Файл: modules/user/recovery.php
Строк: 88
<?php
/**
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) 2013, Taras Chornyi, Sergiy Mazurenko, Ivan Kotliar
* @link http://perf-engine.net
* @package PerfEngine
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
if(User::logged()) redirect('/');
$page = 'auth';
if(isset($_POST['save_pass']) && $_GET['act']== 'change_pass' && isset($_GET['tmphash']) && isset($_GET['email'])) {
$RecoveryUserData = $db->query("SELECT * FROM `users` WHERE `password` = '". input($_GET['tmphash']) ."' AND `email` = '". input($_GET['email']) ."'")->fetch();
$pass1 = input($_POST['npass']);
$pass = input($_POST['pass']);
if (!empty($pass1) && (mb_strlen($pass1, 'UTF-8') < 5 || mb_strlen($pass1, 'UTF-8') > 64)) $err .= _t('e_pass').'<br />';
if (!empty($pass1) && !empty($pass) && $pass1 != $pass) $err .= _t('e_pass2').'<br />';
if(input($_GET['tmphash']) == $RecoveryUserData['password']) {
$db->query("UPDATE `users` SET `password` = '". crypto($pass)."' WHERE `email` = '". input($_GET['email'])."' ");
// print_r($db->errorInfo());
go('/');
} else { echo _t('ex_mail').'<br/>'; }
}
$title = _t('recovery');
include_header($title);
$tpl->div('title', _t('recovery'));
if(!empty($_POST['nick']) && !empty($_POST['email'])) {
$nick = input($_POST['nick']);
$mail = input($_POST['email']);
if($db->query("SELECT * FROM `users` WHERE `nick` = '". $nick ."' AND `email` = '". $mail ."'")->rowCount() == 1) {
$RecoveryUserData = $db->query("SELECT * FROM `users` WHERE `nick` = '". $nick ."' AND `email` = '". $mail ."'")->fetch();
import_lib('mail.class');
$_libMail = new Mail('UTF-8');
$_libMail->From('no-reply@'.$_SERVER['HTTP_HOST']);
$_libMail->To($nick.';'.$mail);
$_libMail->Subject("Password recovery | "._t('recovery')." - ".$_SERVER['HTTP_HOST']);
$_libMail->Body(_t('hello').", ".$nick."!n".
_t('recovery_1')." ".URL."n".
_t('recovery_2')."n
".URL."/user/recovery?act=reset&tmphash=".$RecoveryUserData['password']."&email=".$mail."n
"._t('recovery_3')."n
"._t('recovery_4')." ".$system['copyright']);
$_libMail->Priority(3);
$_libMail->Send();
echo '<div class="menu">'._t('recovery_alert').'</div>';
// print_r($_libMail->Get());
$tpl->div('block', HICO .'<a href="/">'. _t('home') .'</a>');
include_footer();
exit;
}
else
{
echo $tpl->div('error', _t('fail_a'));
}
}
elseif(isset($_GET['act']) && $_GET['act'] == 'reset' && isset($_GET['tmphash']) && isset($_GET['email']))
{
if($db->query("SELECT * FROM `users` WHERE `password` = '". input($_GET['tmphash']) ."' AND `email` = '". input($_GET['email']) ."'")->rowCount() == 1)
{
echo '<form action="?act=change_pass&tmphash='.input($_GET['tmphash']).'&email='.input($_GET['email']).'" method="post">
<div class="post">
<b>'. _t('new_e') .' '. _t('password') .'</b><br/>
<input type="text" name="npass"/><br/>
<b>'. _t('confirm') .' '. _t('password') .'</b>:<br/>
<input type="text" name="pass"/><br/>
<input type="submit" name="save_pass" value="'. _t('save') .'" /><br/>
</div>
</form>';
$tpl->div('block', HICO .'<a href="/">'. _t('home') .'</a>');
include_footer();
exit;
}
else
{
echo $tpl->div('error', _t('fail_a'));
}
}
echo '<div class="menu">
<form action="/user/recovery?" method="post">
'. _t('nick') .':<br/>
<input type="text" name="nick" /><br/>
E-mail:<br/>
<input type="text" name="email" /><br/>
<input type="submit" value="Ok!" />
</form>
</div>';
$tpl->div('block', HICO .'<a href="/">'. _t('home') .'</a>');
include_footer();
?>