| SilverDragonTears |
03-22-2012 03:44 PM |
Code:
<?php
include("functions/functions.php");
include("functions/functions_users.php");
include("inc/rand.php");
include("inc/lang.php");
//***************//
// START SCRIPT //
//***************//
if($isloggedin == "yes"){
//This is the one page where logged in users can't access the page
//If you are logged in, you know your damn password!
$article_title = "You are already logged in";
$article_content = "You are already logged in. There is no need for you to be here.";
}
else{
$uname = $_GET["uname"];
$email = $_GET["email"];
$code = $_GET["code"];
if($uname != "" and $email != ""){
//We have submitted values, so we are going to make a new password reset request
if($code != ""){
//We've got an activation code, so let's check and see if we have a match in the database for this...
$stmt = $adopts->query("SELECT * FROM {$prefix}passwordresets WHERE username = '{$uname}' and email = '{$email}' and code='{$code}' ORDER BY id DESC LIMIT 1") ;
$passwordresets = $stmt->fetchObject();
if($passwordresets->username == $uname and $passwordresets->email == $email and $passwordresets->code == $code){
//We have a match, so make a new user password
$newpw = get_rand_id(12);
$newsalt = codegen(15,0);
$newpass = passencr($dbusername, $newpw, $newsalt);
//Update the database with the new password...
$stmt = $adopts->prepare("UPDATE {$prefix}users SET password='{$newpass}' WHERE username='{$dbusername}' and email='{$savedemail}'");
$stmt->execute();
//Delete the entry from the password reset table
$stmt = $adopts->prepare("DELETE FROM {$prefix}passwordresets WHERE code='{$code}'");
$stmt->execute();
$article_title = "Password Reset Successfully";
$article_content = "Dear {$passwordresets->username},<br>Your password has been reset successfully.<br><br>Here is your new password: <b>{$newpw}</b><br><br>
You may now <a href='login.php'>Log In</a> with this new password. You can also change the password to something that is easier to remember
once you are logged in.";
}
else{
$article_title = "Incorrect activation code";
$article_content = "The activation code you entered is incorrect. It is possible that the code is invalid.";
}
}
else{
//No code, so we're requesting a new password reset.............
//First thing we do is make sure the requested combination does indeed exist. Then verify...
$stmt = $adopts->query("SELECT * FROM {$prefix}users WHERE username = '{$uname}' and email = '{$email}'");
$user = $stmt->fetchObject();
//Loop out code
if($num > 0 and $user->username == $uname and $user->email == $email){
//First we generate a random code that will be the reset code
$rand = get_rand_id(10); //Get a random letter-number combination
//Then we log the user's IP address and the date
$ip = $_SERVER['REMOTE_ADDR'];
$ip = preg_replace("/[^a-zA-Z0-9.]/", "", $ip);
$date = date('Y-m-d');
//Then we insert the info into the passwordresets table in the database
$adopts->query("INSERT INTO {$prefix}passwordresets (id, username, email, code, ip, date)
VALUES ('', '{$uname}', '{$email}', '{$rand}', '{$ip}', '{$date}')");
//Then we send an email to the user with the link to the password reset
$message = "Hello there {$uname}:\n\nOur records indicate that you requested a password reset for your account. Below is your reset code:\n
Reset Code: {$rand}\n\nTo have your password changed please visit the following URL:\n
http://www.{$domain}{$scriptpath}/forgotpass.php?uname={$uname}&email={$email}&code={$rand}\n\n
If you did NOT request a password reset then please ignore this email to keep your current password.\n\n
Thanks,\n
The {$sitename} team.";
$systememail = grabanysetting("systememail");
$headers = "From: {$systememail}";
mail($email, "Password Reset Request for ".$uname, $message, $headers);
//All done, output message to user. :)
$article_title = "Password Reset Email Sent";
$article_content = "We've sent an email to <b>{$email}</b> with instructions on how to reset your password. Please
click the password reset link in the email to reset your password. If you do not get the email shortly then please check
your spam or junk email folder as it may have gotten caught in there.";
}
else{
//We've got an incorrect or fraud request to reset a password...
$article_title = "There's been an error";
$article_content = "There's been an error. The details you entered do not match any user in our system! We cannot
reset your password at this time.";
}
}
}
else{
$article_title = "Reset Password";
$article_content = "So, you've forgotten your password? Don't worry, it happens to the best of us. Simply
fill out the form below with your username and email address and we'll email you a link to reset your password.<br><br>
<form name='form1' method='get' action='forgotpass.php'>
<p>Username:
<input name='uname' type='text' id='uname'>
</p>
<p>Email Address:
<input name='email' type='text' id='email'>
</p>
<p>
<input type='submit' name='Submit' value='Request Password Reset'>
</p>
</form>";
}
}
//***************//
// OUTPUT PAGE //
//***************//
echo showpage($article_title, $article_content, $date);
?>
|
