Файл: billing/forgotpass.php
Строк: 150
<?
session_set_cookie_params(86400);
session_start();
$full_home_path = dirname(__FILE__);
require_once($full_home_path."/_rootload.php");
mconnect();
validateUser();
if (!EnableLanguages()) { error("Can not load languages."); mclose(); exit; }
if (!GetCurrentCurrency()) { print $_lang[ErrorGetCurrentCurrency]; mclose(); exit; }
head('utf-8',$_lang[ForgotTitle]);
print "<H1 class=pagetitle>".$_lang[ForgotTitle]."</H1><hr class=hr>";
$uid=@intval($uid);
if ($do == "changepassword" and $fkey and $uid) {
if (!$password) {$error=$_lang[ErrorNoPassword];}
else if (!$repassword) {$error=$_lang[ErrorPasswordNoConfirm];}
else if (strlen($password) < 6) {$error=$_lang[ErrorPasswordLength];}
else if ($password != $repassword) {$error=$_lang[ErrorPasswordConfirm];}
else {
@mysql_query("update users set forgotkey='',password='".crypt($password)."' where forgotkey='$fkey' and id='$uid'") or die("File: ".__FILE__."<BR>Line: ".__LINE__."<BR>MySQL Error: ".mysql_error());
$fkey='';
print $_lang[ForgotSuccess]." <A class=rootlink href=billing.php>".$_lang[ForgotEnterToBilling]."</a>.";
}
}
if ($fkey) {
$r = @mysql_query("select * from users where forgotkey='$fkey'") or die("File: ".__FILE__."<BR>Line: ".__LINE__."<BR>MySQL Error: ".mysql_error());
if (mysql_num_rows($r) > 0) {
$r = mysql_fetch_object($r);
if ($error) {print "<font color=red>".$_lang[Error].": $error</font><BR><BR>";}
?>
<form method=post>
<input type=hidden name=do value=changepassword>
<input type=hidden name=fkey value=<?=$fkey?>>
<input type=hidden name=uid value=<?=$r->id?>>
<table class='rpTableBlank'>
<tr><td valign=middle align=right><?=$_lang[ForgotEnterNewPassword]?>:</td><td><input class=input type="password" name="password" size=20"></td></tr>
<tr><td valign=middle align=right><?=$_lang[ForgotReEnterNewPassword]?>:</td><td><input class=input type="password" name="repassword" size=20"></td></tr>
<tr><Td colspan=2 align=center><input class=button type=submit value='<?=$_lang[Change]?>'></td></tr>
</table>
</form>
<?
}
else { print $_lang[ErrorBadId]; }
}
if ($do == 'request') {
if (!$nameemail) { $error = $_lang[ForgotErrorNameOrEmail]; $do='';}
else {
$r = @mysql_query("select * from users where login='$nameemail' or email='$nameemail'") or die("File: ".__FILE__."<BR>Line: ".__LINE__."<BR>MySQL Error: ".mysql_error());
if (mysql_num_rows($r) > 0) {
while ($rr = mysql_fetch_object($r)) {
$forgotkey=generatePassword(15);
@mysql_query("update users set forgotkey='$forgotkey' where id='$rr->id'") or die("File: ".__FILE__."<BR>Line: ".__LINE__."<BR>MySQL Error: ".mysql_error());
$tpl=GetTpl('email_touser_forgot_password',$rr->lang);
$subject=$tpl[subject]; $template=$tpl[template];
if ($subject and $template) {
$company_name=GetSetting('company_name');
$company_url=GetSetting('company_url');
$support_email=GetSetting("support_email");
$support_url=GetSetting('support_url');
$subject = str_replace('{login}',$rr->login,$subject);
$template = str_replace('{company_name}',$company_name,$template);
$template = str_replace('{company_url}',$company_url,$template);
$template = str_replace('{support_url}',$support_url,$template);
$template = str_replace('{login}',$rr->login,$template);
$template = str_replace('{link}',$full_www_path."forgotpass.php?fkey=$forgotkey",$template);
WriteMailLog($subject,$template,$rr->id);
sendmail($rr->email,$company_name,$support_email,$subject,$template);
sendmail($rr->email2,$company_name,$support_email,$subject,$template);
}
}
print $_lang[ForgotInfoSended];
}
else { $error = $_lang[ForgotErrorNoUserWithNameOrEmail]; $do=''; }
}
}
if (!$do and !$fkey) {
if ($error) {print "<font color=red>".$_lang[Error].": $error</font><BR><BR>";}
?>
<form method=post>
<input type=hidden name=do value=request>
<table class='rpTableBlank'>
<tr><td valign=middle align=right><?=$_lang[ForgorInputYourNameOrEmail]?>:</td><td><input class=input type="text" name="nameemail" size=30 value="<?=$nameemail?>"></td></tr>
<tr><Td colspan=2 align=center><input class=button type=submit value='<?=$_lang[Send]?>'></td></tr>
</table>
</form>
<?
}
foot('utf-8');
mclose();
?>