run_hook("lostpass_begin"); $session->page_begin("lostpass", FALSE); if($session->userdata["uid"]!=0){ header("Location:https://".$config["domain"]."/".$config["path"]."usercp.php"); } $emsg=false; If(isset($_POST["submit"])){ if(!isset($_POST['username']) || $_POST['username']==""){ $emsg.=''.$lang->_('NEEDUSERNAME').'
'; } if(!preg_match("/^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(([0-9]{1,3})|([a-zA-Z]{2,3})|(aero|coop|info|museum|name))$/",$_POST['email'])){ $emsg.=''.$lang->_('EMAILINVALID').'
'; } $result = $db->query("SELECT `uid`,`username`,`email` FROM `" . $config["prefix"] . "users` WHERE `username` LIKE '".$db->escape($_POST['username'])."' AND `email` LIKE '".$db->escape($_POST['email'])."' AND `active`=1 LIMIT 1"); if ($db->num_rows ($result) <= 0){ $emsg.=''.$lang->_('NOVALIDCOMBO').'
'; } $u=$db->fetch_array($result); if(!$emsg){ // Secure Posted Data $mail=new mail(); $key=$session->generate_Key(10); $mail->set_header("From",$config["sitetitle"]." <".$config["siteemail"].">"); $tpl->assign("username",$u["username"]); $tpl->assign("sitename",$config["sitetitle"]); $tpl->assign("url","https://".$config["domain"]."/".$config["path"]."lostpw.php?u=".$u["uid"]."&key=".$key); $mailbody=$tpl->fetch('lostpw_mail.tpl'); $mail->bodytext($mailbody); $mail->sendmail($u["username"]." <".$u["email"].">", $lang->_('LOSTPASS')); $result = $db->query("UPDATE `" . $config["prefix"] . "users` SET `loginkey`='".$key."' WHERE `uid`='".$u["uid"]."'"); $sdata=array("uid"=>$u["uid"],"email"=>$db->escape($u['email'])); $plugin->run_hook("lostpass_mail",array("sdata"=>$sdata)); $core->message($lang->_('SUCCESS'),$lang->_('MAILSENT'),TRUE,$config["path"]."/index.php",3); } }elseif($_GET['u']!="" && $_GET['key']!=""){ $result = $db->query("SELECT `uid`,`username`,`email` FROM `" . $config["prefix"] . "users` WHERE `uid`='".intval($_GET['u'])."' AND `loginkey` ='".$db->escape($_GET['key'])."' AND `active`=1 LIMIT 1"); if ($db->num_rows ($result) <= 0){ $emsg.=''.$lang->_('DATAINVALID').'
'; } if(!$emsg){ $u=$db->fetch_array($result); $password=$session->generate_Key(8); $salt = $session->generate_Key(6); $pass =hash('sha256',$db->escape($salt.$password)); $key=$session->generate_Key(10); $mail=new mail(); $mail->set_header("From",$config["sitetitle"]." <".$config["siteemail"].">"); $tpl->assign("username",$u["username"]); $tpl->assign("sitename",$config["sitetitle"]); $tpl->assign("passwort",$password); $mailbody=$tpl->fetch('lostpw_mail_pw.tpl'); $mail->bodytext($mailbody); $mail->sendmail($u["username"]." <".$u["email"].">",$lang->_('NEWPASS')); $result = $db->query("UPDATE `" . $config["prefix"] . "users` SET `password`='".$pass."',`loginkey`='".$key."',`salt`='".$salt."' WHERE `uid`='".$u["uid"]."'"); $sdata=array("uid"=>$u["uid"],"pwd_md5"=>hash("md5",$password),"pwd_sha2"=>$pass,'salt'=>$salt,"email"=>$db->escape($u['email'])); $plugin->run_hook("lostpass_mail_pw",array("sdata"=>$sdata)); $core->message($lang->_('SUCCESS'),$lang->_('NEWPASSSENT'),TRUE,$config["path"]."/index.php",3); } } $tpl->assign("emsg",$emsg); $tpl->assign("data",$_POST); $content=$tpl->fetch('lostpw.tpl'); $core->make_page($content); ?>