Вход Регистрация
Файл: modules/user/recovery.php
Строк: 86
<?php
/**********************************
*    @package: PerfCMS              *
*    @year: 2012                      *
*    @author: Artas                  *
*    @link: http://perfcms.pp.ua      *
**********************************/
if(isset($user))  { header('location: /'); exit; }
$page 'auth';
if(isset(
$_POST['save_pass']) && $_GET['act']== 'change_pass' && isset($_GET['tmphash']) && isset($_GET['email'])) {
$RecoveryUserData $db->query("SELECT * FROM `users` WHERE `password` = '"input($_GET['tmphash']) ."' AND `email` = '"input($_GET['email']) ."'")->fetch();
$pass1 $_POST['npass'];
$pass $_POST['pass'];
 if (!empty(
$pass1) && (mb_strlen($pass1'UTF-8') < || mb_strlen($pass1'UTF-8') > 64)) $err .= $lang->word('e_pass').'<br />';        
if (!empty(
$pass1) && !empty($pass) && $pass1 != $pass$err .= $lang->word('e_pass2').'<br />';
if(
input($_GET['tmphash']) == $RecoveryUserData['password']) {
$db->query("UPDATE `users` SET `password` = '"crypto($pass)."' WHERE `email` = '"input($_GET['email'])."' ");
// print_r($db->errorInfo());
go('/');
    } else { echo 
$lang->word('ex_mail').'<br/>'; }
}
$title $lang->word('recovery');
require_once(
SYS.'/view/header.php');
$tpl->div('title'$lang->word('recovery'));
if(!empty(
$_POST['nick']) && !empty($_POST['email'])) {
    
$nick escape($_POST['nick']);
    
$mail input($_POST['email']);
    if(
$db->query("SELECT * FROM `users` WHERE `nick` = '"$nick ."' AND `email` = '"$mail ."'")->rowCount() == 1) {
        
$RecoveryUserData $db->query("SELECT * FROM `users` WHERE `nick` = '"$nick ."' AND `email` = '"$mail ."'")->fetch();
        
import_lib('mail.class');
        
$_libMail = new Mail('UTF-8');
        
$_libMail->From('no-reply@'.$_SERVER['HTTP_HOST']);
        
$_libMail->To($nick.';'.$mail);
        
$_libMail->Subject("Password recovery | ".$lang->word('recovery')." - ".$_SERVER['HTTP_HOST']);
        
$_libMail->Body($lang->word('hello').", ".$nick."!n".
                        
$lang->word('recovery_1')." ".URL."n".
                        
$lang->word('recovery_2')."n
                        "
.URL."/user/recovery?act=reset&tmphash=".$RecoveryUserData['password']."&email=".$mail."n
                        "
.$lang->word('recovery_3')."n
                        "
.$lang->word('recovery_4')." ".$system['copyright']);
        
$_libMail->Priority(3);
        
$_libMail->Send();
        echo 
'<div class="menu">'.$lang->word('recovery_alert').'</div>';
        
// print_r($_libMail->Get());
        
$tpl->div('block'HICO .'<a href="/">'$lang->word('home') .'</a>');
        require_once(
SYS.'/view/footer.php');
        exit;
    } 
    else 
    { 
        echo 
$tpl->div('error'$lang->word('fail_a'));
    }

elseif(isset(
$_GET['act']) && $_GET['act'] == 'reset' && isset($_GET['tmphash']) && isset($_GET['email']))
    {
        if(
$db->query("SELECT * FROM `users` WHERE `password` = '"input($_GET['tmphash']) ."' AND `email` = '"input($_GET['email']) ."'")->rowCount() == 1)
            {
                echo 
'<form action="?act=change_pass&tmphash='.input($_GET['tmphash']).'&amp;email='.input($_GET['email']).'" method="post">
                <div class="post">
                <b>'
$lang->word('new_e') .' '$lang->word('password') .'</b><br/>
                <input type="text" name="npass"/><br/>
                <b>'
$lang->word('confirm') .' '$lang->word('password') .'</b>:<br/>
                <input type="text" name="pass"/><br/>
                <input type="submit" name="save_pass" value="'
$lang->word('save') .'" /><br/>
                </div>
                </form>'
;
                
$tpl->div('block'HICO .'<a href="/">'$lang->word('home') .'</a>');
                require_once(
SYS.'/view/footer.php');
                exit;
            }
        else
            {
                echo 
$tpl->div('error'$lang->word('fail_a'));
            }
    }

echo 
'<div class="menu">
<form action="/user/recovery?" method="post">
        '
$lang->word('nick') .':<br/>
        <input type="text" name="nick" /><br/>
        E-mail:<br/>
        <input type="text" name="email" /><br/>
        <input type="submit" value="Ok!" />
    </form>
    </div>'
;
$tpl->div('block'HICO .'<a href="/">'$lang->word('home') .'</a>');
require_once(
SYS.'/view/footer.php');
?>
Онлайн: 1
Реклама