ADMIN_URL.'/login/index.php');
139
}
140
$template->set_var('INTERFACE_URL', ADMIN_URL.'/interface');
141

    
142
if(defined('DEFAULT_CHARSET')) {
143
    $charset=DEFAULT_CHARSET;
144
} else {
145
    $charset='utf-8';
146
}
147

    
148
$template->set_var('CHARSET', $charset);    
149

    
150
$template->parse('main', 'main_block', false);
151
$template->pparse('output', 'page');
    (1-1/1)