funchat/lostpw.php

<?php
error_reporting(E_ERROR);
// Usercp
$basepath=""; 
require_once 'core/init_core.inc.php';
$plugin->run_hook("lostpass_begin");
$session->page_begin("lostpass", FALSE);
if($session->userdata["uid"]!=0){
	header("Location:https://".$config["domain"]."/".$config["path"]."usercp.php");
}
$emsg=false;
If(isset($_POST["submit"])){
	if(!isset($_POST['username']) || $_POST['username']==""){
		$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('NEEDUSERNAME').'</span><br />';
	}
	if(!preg_match("/^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(([0-9]{1,3})|([a-zA-Z]{2,3})|(aero|coop|info|museum|name))$/",$_POST['email'])){
			$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('EMAILINVALID').'</span><br />';
	}
	$result = $db->query("SELECT `uid`,`username`,`email` FROM `" . $config["prefix"] . "users` WHERE `username` LIKE '".$db->escape($_POST['username'])."' AND `email` LIKE '".$db->escape($_POST['email'])."' AND `active`=1 LIMIT 1");
	if ($db->num_rows ($result) <= 0){
		$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('NOVALIDCOMBO').'</span><br />';
	}
	$u=$db->fetch_array($result);
	if(!$emsg){
		// Secure Posted Data
		$mail=new mail();
		$key=$session->generate_Key(10);
		$mail->set_header("From",$config["sitetitle"]." <".$config["siteemail"].">");
		$tpl->assign("username",$u["username"]);	
		$tpl->assign("sitename",$config["sitetitle"]);
		$tpl->assign("url","https://".$config["domain"]."/".$config["path"]."lostpw.php?u=".$u["uid"]."&key=".$key);
		$mailbody=$tpl->fetch('lostpw_mail.tpl');
		$mail->bodytext($mailbody);
		
		$mail->sendmail($u["username"]." <".$u["email"].">", $lang->_('LOSTPASS'));
		$result = $db->query("UPDATE `" . $config["prefix"] . "users` SET `loginkey`='".$key."' WHERE `uid`='".$u["uid"]."'");
		$sdata=array("uid"=>$u["uid"],"email"=>$db->escape($u['email']));
		$plugin->run_hook("lostpass_mail",array("sdata"=>$sdata));
		$core->message($lang->_('SUCCESS'),$lang->_('MAILSENT'),TRUE,$config["path"]."/index.php",3);
		
	}
}elseif($_GET['u']!="" && $_GET['key']!=""){
		$result = $db->query("SELECT `uid`,`username`,`email` FROM `" . $config["prefix"] . "users` WHERE `uid`='".intval($_GET['u'])."' AND `loginkey` ='".$db->escape($_GET['key'])."' AND `active`=1 LIMIT 1");
		if ($db->num_rows ($result) <= 0){
			$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('DATAINVALID').'</span><br />';
		}
		if(!$emsg){
			$u=$db->fetch_array($result);
			$password=$session->generate_Key(8);
			$salt = $session->generate_Key(6);
			$pass =hash('sha256',$db->escape($salt.$password));
			$key=$session->generate_Key(10);
			$mail=new mail();
			$mail->set_header("From",$config["sitetitle"]." <".$config["siteemail"].">");
			$tpl->assign("username",$u["username"]);	
			$tpl->assign("sitename",$config["sitetitle"]);
			$tpl->assign("passwort",$password);
			$mailbody=$tpl->fetch('lostpw_mail_pw.tpl');
			$mail->bodytext($mailbody);
			$mail->sendmail($u["username"]." <".$u["email"].">",$lang->_('NEWPASS'));
			$result = $db->query("UPDATE `" . $config["prefix"] . "users` SET `password`='".$pass."',`loginkey`='".$key."',`salt`='".$salt."' WHERE `uid`='".$u["uid"]."'");
			$sdata=array("uid"=>$u["uid"],"pwd_md5"=>hash("md5",$password),"pwd_sha2"=>$pass,'salt'=>$salt,"email"=>$db->escape($u['email']));
			$plugin->run_hook("lostpass_mail_pw",array("sdata"=>$sdata));
			$core->message($lang->_('SUCCESS'),$lang->_('NEWPASSSENT'),TRUE,$config["path"]."/index.php",3);
		}
}
$tpl->assign("emsg",$emsg);
$tpl->assign("data",$_POST);
$content=$tpl->fetch('lostpw.tpl');
$core->make_page($content);

