Inicio Explorar Axuda
Rexistro Iniciar sesión
Tankernn
/
tankernn-eu
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 8e4d2c45b6
Ramas Etiquetas
tankernn-eu
/
login
/
reset.php

reset.php 3.2 KB
Histórico Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. <?php
    2. 

  2.   require_once('app.php');
    3. 

  3. 

  4.   if (isset($_POST['key'])) {
    5. 

  5.     $key = $conn->escape_string($_POST['key']);
    6. 

  6.     $sql = "SELECT userid FROM PasswordReset WHERE `key`='$key'";
    7. 

  7.     if ($query = $conn->query($sql)) {
    8. 

  8.       $userid = $query->fetch_array()['userid'];
    9. 

  9.     } else {
    10. 

  10.       queue_message(new Message("SQL error: " . $conn->error, "danger"));
    11. 

  11.       header('Location: /');
    12. 

  12.     }
    13. 

  13. 

  14.     $rawPass = $_POST['pass'];
    15. 

  15.     $rawRepeat = $_POST['pass_repeat'];
    16. 

  16. 

  17.     if (changePassword($userid, $rawPass, $rawRepeat)) {
    18. 

  18.       $conn->query("DELETE FROM PasswordReset WHERE `key`='$key'");
    19. 

  19.     }
    20. 

  20.   } else if (isset($_POST['email'])) {
    21. 

  21.     $email = $conn->escape_string($_POST['email']);
    22. 

  22.     $sql = "SELECT UID FROM Users WHERE Email='$email'";
    23. 

  23.     if ($query = $conn->query($sql)) {
    24. 

  24.       $userid = $query->fetch_array()['UID'];
    25. 

  25.     } else {
    26. 

  26.       queue_message(new Message("No account has that e-mail address registered.", "danger"));
    27. 

  27.       header('Location: /');
    28. 

  28.     }
    29. 

  29.     $key = generateKey(32);
    30. 

  30.     $sql = "INSERT INTO PasswordReset VALUES ('$userid', '$key')";
    31. 

  31.     if ($conn->query($sql)) {
    32. 

  32.       $external_url = Config::$external_url;
    33. 

  33.       mail($email, Config::$sitename . " password reset", "To reset your password, navigate to this address: $external_url/login/?reset&key=$key");
    34. 

  34.     } else {
    35. 

  35.       echo $conn->error;
    36. 

  36.     }
    37. 

  37.   } else {
    38. 

  38.     if (isset($_GET['key'])) {
    39. 

  39.       $key = $_GET['key'];
    40. 

  40.       ?>
    41. 

  41.       <div class="login-panel panel panel-default">
    42. 

  42.           <div class="panel-heading">
    43. 

  43.               <h3 class="panel-title"><i class="fa fa-lock"></i> <?php echo Config::$sitename . " password reset" ?></h3>
    44. 

  44.           </div>
    45. 

  45.           <div class="panel-body">
    46. 

  46.               <form role="form" action="" method="post">
    47. 

  47.                   <fieldset>
    48. 

  48.                       <div class="form-group">
    49. 

  49.                           <input class="form-control" placeholder="New password" name="pass" autofocus="" type="password">
    50. 

  50.                       </div>
    51. 

  51.                       <div class="form-group">
    52. 

  52.                           <input class="form-control" placeholder="Repeat password" name="pass_repeat" value="" type="password">
    53. 

  53.                       </div>
    54. 

  54.                       <input type="hidden" name="key" value="<?php echo $key ?>" />
    55. 

  55.                       <input class="btn btn-primary btn-lg btn-block" type="submit" value="Reset password"/>
    56. 

  56.                   </fieldset>
    57. 

  57.               </form>
    58. 

  58.           </div>
    59. 

  59.       </div>
    60. 

  60.       <?php
    61. 

  61.     } else {
    62. 

  62.       ?>
    63. 

  63.       <div class="login-panel panel panel-default">
    64. 

  64.           <div class="panel-heading">
    65. 

  65.               <h3 class="panel-title"><i class="fa fa-lock"></i> <?php echo Config::$sitename . " password reset" ?></h3>
    66. 

  66.           </div>
    67. 

  67.           <div class="panel-body">
    68. 

  68.               <form role="form" action="" method="post">
    69. 

  69.                   <fieldset>
    70. 

  70.                       <div class="form-group">
    71. 

  71.                           <input class="form-control" placeholder="Account E-mail address" name="email" autofocus="" type="email">
    72. 

  72.                       </div>
    73. 

  73.                       <input class="btn btn-primary btn-lg btn-block" type="submit" value="Send reset link"/>
    74. 

  74.                   </fieldset>
    75. 

  75.               </form>
    76. 

  76.           </div>
    77. 

  77.       </div>
    78. 

  78.       <?php
    79. 

  79.     }
    80. 

  80.     die();
    81. 

  81.   }
    82. 

  82.   header('Location: /');
    83. 

  83. ?>
    84.