72 lines
3.5 KiB
PHP
72 lines
3.5 KiB
PHP
<?php
|
|
error_reporting(E_ERROR);
|
|
// Usercp
|
|
$basepath="";
|
|
require_once 'core/init_core.inc.php';
|
|
$plugin->run_hook("lostpass_begin");
|
|
$session->page_begin("lostpass", FALSE);
|
|
if($session->userdata["uid"]!=0){
|
|
header("Location:https://".$config["domain"]."/".$config["path"]."usercp.php");
|
|
}
|
|
$emsg=false;
|
|
If(isset($_POST["submit"])){
|
|
if(!isset($_POST['username']) || $_POST['username']==""){
|
|
$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('NEEDUSERNAME').'</span><br />';
|
|
}
|
|
if(!preg_match("/^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(([0-9]{1,3})|([a-zA-Z]{2,3})|(aero|coop|info|museum|name))$/",$_POST['email'])){
|
|
$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('EMAILINVALID').'</span><br />';
|
|
}
|
|
$result = $db->query("SELECT `uid`,`username`,`email` FROM `" . $config["prefix"] . "users` WHERE `username` LIKE '".$db->escape($_POST['username'])."' AND `email` LIKE '".$db->escape($_POST['email'])."' AND `active`=1 LIMIT 1");
|
|
if ($db->num_rows ($result) <= 0){
|
|
$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('NOVALIDCOMBO').'</span><br />';
|
|
}
|
|
$u=$db->fetch_array($result);
|
|
if(!$emsg){
|
|
// Secure Posted Data
|
|
$mail=new mail();
|
|
$key=$session->generate_Key(10);
|
|
$mail->set_header("From",$config["sitetitle"]." <".$config["siteemail"].">");
|
|
$tpl->assign("username",$u["username"]);
|
|
$tpl->assign("sitename",$config["sitetitle"]);
|
|
$tpl->assign("url","https://".$config["domain"]."/".$config["path"]."lostpw.php?u=".$u["uid"]."&key=".$key);
|
|
$mailbody=$tpl->fetch('lostpw_mail.tpl');
|
|
$mail->bodytext($mailbody);
|
|
|
|
$mail->sendmail($u["username"]." <".$u["email"].">", $lang->_('LOSTPASS'));
|
|
$result = $db->query("UPDATE `" . $config["prefix"] . "users` SET `loginkey`='".$key."' WHERE `uid`='".$u["uid"]."'");
|
|
$sdata=array("uid"=>$u["uid"],"email"=>$db->escape($u['email']));
|
|
$plugin->run_hook("lostpass_mail",array("sdata"=>$sdata));
|
|
$core->message($lang->_('SUCCESS'),$lang->_('MAILSENT'),TRUE,$config["path"]."/index.php",3);
|
|
|
|
}
|
|
}elseif($_GET['u']!="" && $_GET['key']!=""){
|
|
$result = $db->query("SELECT `uid`,`username`,`email` FROM `" . $config["prefix"] . "users` WHERE `uid`='".intval($_GET['u'])."' AND `loginkey` ='".$db->escape($_GET['key'])."' AND `active`=1 LIMIT 1");
|
|
if ($db->num_rows ($result) <= 0){
|
|
$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('DATAINVALID').'</span><br />';
|
|
}
|
|
if(!$emsg){
|
|
$u=$db->fetch_array($result);
|
|
$password=$session->generate_Key(8);
|
|
$salt = $session->generate_Key(6);
|
|
$pass =hash('sha256',$db->escape($salt.$password));
|
|
$key=$session->generate_Key(10);
|
|
$mail=new mail();
|
|
$mail->set_header("From",$config["sitetitle"]." <".$config["siteemail"].">");
|
|
$tpl->assign("username",$u["username"]);
|
|
$tpl->assign("sitename",$config["sitetitle"]);
|
|
$tpl->assign("passwort",$password);
|
|
$mailbody=$tpl->fetch('lostpw_mail_pw.tpl');
|
|
$mail->bodytext($mailbody);
|
|
$mail->sendmail($u["username"]." <".$u["email"].">",$lang->_('NEWPASS'));
|
|
$result = $db->query("UPDATE `" . $config["prefix"] . "users` SET `password`='".$pass."',`loginkey`='".$key."',`salt`='".$salt."' WHERE `uid`='".$u["uid"]."'");
|
|
$sdata=array("uid"=>$u["uid"],"pwd_md5"=>hash("md5",$password),"pwd_sha2"=>$pass,'salt'=>$salt,"email"=>$db->escape($u['email']));
|
|
$plugin->run_hook("lostpass_mail_pw",array("sdata"=>$sdata));
|
|
$core->message($lang->_('SUCCESS'),$lang->_('NEWPASSSENT'),TRUE,$config["path"]."/index.php",3);
|
|
}
|
|
}
|
|
$tpl->assign("emsg",$emsg);
|
|
$tpl->assign("data",$_POST);
|
|
$content=$tpl->fetch('lostpw.tpl');
|
|
$core->make_page($content);
|
|
|
|
?>
|