PageRenderTime 44ms CodeModel.GetById 25ms RepoModel.GetById 0ms app.codeStats 0ms

/recover.php

http://thinktankforums.googlecode.com/
PHP | 113 lines | 87 code | 18 blank | 8 comment | 9 complexity | c4305ef46cfeea7334d07fac1f4fe46c MD5 | raw file
Possible License(s): 0BSD 
    

  1. <?php

    2. 

  2. /* think tank forums

    3. 

  3.  *

    4. 

  4.  * recover.php

    5. 

  5.  */

    6. 

  6. 

    7. 

  7. $ttf_title = $ttf_label = "recover your account";

    8. 

  8. 

    9. 

  9. require_once "include_common.php";   

    10. 

  10. require_once "include_header.php";

    11. 

  11. 

    12. 

  12. // users don't need to recover an account

    13. 

  13. kill_users();

    14. 

  14. 

    15. 

  15. $id_username = clean($_POST["id_username"]);

    16. 

  16. $id_email = clean($_POST["id_email"]);

    17. 

  17. 

    18. 

  18. // if we have chosen an account to generate a passkey for

    19. 

  19. if (!empty($id_username) || !empty($id_email)) {

    20. 

  20. 

    21. 

  21.     // first we better see if we can find the user record

    22. 

  22.     $sql = "SELECT user_id,     ".

    23. 

  23.            "       username,    ".

    24. 

  24.            "       email        ".

    25. 

  25.            "FROM ttf_user       ";

    26. 

  26. 

    27. 

  27.     if (!empty($id_username)) {

    28. 

  28.         $sql .= " WHERE username='$id_username' ";

    29. 

  29.     } else if (!empty($id_email)) {

    30. 

  30.         $sql .= " WHERE email='$id_email' ";

    31. 

  31.     };

    32. 

  32. 

    33. 

  33.     if (!$result = mysql_query($sql)) showerror();

    34. 

  34. 

    35. 

  35.     if (mysql_num_rows($result) !== 1) {

    36. 

  36. 

    37. 

  37.         message($ttf_label, $ttf_msg["fatal_error"], $ttf_msg["nomatchuser"]);

    38. 

  38.         die();

    39. 

  39. 

    40. 

  40.     };

    41. 

  41. 

    42. 

  42.     list($user_id, $username, $email) = mysql_fetch_array($result);

    43. 

  43. 

    44. 

  44.     // now that we have a matching user, do things!

    45. 

  45.     $password = generate_string(16);

    46. 

  46.     $passkey = generate_string(32);

    47. 

  47.     

    48. 

  48.     $sql = "INSERT INTO ttf_recover             ".

    49. 

  49.            "SET date=UNIX_TIMESTAMP(),          ".

    50. 

  50.            "    ip='{$_SERVER["REMOTE_ADDR"]}', ".

    51. 

  51.            "    user_id='$user_id',             ".

    52. 

  52.            "    password=SHA1('$password'),     ".

    53. 

  53.            "    passkey='$passkey'              ";

    54. 

  54.     if (!$result = mysql_query($sql)) showerror();

    55. 

  55. 

    56. 

  56.     $subject = "{$ttf_cfg["forum_name"]} account recovery information";

    57. 

  57.     $message =<<<EOF

    58. 

  58. hello,

    59. 

  59. 

    60. 

  60. here is your account recovery information for {$ttf_cfg["forum_name"]}:

    61. 

  61. 

    62. 

  62. username: {$username}

    63. 

  63. password: {$password}

    64. 

  64. passkey: {$passkey}

    65. 

  65. 

    66. 

  66. to begin using this new password, you'll need to activate it using the passkey.

    67. 

  67. visit {$ttf_protocol}://{$ttf_cfg["address"]}/activate.php

    68. 

  68. 

    69. 

  69. thanks,

    70. 

  70. {$ttf_cfg["bot_name"]}

    71. 

  71. 

    72. 

  72. 

    73. 

  73. p.s. do not reply to this email address; it is not checked.

    74. 

  74. EOF;

    75. 

  75. 

    76. 

  76.     if (!mail($email, $subject, $message, "from: ".$ttf_cfg["bot_email"])) {

    77. 

  77. 

    78. 

  78.         // uh oh, the mail() function failed

    79. 

  79.         message($ttf_label, $ttf_msg["fatal_error"], $ttf_msg["cantmail"]);

    80. 

  80.         die();

    81. 

  81. 

    82. 

  82.     } else {

    83. 

  83. 

    84. 

  84.         // it worked!

    85. 

  85.         message($ttf_label, $ttf_msg["successtitl"], $ttf_msg["mailedinfo"]);

    86. 

  86.         die();

    87. 

  87. 

    88. 

  88.     };

    89. 

  89. 

    90. 

  90. };

    91. 

  91. 

    92. 

  92. echo <<<EOF

    93. 

  93.             <div class="contenttitle">recover your account</div>

    94. 

  94.             <div class="contentbox">

    95. 

  95.                 <form action="recover.php" method="post">

    96. 

  96.                     <div>

    97. 

  97.                         which account are you claiming as yours?

    98. 

  98.                         identify it in one way below.<br /><br />

    99. 

  99.                         username:<br />

    100. 

  100.                         <input type="text" name="id_username" /><br /><br />

    101. 

  101.                         email:<br />

    102. 

  102.                         <input type="text" name="id_email" /><br /><br />

    103. 

  103.                         we will send a new password to your email address, 

    104. 

  104.                         along with a passkey to activate it.<br /><br />

    105. 

  105.                         <input type="submit" value="submit" />

    106. 

  106.                     </div>

    107. 

  107.                 </form>

    108. 

  108.             </div>

    109. 

  109. 

    110. 

  110. EOF;

    111. 

  111. 

    112. 

  112. require_once "include_footer.php";

    113. 

  113. 

    114. 

  114.