blob: 683a67af2db285170ea3b00f964f221ce2df9029 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
<?php
function init_users_reset_password(&$S) {
if (isset($S['user'])) return 'login';
$S['title']='Forgot Password';
}
function body_users_reset_password(&$S) {
$form1=new form();
$form1->text('<h3>Reset password</h3>');
$form1->text_input('email', 'email', 'Email');
$form1->text_input('token', 'token', 'Reset key');
$form1->submit();
$data=array();
if (isset($_REQUEST['email']) && ($data=$form1->process()) && $form1->verify($data)) {
$user=new sql_user($data['email']);
$token=new sql_registrationtoken(query('SELECT * FROM `registrationtokens` WHERE `expire` > '.time().' AND `id`='.$S['pdo']->quote($data['token']))->fetch(PDO::FETCH_ASSOC));
if ($token->email != $user->email) {
echo print_warning('Your email/key combination is invalid.');
$form1->output($data);
}
$form2=new form();
$form2->text('<h3>Reset password</h3>');
$form2->hidden('email', 'email', $data['email']);
$form2->hidden('token', 'token', $data['token']);
$form2->password('pass', 'pass', 'New password');
$form2->password('repeat', 'repeat', 'Repeat new password');
$form2->submit();
if (isset($_REQUEST['pass'])) {
$data=$form2->process();
if ($form2->verify($data)) {
if ($data['pass'] == $data['repeat']) {
$user->passhash=sha1($data['pass']);
$user->write();
$token->delete();
echo print_success('Password changed.', '<a href="'.url('login').'">Login</a>');
} else {
echo print_warning('The passwords you entered do not match.');
$form2->output($data);
}
} else {
$form2->output($data);
}
} else {
$form2->output($data);
}
} else {
$form1->output($data);
}
}
?>
|