Файл: modules/user/recovery.php
Строк: 82
<?php
if(isset($user)) { header('location: /'); exit; }
if (!isset($user))
{
if(isset($_POST['save_pass']) && $_GET['act']== 'change_pass' && isset($_GET['tmphash']) && isset($_GET['email'])) {
$RecoveryUserData = $db->query("SELECT * FROM `users` WHERE `password` = '". input($_GET['tmphash']) ."' AND `email` = '". input($_GET['email']) ."'")->fetch();
$pass1 = $_POST['npass'];
$pass = $_POST['pass'];
if (!empty($pass1) && (mb_strlen($pass1, 'UTF-8') < 5 || mb_strlen($pass1, 'UTF-8') > 64)) $err .= $lang->word('e_pass').'<br />';
if (!empty($pass1) && !empty($pass) && $pass1 != $pass) $err .= $lang->word('e_pass2').'<br />';
if(input($_GET['tmphash']) == $RecoveryUserData['password']) {
$db->query("UPDATE `users` SET `password` = '". crypto($pass)."' WHERE `email` = '". input($_GET['email'])."' ");
print_r($db->errorInfo()); ###############################
go('/');
} else { echo $lang->word('ex_mail').'<br/>'; }
}
$title = $lang->word('recovery');
require_once(SYS.'/view/header.php');
$tpl->div('title', $lang->word('recovery'));
if(!empty($_POST['nick']) && !empty($_POST['email'])) {
$nick = escape($_POST['nick']);
$mail = input($_POST['email']);
if($db->query("SELECT * FROM `users` WHERE `nick` = '". $nick ."' AND `email` = '". $mail ."'")->rowCount() == 1) {
$RecoveryUserData = $db->query("SELECT * FROM `users` WHERE `nick` = '". $nick ."' AND `email` = '". $mail ."'")->fetch();
import_lib('mail.class');
$_libMail = new Mail('UTF-8');
$_libMail->From('no-reply@'.$_SERVER['HTTP_HOST']);
$_libMail->To($nick.';'.$mail);
$_libMail->Subject("".$lang->word('recovery_3')." - ".$_SERVER['HTTP_HOST']);
$_libMail->Body($lang->word('hello').", ".$nick."!n".
$lang->word('recovery_1')." ".URL."n".
$lang->word('recovery_2')." ".URL."/user/recovery?act=reset&tmphash=".$RecoveryUserData['password']."&email=".$mail."n".$lang->word('recovery_4')." ".$system['copyright']);
$_libMail->Priority(3);
$_libMail->Send();
echo '<div class="menu">'.$lang->word('recovery_alert').'</div>';
$tpl->div('block', HICO .'<a href="/">'. $lang->word('home') .'</a>');
require_once(SYS.'/view/footer.php');
exit;
}
else
{
echo $tpl->div('error', $lang->word('fail_a'));
}
}
elseif(isset($_GET['act']) && $_GET['act'] == 'reset' && isset($_GET['tmphash']) && isset($_GET['email']))
{
if($db->query("SELECT * FROM `users` WHERE `password` = '". input($_GET['tmphash']) ."' AND `email` = '". input($_GET['email']) ."'")->rowCount() == 1)
{
echo '<form action="?act=change_pass&tmphash='.input($_GET['tmphash']).'&email='.input($_GET['email']).'" method="post">
<div class="post">
<b>'. $lang->word('new_e') .' '. $lang->word('password') .'</b><br/>
<input type="text" name="npass"/><br/>
<b>'. $lang->word('confirm') .' '. $lang->word('password') .'</b>:<br/>
<input type="text" name="pass"/><br/>
<input type="submit" name="save_pass" value="'. $lang->word('save') .'" /><br/>
</div>
</form>';
$tpl->div('block', HICO .'<a href="/">'. $lang->word('home') .'</a>');
require_once(SYS.'/view/footer.php');
exit;
}
else
{
echo $tpl->div('error', $lang->word('fail_b'));
}
}
echo '<div class="menu">
<form action="/user/recovery?" method="post">
'. $lang->word('nick') .':<br/>
<input type="text" name="nick" /><br/>
E-mail:<br/>
<input type="text" name="email" /><br/>
<input type="submit" value="'. $lang->word('recovery_5') .'" />
</form>
</div>';
$tpl->div('block', HICO .'<a href="/">'. $lang->word('home') .'</a>');
}
require_once(SYS.'/view/footer.php');
?>