Revision 1599
Added by Dietmar over 12 years ago
forgot_form.php | ||
---|---|---|
18 | 18 |
// Must include code to stop this file being access directly |
19 | 19 |
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); } |
20 | 20 |
// Check if the user has already submitted the form, otherwise show it |
21 |
$message = $MESSAGE['FORGOT_PASS_NO_DATA']; |
|
22 |
$errMsg =''; |
|
21 | 23 |
if(isset($_POST['email']) && $_POST['email'] != "" ) |
22 | 24 |
{ |
23 | 25 |
$email = strip_tags($_POST['email']); |
26 |
if($admin->validate_email($email) == false) |
|
27 |
{ |
|
28 |
$errMsg = $MESSAGE['USERS_INVALID_EMAIL']; |
|
29 |
$email = ''; |
|
30 |
} else { |
|
24 | 31 |
// Check if the email exists in the database |
25 | 32 |
$sql = 'SELECT `user_id`,`username`,`display_name`,`email`,`last_reset`,`password` '. |
26 | 33 |
'FROM `'.TABLE_PREFIX.'users` '. |
... | ... | |
32 | 39 |
// Check if the password has been reset in the last 2 hours |
33 | 40 |
if( (time() - (int)$results_array['last_reset']) < (2 * 3600) ) { |
34 | 41 |
// Tell the user that their password cannot be reset more than once per hour |
35 |
$message = $MESSAGE['FORGOT_PASS']['ALREADY_RESET'];
|
|
42 |
$errMsg = $MESSAGE['FORGOT_PASS_ALREADY_RESET'];
|
|
36 | 43 |
} else { |
37 | 44 |
require_once(WB_PATH.'/framework/PasswordHash.php'); |
38 | 45 |
$pwh = new PasswordHash(0, true); |
... | ... | |
61 | 68 |
'SET `password`=\''.$old_pass.'\' '. |
62 | 69 |
'WHERE `user_id`='.(int)$results_array['user_id']; |
63 | 70 |
$database->query($sql); |
64 |
$message = $MESSAGE['FORGOT_PASS_CANNOT_EMAIL'];
|
|
71 |
$errMsg = $MESSAGE['FORGOT_PASS_CANNOT_EMAIL'];
|
|
65 | 72 |
} |
66 | 73 |
}else { // Error updating database |
67 |
$message = $MESSAGE['RECORD_MODIFIED_FAILED'];
|
|
74 |
$errMsg = $MESSAGE['RECORD_MODIFIED_FAILED'];
|
|
68 | 75 |
if(DEBUG) { |
69 | 76 |
$message .= '<br />'.$database->get_error(); |
70 | 77 |
$message .= '<br />'.$sql; |
... | ... | |
72 | 79 |
} |
73 | 80 |
} |
74 | 81 |
}else { // no record found - Email doesn't exist, so tell the user |
75 |
$message = $MESSAGE['FORGOT_PASS_EMAIL_NOT_FOUND'];
|
|
82 |
$errMsg = $MESSAGE['FORGOT_PASS_EMAIL_NOT_FOUND'];
|
|
76 | 83 |
} |
77 | 84 |
} else { // Query failed |
78 |
$message = 'SystemError:: Database query failed!';
|
|
85 |
$errMsg = 'SystemError:: Database query failed!';
|
|
79 | 86 |
if(DEBUG) { |
80 |
$message .= '<br />'.$database->get_error();
|
|
81 |
$message .= '<br />'.$sql;
|
|
87 |
$errMsg .= '<br />'.$database->get_error();
|
|
88 |
$errMsg .= '<br />'.$sql;
|
|
82 | 89 |
} |
83 | 90 |
} |
91 |
} |
|
84 | 92 |
} else { |
85 | 93 |
$email = ''; |
86 | 94 |
} |
87 | 95 |
|
88 |
if(isset($message) && $message != '') {
|
|
89 |
$message = $MESSAGE['FORGOT_PASS']['NO_DATA'];
|
|
90 |
$message_color = 'FF0000';
|
|
96 |
if( ($errMsg=='') && ($message != '')) {
|
|
97 |
// $message = $MESSAGE['FORGOT_PASS_NO_DATA'];
|
|
98 |
$message_color = '000000';
|
|
91 | 99 |
} else { |
92 |
$message = $MESSAGE['FORGOT_PASS_NO_DATA'];
|
|
93 |
$message_color = '000000';
|
|
100 |
$message = $errMsg;
|
|
101 |
$message_color = 'ff0000';
|
|
94 | 102 |
} |
95 |
|
|
96 |
$page_id = (!empty($_SESSION['PAGE_ID']) ? $_SESSION['PAGE_ID'] : 0); |
|
97 |
$_SESSION['PAGE_LINK'] = get_page_link( $page_id ); |
|
98 |
$_SESSION['HTTP_REFERER'] = (($_SESSION['PAGE_LINK']!='') ? page_link($_SESSION['PAGE_LINK']) : WB_URL); |
|
99 |
|
|
100 | 103 |
?> |
101 | 104 |
<div style="margin: 1em auto;"> |
102 | 105 |
<button type="button" value="cancel" onClick="javascript: window.location = '<?php print $_SESSION['HTTP_REFERER'] ?>';"><?php print $TEXT['CANCEL'] ?></button> |
... | ... | |
107 | 110 |
<table cellpadding="5" cellspacing="0" border="0" align="center" width="500"> |
108 | 111 |
<tr> |
109 | 112 |
<td height="40" align="center" style="color: #<?php echo $message_color; ?>;" colspan="2"> |
110 |
<?php echo $message; ?>
|
|
113 |
<strong><?php echo $message; ?></strong>
|
|
111 | 114 |
</td> |
112 | 115 |
</tr> |
113 | 116 |
<?php if(!isset($display_form) OR $display_form != false) { ?> |
Also available in: Unified diff
update all used files with redirect_url to $_SESSION['HTTP_REFERER']