Project

General

Profile

1 2 Manuela
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         account
6
 * @author          WebsiteBaker Project
7
 * @copyright       Website Baker Org. e.V.
8
 * @link            http://websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.3
11
 * @requirements    PHP 5.3.6 and higher
12
 * @version         $Id$
13
 * @filesource      $HeadURL$
14
 * @lastmodified    $Date$
15
 *
16
 */
17
18
// Must include code to stop this file being access directly
19
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
20
// Check if the user has already submitted the form, otherwise show it
21
$sCallingScript = WB_URL;
22
$redirect_url = ((isset($_SESSION['HTTP_REFERER']) && $_SESSION['HTTP_REFERER'] != '') ? $_SESSION['HTTP_REFERER'] : $sCallingScript );
23
$redirect_url = ( isset($redirect) && ($redirect!='') ? $redirect : $redirect_url);
24
$message = $MESSAGE['FORGOT_PASS_NO_DATA'];
25
$errMsg ='';
26
if(isset($_POST['email']) && $_POST['email'] != "" )
27
{
28
    $email = strip_tags($_POST['email']);
29
    if($admin->validate_email($email) == false)
30
    {
31
        $errMsg = $MESSAGE['USERS_INVALID_EMAIL'];
32
        $email = '';
33
    } else {
34
// Check if the email exists in the database
35
    $sql  = 'SELECT `user_id`,`username`,`display_name`,`email`,`last_reset`,`password` '.
36
            'FROM `'.TABLE_PREFIX.'users` '.
37
            'WHERE `email`=\''.$database->escapeString($email).'\'';
38
    if(($results = $database->query($sql)))
39
    {
40
        if(($results_array = $results->fetchRow()))
41
        { // Get the id, username, email, and last_reset from the above db query
42
        // Check if the password has been reset in the last 2 hours
43
            if( (time() - (int)$results_array['last_reset']) < (2 * 3600) ) {
44
            // Tell the user that their password cannot be reset more than once per hour
45
                $errMsg = $MESSAGE['FORGOT_PASS_ALREADY_RESET'];
46
            } else {
47
                require_once(WB_PATH.'/framework/PasswordHash.php');
48
                $pwh = new PasswordHash(0, true);
49
                $old_pass = $results_array['password'];
50
            // Generate a random password then update the database with it
51
                $new_pass = $pwh->NewPassword();
52
                $sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET '
53
                      . '`password`=\''.$database->escapeString($pwh->HashPassword($new_pass, true)).'\', '
54
                      . '`last_reset`='.time().' '
55
                      . 'WHERE `user_id`='.(int)$results_array['user_id'];
56
                unset($pwh); // destroy $pwh-Object
57
                if($database->query($sql))
58
                { // Setup email to send
59
                    $mail_to = $email;
60
                    $mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO'];
61
                // Replace placeholders from language variable with values
62
                    $search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
63
                    $replace = array($results_array['display_name'], WEBSITE_TITLE, $results_array['username'], $new_pass);
64
                    $mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_FORGOT']);
65
                // Try sending the email
66
                    if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) {
67
                        $message = $MESSAGE['FORGOT_PASS_PASSWORD_RESET'];
68
                        $display_form = false;
69
                    }else { // snd mail failed, rollback
70
                        $sql = 'UPDATE `'.TABLE_PREFIX.'users` '.
71
                               'SET `password`=\''.$database->escapeString($old_pass).'\' '.
72
                               'WHERE `user_id`='.(int)$results_array['user_id'];
73
                        $database->query($sql);
74
                        $errMsg = $MESSAGE['FORGOT_PASS_CANNOT_EMAIL'];
75
                    }
76
                }else { // Error updating database
77
                    $errMsg = $MESSAGE['RECORD_MODIFIED_FAILED'];
78
                    if(DEBUG) {
79
                        $message .= '<br />'.$database->get_error();
80
                        $message .= '<br />'.$sql;
81
                    }
82
                }
83
            }
84
        }else { // no record found - Email doesn't exist, so tell the user
85
            $errMsg = $MESSAGE['FORGOT_PASS_EMAIL_NOT_FOUND'];
86
        }
87
    } else { // Query failed
88
        $errMsg = 'SystemError:: Database query failed!';
89
        if(DEBUG) {
90
            $errMsg .= '<br />'.$database->get_error();
91
            $errMsg .= '<br />'.$sql;
92
        }
93
    }
94
    }
95
} else {
96
    $email = '';
97
}
98
99
if( ($errMsg=='') && ($message != '')) {
100
    // $message = $MESSAGE['FORGOT_PASS_NO_DATA'];
101
    $message_color = '000000';
102
} else {
103
    $message = $errMsg;
104
    $message_color = 'ff0000';
105
}
106
?>
107
<div style="margin: 1em auto;">
108
    <button type="button" value="cancel" onclick="window.location = '<?php echo $redirect_url; ?>';"><?php print $TEXT['CANCEL'] ?></button>
109
</div>
110
<h1 style="text-align: center;"><?php echo $MENU['FORGOT']; ?></h1>
111
<form name="forgot_pass" action="<?php echo WB_URL.'/account/forgot.php'; ?>" method="post" class="account">
112
        <table >
113
        <tr>
114
            <td height="40" align="center" style="color: #<?php echo $message_color; ?>;" colspan="3">
115
            <strong><?php echo $message; ?></strong>
116
            </td>
117
        </tr>
118
<?php if(!isset($display_form) OR $display_form != false) { ?>
119
        <tr>
120
            <td height="10" colspan="2"></td>
121
        </tr>
122
        <tr>
123
            <td width="165" height="30" align="right"><?php echo $TEXT['EMAIL']; ?>:</td>
124
            <td><input type="text" maxlength="255" name="email" value="<?php echo $email; ?>" style="width: 180px;" /></td>
125
            <td><input type="submit" name="submit" value="<?php echo $TEXT['SEND_DETAILS']; ?>" style="width: 180px; font-size: 10px; color: #003366; border: 1px solid #336699; background-color: #DDDDDD; padding: 3px; text-transform: uppercase;" /></td>
126
        </tr>
127
<?php } ?>
128
        </table>
129
</form>