recoverpassword.php | searchcode

/modules/recoverpassword.php

http://n-13news.googlecode.com/
PHP | 128 lines | 101 code | 10 blank | 17 comment | 10 complexity | 01a17ab47dd89f1a567f2e5f14c436c3 MD5 | raw file
Possible License(s): GPL-3.0, LGPL-2.1

<?php

/***********************************************************************

  N-13 News is a free news publishing system

  Copyright (C) 2009 Chris Watt

  

  This program is free software: you can redistribute it and/or modify

  it under the terms of the GNU General Public License as published by

  the Free Software Foundation, either version 3 of the License, or

  (at your option) any later version.

  

  This program is distributed in the hope that it will be useful,

  but WITHOUT ANY WARRANTY; without even the implied warranty of

  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the

  GNU General Public License for more details.

  

  You should have received a copy of the GNU General Public License

  along with this program.If not, see <http://www.gnu.org/licenses/>.

***********************************************************************/



if (!defined('ABSPATH')){ die(); }



echo '		<div id="pageLeft">

			<div id="pageIconHome"></div><!--icon-->

			<div id="titleHome">N-13 News<br />'. $version . '</div>

		</div><!--leftside-->';

echo '<div id="pageRight">';



echo '<div class="headertitle">';



echo '<span class="header">' . $langmsg['recover'][0] . '</span>';

echo '</div>';





$_GET['vcode']	= (empty($_GET['vcode'])) ? '' : $_GET['vcode'];

$_POST['S1']	= (empty($_POST['S1'])) ? '' : $_POST['S1'];

$_POST['email']	= (empty($_POST['email'])) ? '' : $_POST['email'];



if(!$_GET['vcode']){

	echo "<div class=subheaders>".$langmsg['recover'][1]."</div>";

	if(!$_POST['S1']){

		echo "<div class=\"subheaders_body displaytable\">";

		echo "<form method=\"post\" action=\"?action=recoverpass\">";

		echo $langmsg['recover'][2]." <input type=\"text\" name=\"email\">&nbsp;<input type=\"submit\" name=\"S1\" value=\"".$langmsg['submitfield'][9]."\">";

		echo "</form>";

		echo "</div>";

	}else{

		echo "<div class=\"subheaders_body displaytable\">";

		$email		= $_POST['email'];

		$userexists	= DataAccess::fetch("SELECT uid, vcode FROM " . NEWS_USERS . " WHERE email = ?", $email);

		if(count($userexists) >= 1){

			$vcode = $userexists['0']['vcode'];

				if(!$vcode){

					$vcode	= rand(1,10000000);

					$vcode	= md5($hash . uniqid($vcode));

					DataAccess::put("UPDATE " . NEWS_USERS . " SET vcode = ? WHERE email = ?", $vcode, $email);

				}

				$domain = $_SERVER['HTTP_HOST'];

				$headers = "MIME-Version: 1.0\r\n";

				$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";

				$headers .= "From: Account Recovery <noreply@$domain>\r\n";

				$headers .= "To: $email <$email>\r\n";

				$headers .= "Date: ".date("r")."\r\n";

				$headers .= "Subject: Account info\r\n";

				$message = $langmsg['recover'][3];

				$message .= "<br><br>";

				$message .= "<a href=\"http://$_SERVER[HTTP_HOST]$_SERVER[PHP_SELF]?action=recoverpass&vcode=$vcode&email=$email\">".$langmsg['recover'][4]."</a>";

				if(@mail($email,"Account info",$message,$headers)){

					$g = $langmsg['recover'][5];

					$g .= " <b>$email</b> " . $langmsg['recover'][13];

					echo $g;

				}else{

					echo "<span class=\"error\">".$langmsg['recover'][9]."</span>";

				}

		}else{

			echo "<div class=error>".$langmsg['recover'][6]."</div>";

		}

		echo "</div>";

	}

}else{

	$userexists = DataAccess::fetch("SELECT user FROM " . NEWS_USERS . " WHERE vcode = ? AND email = ?", $_GET['vcode'], $_GET['email']);

	if(count($userexists) >= 1){

		$email	= $_GET['email'];

		$vcode	= $_GET['vcode'];

		$name	= $userexists['0']['user'];





		function resetpassform($name){

			$email	= $_GET['email'];

			$vcode	= $_GET['vcode'];

			$_POST['T1'] = (empty($_POST['T1'])) ? '' : $_POST['T1'];

			$_POST['T2'] = (empty($_POST['T2'])) ? '' : $_POST['T2'];

			global $langmsg;

			echo "<div class=\"subheaders\">".$langmsg['recover'][8]."</div>";

			echo "<div class=\"subheaders_body displaytable\">";

			echo "<form method=post action=\"?action=recoverpass&vcode=$vcode&email=$email\">";

			echo "<table border=\"0\" cellpadding=\"1\" cellspacing=\"0\" width=\"81%\">\n";

			echo "<tr><td width=\"150\"><div class=ok>$name</div></td></tr>";

			echo "<tr><td width=\"150\">".$langmsg['recover'][7].":</td><td><input type=\"password\" name=\"T1\" value=\"$_POST[T1]\"></td></tr>";

			echo "<tr><td width=\"150\">".$langmsg['recover'][10]."</td><td><input type=\"password\" name=\"T2\" value=\"$_POST[T2]\"></td></tr>";

			echo "<tr><td width=\"150\"></td><td><input type=submit name=S1 value=\"".$langmsg['submitfield'][6]."\"></td></tr>";

			echo "</table>";

			echo "</form>";

			echo "</div>";

		}

		if(!$_POST['S1']){

			resetpassform($name);

		}else{

			if(!$_POST['T1'] OR !$_POST['T2']){

				echo "<div class=error>".$langmsg['recover'][11]."</div>";

				resetpassform($name);

			}elseif($_POST['T1'] == $_POST['T2']){

				$pass = $_POST['T1'];

				$pass = md5(SALT . $pass);

				DataAccess::put(sprintf("UPDATE %s SET pass = ?, newpass = ?, vcode = ? WHERE email = ? AND vcode = ?", NEWS_USERS), "", $pass, "", $email, $vcode);

				echo "<div class=success>".$langmsg['recover'][12]."</div><br><a href=\"?\">Login here!</a>";

			}else{

				echo "<div class=error>".$langmsg['recover'][11]."</div>";

				resetpassform($name);

			}

		}

	}else{

		echo "Go away! :o";

	}

}



echo "		</div><!--rightside-->

	</div><!--pageCont-->";

?>