<?php
/*
MGB 0.6.x - OpenSource PHP and MySql Guestbook
Copyright (C) 2004 - 2011 Juergen Grueneisl - http://www.m-gb.org/
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
// ====================== //
// lostpassword.php - 1.0 //
// ====================== //
//
// ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //
// Show all errors but no warnings
error_reporting(E_ALL & ~E_NOTICE);
require ("../includes/functions.inc.php");
require ("../includes/config.inc.php");
require ("../includes/load_settings.inc.php");
require ("../language/".$settings['language_path']."/lang_admin.php");
require ("../language/".$settings['language_path']."/settings.php");
// set timezone
date_default_timezone_set($settings['timezone']);
// load necessary templates
$content_header = mgb_load_template("admin", "default/general_admin", "header");
$content_errormessage = mgb_load_template("admin", "default/general_admin", "errormessage");
$content_lostpassword = mgb_load_template("admin", "default", "lostpassword");
$content_lostpassword_sent = mgb_load_template("admin", "default", "lostpassword_sent");
$content_copyright = mgb_load_template("admin", "default/general_admin", "copyright");
$content_footer = mgb_load_template("admin", "default/general_admin", "footer");
if(isset($_GET['id']) AND isset($_GET['key']))
{
$result = mgb_sql_connect("SELECT user_name, user_email, np_key, np_expiration FROM ".$db['prefix']."user WHERE ID=".secure_value($_GET['id']), "Error while checking key.", 1);
$user = @mysql_fetch_array($result);
if($_GET['key'] == $user['np_key'] AND $user['np_expiration'] > time())
{
$new_password = generate_key_and_pw("", $settings['password_min_length']);
$name = $user['user_name'];
$email = $user['user_email'];
$lang['sendmail_new_password_created_title'] = format_mail(repl_uml($lang['sendmail_new_password_created_title'], $charset), $name, $date, $time, "", $settings['h_domain'], "", "", "", "", "", "", $new_password);
$lang['sendmail_new_password_created_text'] = format_mail(repl_uml(xhtmlbr2nl($lang['sendmail_new_password_created_text']), $charset), $name, $date, $time, "", $settings['h_domain'], "", "", "", "", "", "", $new_password);
$mail_header = "content-type: text/plain; charset=".$charset."\n";
$mail_header .= "from: ".$settings['admin_gbemail'];
$mail_send = @mail($email, $lang['sendmail_new_password_created_title'], $lang['sendmail_new_password_created_text'], $mail_header);
if ($mail_send)
{
mgb_sql_connect("UPDATE ".$db['prefix']."user SET user_password = '".md5($new_password)."', np_key = '', np_expiration = '' WHERE ID='".secure_value($_GET['id'])."'", "Error while creating new password.", 0);
$statusmessage = $lang['lostpassword_success_created'];
$np_created = 1;
}
else
{
// problem with mail server
$statusmessage = $lang['lostpassword_no_success_created'];
$errorcode = 14;
$np_created = 0;
}
}
else
{
// invalid or expired key
$errorcode = 12;
$page_lostpassword = $content_lostpassword;
}
}
if($np_created == 1)
{
$page_lostpassword = $content_lostpassword_sent;
}
else
{
if(!isset($_POST['sent']))
{
$page_lostpassword = $content_lostpassword;
}
else
{
if(isset($_POST['email']) AND check_mail($_POST['email']))
{
$result = mgb_sql_connect("SELECT ID, user_name, np_expiration FROM ".$db['prefix']."user WHERE user_email=".secure_value($_POST['email']), "Error while getting data from database.", 1);
$lostpassword = @mysql_fetch_array($result);
if($lostpassword['np_expiration'] <= time())
{
$name = $lostpassword['user_name'];
$email = cleanstr($_POST['email']);
$user_id = $lostpassword['ID'];
