Файл: Space race/classes/forgot.class.php
Строк: 164
<?php
/**
* Reset and verify a user password.
*
*/
include_once( 'generic.class.php' );
class Forgot extends Generic {
// Form vars
private $key;
private $password;
private $password2;
// Misc vars
private $error;
private $name;
private $email;
private $user;
function __construct() {
// Are they clicking from an email?
if(isset($_GET['key']) && strlen($_GET['key']) == 32) {
$this->key = parent::secure($_GET['key']);
// Has the form been submitted?
if(isset($_POST['reset'])) {
$this->password = parent::secure($_POST['password']);
$this->password2 = parent::secure($_POST['password2']);
}
/** Redirect if not clicking from email, and modal form hasn't been submitted. */
} else if (!isset($_GET['key']) && !isset($_POST['usernamemail'])) { header('Location: home.php'); exit(); }
}
private function validate() {
// Further security check right here
if(isset($_POST['reset']) && isset($this->key)) {
// Just some input validation
if($this->password != $this->password2) {
$this->error = '<div class="alert alert-danger">'._('Пароли не совпадают. Попробуйте еще раз.').'</div>';
} else if(strlen($this->password) < 5) {
$this->error = '<div class="alert alert-danger">'._('Слишком короткий пароль.').'</div>';
}
// No errors, then lets double check the key
if(empty($this->error) && isset($this->key)) {
$params = array( ':key' => $this->key );
$stmt = parent::query("
SELECT `login_confirm`.`email`, `login_confirm`.`key`, `login_users`.`email`, `login_users`.`name`, `login_users`.`username`
FROM `login_confirm`, `login_users`
WHERE `login_confirm`.`key` = :key
AND `login_users`.`email` = `login_confirm`.`email`
AND `login_confirm`.`type` = 'forgot_pw';
", $params);
$row = $stmt->fetch();
/** Key is invalid, nice try sucka. */
if( $stmt->rowCount() < 1 ) {
$this->error = '<div class="alert alert-danger">'._('Проверка не пройдена.').'</div>';
} else {
$this->email = $row['email'];
$this->name = $row['name'];
$this->user = $row['username'];
}
}
}
}
private function resetpw() {
// Further security
if(empty($this->error) && isset($_POST['reset']) && isset($this->key)) {
// Delete the recovery key so it can't be reused
$params = array( ':email' => $this->email );
parent::query("DELETE FROM `login_confirm` WHERE `email` = :email AND `type` = 'forgot_pw'", $params);
// Resets their password
$params = array(
':password' => parent::hashPassword($this->password),
':email' => $this->email
);
parent::query("UPDATE `login_users` SET `password` = :password WHERE `email` = :email;", $params);
$shortcodes = array(
'site_address' => SITE_PATH,
'full_name' => $this->name,
'username' => $this->user
);
$subj = parent::getOption('email-forgot-success-subj');
$msg = parent::getOption('email-forgot-success-msg');
// Send an email confirming their password reset
if(!parent::sendEmail($this->email, $subj, $msg, $shortcodes))
$this->error = "ERROR. Mail not sent";
echo "<div class='alert alert-success'>"._('Пароль успешно изменен')."</div>";
echo "<h2>"._('Восстановление доступа к аккаунту')."</h2>";
echo "<p>"._('Если вам нужна дополнительная помощь, обратитесь к администратору:')." " . address . "</p>";
include_once('footer.php');
exit();
} else echo $this->error;
}
private function reset_form() {
if(isset($this->key)) { ?>
<div class="row">
<div class="col-md-6">
<form class="" method="post">
<fieldset>
<legend>Смена пароля</legend>
<div class="form-group">
<label class="control-label" for="password">Новый пароль</label>
<div class="controls">
<input type="password" class="form-control input-xlarge" id="password" name="password">
</div>
</div>
<div class="form-group">
<label class="control-label" for="password2">Подтверждение пароля</label>
<div class="controls">
<input type="password" class="form-control input-xlarge" id="password2" name="password2">
</div>
</div>
</fieldset>
<div class="form-actions">
<button type="submit" class="btn btn-primary" name="reset">Сменить пароль</button>
</div>
</form>
</div>
</div>
<?php }
}
public function modal_process() {
if(isset($_POST['usernamemail'])) {
$usernamemail = parent::secure($_POST['usernamemail']);
// The input field wasn't filled out
if (empty($usernamemail)) {
$this->error = '<div class="alert alert-danger">'._('Введите Ваш логин или email.').'</div>';
} else {
$params = array( ':usernameEmail' => $usernamemail );
$stmt = parent::query("SELECT * FROM `login_users` WHERE `username` = :usernameEmail OR `email` = :usernameEmail;", $params);
if( $stmt->rowCount() > 0 ) {
$row = $stmt->fetch();
// Reuse the email variable.
$email = $row['email'];
// Check that a recovery key doesn't already exist, if it does, remove it.
$params = array( ':email' => $email );
$stmt = parent::query("SELECT * FROM `login_confirm` WHERE `email` = :email AND `type` = 'forgot_pw';", $params);
if ($stmt->rowCount() > 0)
parent::query("DELETE FROM `login_confirm` WHERE email = :email AND `type` = 'forgot_pw';", $params);
// Generate a new recovery key
$key = md5(uniqid(mt_rand(),true));
$params = array(
':email' => $email,
':key' => $key
);
parent::query("INSERT INTO `login_confirm` (`email`, `key`, `type`) VALUES (:email, :key, 'forgot_pw');", $params);
$shortcodes = array(
'site_address' => SITE_PATH,
'full_name' => $row['name'],
'username' => $row['username'],
'reset' => SITE_PATH . "forgot.php?key=$key"
);
$subj = parent::getOption('email-forgot-subj');
$msg = parent::getOption('email-forgot-msg');
// Send an email confirming their password reset
if(!parent::sendEmail($email, $subj, $msg, $shortcodes))
$this->error = '<div class="alert alert-danger">'._('ОШИБКА. Письмо не отправлено').'</div>';
else
$this->error = "<div class='alert alert-success'>"._('Мы отправили Вам инструкцию по смене пароля. Проверьте почту.')."</div>";
} else { $this->error = '<div class="alert alert-danger">'._('Пользователь не найден.').'</div>'; }
}
echo $this->error;
}
}
public function process() {
// Only allow guests to view this page
parent::guestOnly();
// Check for correct and complete values
$this->validate();
// If there are no errors, let's reset the password
$this->resetpw();
// Show the form if $_GET key is set
$this->reset_form();
}
}