?>
Initial commit 2025-06-02 10:01:12 +02:00			`<?php`
			`error_reporting(E_ERROR);`
			`// Usercp`
			`$basepath="";`
			`require_once 'core/init_core.inc.php';`
			`$plugin->run_hook("lostpass_begin");`
			`$session->page_begin("lostpass", FALSE);`
			`if($session->userdata["uid"]!=0){`
			`header("Location:https://".$config["domain"]."/".$config["path"]."usercp.php");`
			`}`
			`$emsg=false;`
			`If(isset($_POST["submit"])){`
			`if(!isset($_POST['username']) \|\| $_POST['username']==""){`
			`$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('NEEDUSERNAME').'</span><br />';`
			`}`
			`if(!preg_match("/^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)\.(([0-9]{1,3})\|([a-zA-Z]{2,3})\|(aero\|coop\|info\|museum\|name))$/",$_POST['email'])){`
			`$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('EMAILINVALID').'</span><br />';`
			`}`
			$result = $db->query("SELECT `uid`,`username`,`email` FROM `" . $config["prefix"] . "users` WHERE `username` LIKE '".$db->escape($_POST['username'])."' AND `email` LIKE '".$db->escape($_POST['email'])."' AND `active`=1 LIMIT 1");
			`if ($db->num_rows ($result) <= 0){`
			`$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('NOVALIDCOMBO').'</span><br />';`
			`}`
			`$u=$db->fetch_array($result);`
			`if(!$emsg){`
			`// Secure Posted Data`
			`$mail=new mail();`
			`$key=$session->generate_Key(10);`
			`$mail->set_header("From",$config["sitetitle"]." <".$config["siteemail"].">");`
			`$tpl->assign("username",$u["username"]);`
			`$tpl->assign("sitename",$config["sitetitle"]);`
			`$tpl->assign("url","https://".$config["domain"]."/".$config["path"]."lostpw.php?u=".$u["uid"]."&key=".$key);`
			`$mailbody=$tpl->fetch('lostpw_mail.tpl');`
			`$mail->bodytext($mailbody);`

			`$mail->sendmail($u["username"]." <".$u["email"].">", $lang->_('LOSTPASS'));`
			$result = $db->query("UPDATE `" . $config["prefix"] . "users` SET `loginkey`='".$key."' WHERE `uid`='".$u["uid"]."'");
			`$sdata=array("uid"=>$u["uid"],"email"=>$db->escape($u['email']));`
			`$plugin->run_hook("lostpass_mail",array("sdata"=>$sdata));`
			`$core->message($lang->_('SUCCESS'),$lang->_('MAILSENT'),TRUE,$config["path"]."/index.php",3);`

			`}`
			`}elseif($_GET['u']!="" && $_GET['key']!=""){`
			$result = $db->query("SELECT `uid`,`username`,`email` FROM `" . $config["prefix"] . "users` WHERE `uid`='".intval($_GET['u'])."' AND `loginkey` ='".$db->escape($_GET['key'])."' AND `active`=1 LIMIT 1");
			`if ($db->num_rows ($result) <= 0){`
			`$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('DATAINVALID').'</span><br />';`
			`}`
			`if(!$emsg){`
			`$u=$db->fetch_array($result);`
			`$password=$session->generate_Key(8);`
			`$salt = $session->generate_Key(6);`
			`$pass =hash('sha256',$db->escape($salt.$password));`
			`$key=$session->generate_Key(10);`
			`$mail=new mail();`
			`$mail->set_header("From",$config["sitetitle"]." <".$config["siteemail"].">");`
			`$tpl->assign("username",$u["username"]);`
			`$tpl->assign("sitename",$config["sitetitle"]);`
			`$tpl->assign("passwort",$password);`
			`$mailbody=$tpl->fetch('lostpw_mail_pw.tpl');`
			`$mail->bodytext($mailbody);`
			`$mail->sendmail($u["username"]." <".$u["email"].">",$lang->_('NEWPASS'));`
			$result = $db->query("UPDATE `" . $config["prefix"] . "users` SET `password`='".$pass."',`loginkey`='".$key."',`salt`='".$salt."' WHERE `uid`='".$u["uid"]."'");
			`$sdata=array("uid"=>$u["uid"],"pwd_md5"=>hash("md5",$password),"pwd_sha2"=>$pass,'salt'=>$salt,"email"=>$db->escape($u['email']));`
			`$plugin->run_hook("lostpass_mail_pw",array("sdata"=>$sdata));`
			`$core->message($lang->_('SUCCESS'),$lang->_('NEWPASSSENT'),TRUE,$config["path"]."/index.php",3);`
			`}`
			`}`
			`$tpl->assign("emsg",$emsg);`
			`$tpl->assign("data",$_POST);`
			`$content=$tpl->fetch('lostpw.tpl');`
			`$core->make_page($content);`

			`?>`