1<?php 2/** 3 * XOOPS password recovery 4 * 5 * You may not change or alter any portion of this comment or credits 6 * of supporting developers from this source code or any supporting source code 7 * which is considered copyrighted (c) material of the original comment or credit authors. 8 * This program is distributed in the hope that it will be useful, 9 * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 11 * 12 * @copyright (c) 2000-2016 XOOPS Project (www.xoops.org) 13 * @license GNU GPL 2 (http://www.gnu.org/licenses/gpl-2.0.html) 14 * @package core 15 * @since 2.0.0 16 */ 17 18include __DIR__ . '/mainfile.php'; 19 20$xoopsPreload = XoopsPreload::getInstance(); 21$xoopsPreload->triggerEvent('core.lostpass.start'); 22 23xoops_loadLanguage('user'); 24 25$email = isset($_GET['email']) ? trim($_GET['email']) : ''; 26$email = isset($_POST['email']) ? trim($_POST['email']) : $email; 27 28if ($email == '') { 29 redirect_header('user.php', 2, _US_SORRYNOTFOUND); 30} 31 32$myts = MyTextSanitizer::getInstance(); 33/* @var XoopsMemberHandler $member_handler */ 34$member_handler = xoops_getHandler('member'); 35$getuser = $member_handler->getUsers(new Criteria('email', $myts->addSlashes($email))); 36 37if (empty($getuser)) { 38 $msg = _US_SORRYNOTFOUND; 39 redirect_header('user.php', 2, $msg); 40} else { 41 $code = isset($_GET['code']) ? trim($_GET['code']) : ''; 42 $areyou = substr($getuser[0]->getVar('pass'), 0, 5); 43 if ($code != '' && $areyou == $code) { 44 $newpass = xoops_makepass(); 45 $xoopsMailer =& xoops_getMailer(); 46 $xoopsMailer->useMail(); 47 $xoopsMailer->setTemplate('lostpass2.tpl'); 48 $xoopsMailer->assign('SITENAME', $xoopsConfig['sitename']); 49 $xoopsMailer->assign('ADMINMAIL', $xoopsConfig['adminmail']); 50 $xoopsMailer->assign('SITEURL', XOOPS_URL . '/'); 51 $xoopsMailer->assign('IP', $_SERVER['REMOTE_ADDR']); 52 $xoopsMailer->assign('NEWPWD', $newpass); 53 $xoopsMailer->setToUsers($getuser[0]); 54 $xoopsMailer->setFromEmail($xoopsConfig['adminmail']); 55 $xoopsMailer->setFromName($xoopsConfig['sitename']); 56 $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ, XOOPS_URL)); 57 if (!$xoopsMailer->send()) { 58 echo $xoopsMailer->getErrors(); 59 } 60 // Next step: add the new password to the database 61 $sql = sprintf( 62 "UPDATE %s SET pass = '%s' WHERE uid = %u", 63 $xoopsDB->prefix('users'), 64 password_hash($newpass, PASSWORD_DEFAULT), 65 $getuser[0]->getVar('uid') 66 ); 67 if (!$xoopsDB->queryF($sql)) { 68 include $GLOBALS['xoops']->path('header.php'); 69 echo _US_MAILPWDNG; 70 include $GLOBALS['xoops']->path('footer.php'); 71 exit(); 72 } 73 redirect_header('user.php', 3, sprintf(_US_PWDMAILED, $getuser[0]->getVar('uname')), false); 74 // If no Code, send it 75 } else { 76 $xoopsMailer =& xoops_getMailer(); 77 $xoopsMailer->useMail(); 78 $xoopsMailer->setTemplate('lostpass1.tpl'); 79 $xoopsMailer->assign('SITENAME', $xoopsConfig['sitename']); 80 $xoopsMailer->assign('ADMINMAIL', $xoopsConfig['adminmail']); 81 $xoopsMailer->assign('SITEURL', XOOPS_URL . '/'); 82 $xoopsMailer->assign('IP', $_SERVER['REMOTE_ADDR']); 83 $xoopsMailer->assign('NEWPWD_LINK', XOOPS_URL . '/lostpass.php?email=' . $email . '&code=' . $areyou); 84 $xoopsMailer->setToUsers($getuser[0]); 85 $xoopsMailer->setFromEmail($xoopsConfig['adminmail']); 86 $xoopsMailer->setFromName($xoopsConfig['sitename']); 87 $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ, $xoopsConfig['sitename'])); 88 include $GLOBALS['xoops']->path('header.php'); 89 if (!$xoopsMailer->send()) { 90 echo $xoopsMailer->getErrors(); 91 } 92 echo '<h4>'; 93 printf(_US_CONFMAIL, $getuser[0]->getVar('uname')); 94 echo '</h4>'; 95 include $GLOBALS['xoops']->path('footer.php'); 96 } 97} 98