1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 |
- <?php
- require_once('app.php');
- if (isset($_POST['key'])) {
- $key = $conn->escape_string($_POST['key']);
- $sql = "SELECT userid FROM PasswordReset WHERE `key`='$key'";
- if ($query = $conn->query($sql)) {
- $userid = $query->fetch_array()['userid'];
- } else {
- queue_message(new Message("SQL error: " . $conn->error, "danger"));
- header('Location: /');
- }
- $rawPass = $_POST['pass'];
- $rawRepeat = $_POST['pass_repeat'];
- if (changePassword($userid, $rawPass, $rawRepeat)) {
- $conn->query("DELETE FROM PasswordReset WHERE `key`='$key'");
- }
- } else if (isset($_POST['email'])) {
- $email = $conn->escape_string($_POST['email']);
- $sql = "SELECT UID FROM Users WHERE Email='$email'";
- if ($query = $conn->query($sql)) {
- $userid = $query->fetch_array()['UID'];
- } else {
- queue_message(new Message("No account has that e-mail address registered.", "danger"));
- header('Location: /');
- }
- $key = generateKey(32);
- $sql = "INSERT INTO PasswordReset VALUES ('$userid', '$key')";
- if ($conn->query($sql)) {
- $external_url = Config::$external_url;
- mail($email, Config::$sitename . " password reset", "To reset your password, navigate to this address: $external_url/login/?reset&key=$key");
- } else {
- echo $conn->error;
- }
- } else {
- if (isset($_GET['key'])) {
- $key = $_GET['key'];
- ?>
- <div class="login-panel panel panel-default">
- <div class="panel-heading">
- <h3 class="panel-title"><i class="fa fa-lock"></i> <?php echo Config::$sitename . " password reset" ?></h3>
- </div>
- <div class="panel-body">
- <form role="form" action="" method="post">
- <fieldset>
- <div class="form-group">
- <input class="form-control" placeholder="New password" name="pass" autofocus="" type="password">
- </div>
- <div class="form-group">
- <input class="form-control" placeholder="Repeat password" name="pass_repeat" value="" type="password">
- </div>
- <input type="hidden" name="key" value="<?php echo $key ?>" />
- <input class="btn btn-primary btn-lg btn-block" type="submit" value="Reset password"/>
- </fieldset>
- </form>
- </div>
- </div>
- <?php
- } else {
- ?>
- <div class="login-panel panel panel-default">
- <div class="panel-heading">
- <h3 class="panel-title"><i class="fa fa-lock"></i> <?php echo Config::$sitename . " password reset" ?></h3>
- </div>
- <div class="panel-body">
- <form role="form" action="" method="post">
- <fieldset>
- <div class="form-group">
- <input class="form-control" placeholder="Account E-mail address" name="email" autofocus="" type="email">
- </div>
- <input class="btn btn-primary btn-lg btn-block" type="submit" value="Send reset link"/>
- </fieldset>
- </form>
- </div>
- </div>
- <?php
- }
- die();
- }
- header('Location: /');
- ?>
|