$new_password_key = generate_key_and_pw("", 16);
$url_to_gb = "http://".$settings['h_domain'].$settings['gb_path']."admin/lostpassword.php";
$lang['sendmail_new_password_title'] = format_mail(repl_uml(xhtmlbr2nl($lang['sendmail_new_password_title']), $charset), $name, $date, $time, "", $settings['h_domain'], $url_to_gb, "", "", "", $new_password_key, $user_id, $new_password);
$lang['sendmail_new_password_text'] = format_mail(repl_uml(xhtmlbr2nl($lang['sendmail_new_password_text']), $charset), $name, $date, $time, "", $settings['h_domain'], $url_to_gb, "", "", "", $new_password_key, $user_id, $new_password);
$mail_header = "content-type: text/plain; charset=".$charset."\n";
$mail_header .= "from: ".$settings['admin_gbemail'];
// save key for new password
$np_expiration = time() + 86400; // 1 day in seconds
$mail_send = @mail($email, $lang['sendmail_new_password_title'], $lang['sendmail_new_password_text'], $mail_header);
if ($mail_send)
{
mgb_sql_connect("UPDATE ".$db['prefix']."user SET np_key = '".$new_password_key."', np_expiration = '".$np_expiration."' WHERE ID='".$user_id."'", "Error while updating password in the database.", 0);
$statusmessage = $lang['lostpassword_success'];
$page_lostpassword = $content_lostpassword_sent;
}
else
{
// problem with mail server
$statusmessage = $lang['lostpassword_no_success'];
$page_lostpassword = $content_lostpassword_sent;
$errorcode = 14;
}
}
else
{
// new password was already requested
$errorcode = 13;
$page_lostpassword = $content_lostpassword;
}
}
else
{
// invalid email
$errorcode = 7;
$page_lostpassword = $content_lostpassword;
}
}
}
if (isset($errorcode) AND $errorcode == 7) { $errormessage = $lang['errormessage7']; } // invalid email
if (isset($errorcode) AND $errorcode == 12) { $errormessage = $lang['errormessage12']; } // invalid or expired key
if (isset($errorcode) AND $errorcode == 13) { $errormessage = $lang['errormessage13']; } // new password was already requested
if (isset($errorcode) AND $errorcode == 14) { $errormessage = $lang['errormessage14']; } // problem with mail server
if (!isset($errorcode)) { $content_errormessage = NULL; };
// Template replacement
// Header
$page_header = $content_header;
$page_header = template("H_LANGUAGE_SHORT", $language_short, $page_header);
$page_header = template("H_DOMAIN", $settings['h_domain'], $page_header);
$page_header = template("H_AUTHOR", $settings['h_author'], $page_header);
$page_header = template("H_KEYWORDS", $settings['h_keywords'], $page_header);
$page_header = template("H_DESCRIPTION", $settings['h_description'], $page_header);
$page_header = template("H_CHARSET", $charset, $page_header);
if(!isset($refresh)) { $refresh = NULL; }
$page_header = template("REFRESH", $refresh, $page_header);
// Body
$page_lostpassword = template("TEMPLATE_HEADER", $page_header, $page_lostpassword);
$page_lostpassword = template("TEMPLATE_ERRORMESSAGE", $content_errormessage, $page_lostpassword);
$page_lostpassword = template("ERRORMESSAGE", $errormessage, $page_lostpassword);
$page_lostpassword = template("LOSTPASSWORD_STATUSMESSAGE", $statusmessage, $page_lostpassword);
$page_lostpassword = template("LANG_LOSTPASSWORD_MAIL", $lang['lostpassword_mail'], $page_lostpassword);
$page_lostpassword = template("LANG_GET_NEW_PW", $lang['get_new_pw'], $page_lostpassword);
// Footer
$page_lostpassword = template("TEMPLATE_COPYRIGHT", $content_copyright, $page_lostpassword);
$page_lostpassword = template("TEMPLATE_FOOTER", $content_footer, $page_lostpassword);
$page_lostpassword = template("COPYRIGHT_DATE", date("Y"), $page_lostpassword);
echo $page_lostpassword;
?>