PageRenderTime 123ms CodeModel.GetById 40ms app.highlight 35ms RepoModel.GetById 45ms app.codeStats 0ms

/recover.php

http://thinktankforums.googlecode.com/
PHP | 113 lines | 87 code | 18 blank | 8 comment | 9 complexity | c4305ef46cfeea7334d07fac1f4fe46c MD5 | raw file
  1<?php
  2/* think tank forums
  3 *
  4 * recover.php
  5 */
  6
  7$ttf_title = $ttf_label = "recover your account";
  8
  9require_once "include_common.php";   
 10require_once "include_header.php";
 11
 12// users don't need to recover an account
 13kill_users();
 14
 15$id_username = clean($_POST["id_username"]);
 16$id_email = clean($_POST["id_email"]);
 17
 18// if we have chosen an account to generate a passkey for
 19if (!empty($id_username) || !empty($id_email)) {
 20
 21    // first we better see if we can find the user record
 22    $sql = "SELECT user_id,     ".
 23           "       username,    ".
 24           "       email        ".
 25           "FROM ttf_user       ";
 26
 27    if (!empty($id_username)) {
 28        $sql .= " WHERE username='$id_username' ";
 29    } else if (!empty($id_email)) {
 30        $sql .= " WHERE email='$id_email' ";
 31    };
 32
 33    if (!$result = mysql_query($sql)) showerror();
 34
 35    if (mysql_num_rows($result) !== 1) {
 36
 37        message($ttf_label, $ttf_msg["fatal_error"], $ttf_msg["nomatchuser"]);
 38        die();
 39
 40    };
 41
 42    list($user_id, $username, $email) = mysql_fetch_array($result);
 43
 44    // now that we have a matching user, do things!
 45    $password = generate_string(16);
 46    $passkey = generate_string(32);
 47    
 48    $sql = "INSERT INTO ttf_recover             ".
 49           "SET date=UNIX_TIMESTAMP(),          ".
 50           "    ip='{$_SERVER["REMOTE_ADDR"]}', ".
 51           "    user_id='$user_id',             ".
 52           "    password=SHA1('$password'),     ".
 53           "    passkey='$passkey'              ";
 54    if (!$result = mysql_query($sql)) showerror();
 55
 56    $subject = "{$ttf_cfg["forum_name"]} account recovery information";
 57    $message =<<<EOF
 58hello,
 59
 60here is your account recovery information for {$ttf_cfg["forum_name"]}:
 61
 62username: {$username}
 63password: {$password}
 64passkey: {$passkey}
 65
 66to begin using this new password, you'll need to activate it using the passkey.
 67visit {$ttf_protocol}://{$ttf_cfg["address"]}/activate.php
 68
 69thanks,
 70{$ttf_cfg["bot_name"]}
 71
 72
 73p.s. do not reply to this email address; it is not checked.
 74EOF;
 75
 76    if (!mail($email, $subject, $message, "from: ".$ttf_cfg["bot_email"])) {
 77
 78        // uh oh, the mail() function failed
 79        message($ttf_label, $ttf_msg["fatal_error"], $ttf_msg["cantmail"]);
 80        die();
 81
 82    } else {
 83
 84        // it worked!
 85        message($ttf_label, $ttf_msg["successtitl"], $ttf_msg["mailedinfo"]);
 86        die();
 87
 88    };
 89
 90};
 91
 92echo <<<EOF
 93            <div class="contenttitle">recover your account</div>
 94            <div class="contentbox">
 95                <form action="recover.php" method="post">
 96                    <div>
 97                        which account are you claiming as yours?
 98                        identify it in one way below.<br /><br />
 99                        username:<br />
100                        <input type="text" name="id_username" /><br /><br />
101                        email:<br />
102                        <input type="text" name="id_email" /><br /><br />
103                        we will send a new password to your email address, 
104                        along with a passkey to activate it.<br /><br />
105                        <input type="submit" value="submit" />
106                    </div>
107                </form>
108            </div>
109
110EOF;
111
112require_once "include_footer.php";
113