Файл: upload/pages/auth/recovery/forgot_password.php
Строк: 32
<?php
require_once ($_SERVER['DOCUMENT_ROOT'] . '/core/core.php');
if (isset($user['id'])) {
RedirectToPage('/');
exit();
}
$site_inf = FetchAssoc(dbquery("SELECT * FROM `site_info` WHERE `id` = '1'"));
// Генерация капчи через буфер
ob_start();
run_action('render_captcha');
$captcha_html = ob_get_clean();
$page_html = $view->render('pages/auth/recovery/recover.html', [
'csrf' => $_SESSION['csrf_token'],
'captcha' => $captcha_html,
'home' => homeLink(),
'templ_home' => TemplateLink($theme)
]);
require_once ($_SERVER['DOCUMENT_ROOT'] . '/layout.php');
if ($_SERVER["REQUEST_METHOD"] === "POST") {
check_csrf();
// Получаем введенную почту
$email = chars($_POST['email']);
if (!run_filter('verify_captcha', true)) {
showAlert('Ошибка', 'fail', 'Капча не пройдена!');
ReloadPage();
exit();
}
// Генерируем шестизначный числовой код
$code = mt_rand(100000, 999999);
// Проверяем наличие пользователя с указанным email
$result = dbquery("SELECT id FROM users WHERE email = ?", [$email]);
if (DataNumRows($result)) {
dbquery("INSERT INTO recover_user(email, code) VALUES (?, ?) ON DUPLICATE KEY UPDATE code = ?", [$email, $code, $code]);
$subject = $view->render('smtp/subject.html', [
'site_title' => chars($site_inf['name'])
]);
$message = $view->render('smtp/message.html', [
'site_title' => chars($site_inf['name']),
'code' => $code
]);
// Отправляем письмо с кодом восстановления
$headers = "MIME-Version: 1.0rn";
$headers .= "Content-Type: text/html; charset=UTF-8rn";
$headers .= "From: " . $site_inf['name'] . " <noreply@" . $_SERVER['SERVER_NAME'] . ">rn";
mail($email, $subject, $message, $headers);
}
header('Location: ' . homeLink() . '/check-recover-code');
exit;
}