Location: PHPKode > projects > MGB OpenSource Guestbook > mgb-0.6.9.2/admin/lostpassword.php
<?php
	/*
	MGB 0.6.x - OpenSource PHP and MySql Guestbook
	Copyright (C) 2004 - 2011 Juergen Grueneisl - http://www.m-gb.org/

	This program is free software; you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation; either version 2 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program; if not, write to the Free Software
	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
	*/

	// ====================== //
	// lostpassword.php - 1.0 //
	// ====================== //
	//
	// ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //

	// Show all errors but no warnings
	error_reporting(E_ALL & ~E_NOTICE);

	require ("../includes/functions.inc.php");
	require ("../includes/config.inc.php");
	require ("../includes/load_settings.inc.php");
	require ("../language/".$settings['language_path']."/lang_admin.php");
	require ("../language/".$settings['language_path']."/settings.php");
	require ("load_template_admin.inc.php");

	if(isset($_GET['id']) AND isset($_GET['key']))
		{
		$link = @mysql_connect($db['hostname'], $db['username'], $db['password']) or die ("(lostpassword.php) Error, line 39: ".mysql_error());
		@mysql_select_db($db['dbname'], $link) or die ("(lostpassword.php) Error, line 40: ".mysql_error());
		$sql = "SELECT user_name, user_email, np_key, np_expiration FROM ".$db['prefix']."user WHERE ID=".secure_value($_GET['id']);
		$result = @mysql_query($sql, $link) or die ("(lostpassword.php) Error, line 42: ".mysql_error());

		$user = @mysql_fetch_array($result);

		if($_GET['key'] == $user['np_key'] AND $user['np_expiration'] > time())
			{
			$new_password = generate_key_and_pw("", $settings['password_min_length']);

			$name = $user['user_name'];
			$email = $user['user_email'];

			$lang['sendmail_new_password_created_title'] = format_mail(repl_uml($lang['sendmail_new_password_created_title'], $charset), $name, $date, $time, "", $settings['h_domain'], "", "", "", "", "", "", $new_password);
			$lang['sendmail_new_password_created_text'] = format_mail(repl_uml(xhtmlbr2nl($lang['sendmail_new_password_created_text']), $charset), $name, $date, $time, "", $settings['h_domain'], "", "", "", "", "", "", $new_password);

			$mail_header = "content-type: text/plain; charset=".$charset."\n";
			$mail_header .= "from: ".$settings['admin_gbemail'];

			$mail_send = @mail($email, $lang['sendmail_new_password_created_title'], $lang['sendmail_new_password_created_text'], $mail_header);

			if ($mail_send)
				{
				$sql = "UPDATE ".$db['prefix']."user SET user_password = '".md5($new_password)."', np_key = '', np_expiration = '' WHERE ID='".secure_value($_GET['id'])."'";
				$link = @mysql_connect($db['hostname'], $db['username'], $db['password']) or die ("(lostpassword.php, line 64) Error: ".mysql_error());
				@mysql_select_db($db['dbname'], $link) or die ("(lostpassword.php, line 65) Error: ".mysql_error());
				@mysql_query($sql, $link) or die ("(lostpassword.php, line 66) Error: ".mysql_error());

				$statusmessage = $lang['lostpassword_success_created'];
				$np_created = 1;
				}
			else
				{
				// problem with mail server
				$statusmessage = $lang['lostpassword_no_success_created'];
				$errorcode = 14;
				$np_created = 0;
				}
			}
		else
			{
			// invalid or expired key
			$errorcode = 12;
			$page_lostpassword = $content_lostpassword;
			}
		}

	if($np_created == 1)
		{
		$page_lostpassword = $content_lostpassword_sent;
		}
	else
		{
		if(!isset($_POST['sent']))
			{
			$page_lostpassword = $content_lostpassword;
			}
		else
			{
			if(isset($_POST['email']) AND check_mail($_POST['email']))
				{
				$link = @mysql_connect($db['hostname'], $db['username'], $db['password']) or die ("(lostpassword.php) Error, line 101: ".mysql_error());
				@mysql_select_db($db['dbname'], $link) or die ("(lostpassword.php) Error, line 102: ".mysql_error());
				$sql = "SELECT ID, user_name, np_expiration FROM ".$db['prefix']."user WHERE user_email=".secure_value($_POST['email']);
				$result = @mysql_query($sql, $link) or die ("(lostpassword.php) Error, line 104: ".mysql_error());

				$lostpassword = @mysql_fetch_array($result);

				if($sql == TRUE)
					{
					if($lostpassword['np_expiration'] <= time())
						{
						$name = $lostpassword['user_name'];
						$email = cleanstr($_POST['email']);
						$user_id = $lostpassword['ID'];

						$new_password_key = generate_key_and_pw("", 16);
						$url_to_gb = "http://".$settings['h_domain'].$settings['gb_path']."admin/lostpassword.php";

						$lang['sendmail_new_password_title'] = format_mail(repl_uml(xhtmlbr2nl($lang['sendmail_new_password_title']), $charset), $name, $date, $time, "", $settings['h_domain'], $url_to_gb, "", "", "", $new_password_key, $user_id, $new_password);
						$lang['sendmail_new_password_text'] = format_mail(repl_uml(xhtmlbr2nl($lang['sendmail_new_password_text']), $charset), $name, $date, $time, "", $settings['h_domain'], $url_to_gb, "", "", "", $new_password_key, $user_id, $new_password);

						$mail_header = "content-type: text/plain; charset=".$charset."\n";
						$mail_header .= "from: ".$settings['admin_gbemail'];

						// save key for new password
						$np_expiration = time() + 86400; // 1 day

						$mail_send = @mail($email, $lang['sendmail_new_password_title'], $lang['sendmail_new_password_text'], $mail_header);

						if ($mail_send)
							{
							$sql = "UPDATE ".$db['prefix']."user SET np_key = '".$new_password_key."', np_expiration = '".$np_expiration."' WHERE ID='".$user_id."'";
							$link = @mysql_connect($db['hostname'], $db['username'], $db['password']) or die ("(lostpassword.php) Error, line 133: ".mysql_error());
							@mysql_select_db($db['dbname'], $link) or die ("(lostpassword.php) Error, line 134: ".mysql_error());
							@mysql_query($sql, $link) or die ("(lostpassword.php) Error, line 135: ".mysql_error());

							$statusmessage = $lang['lostpassword_success'];
							$page_lostpassword = $content_lostpassword_sent;
							}
						else
							{
							// problem with mail server
							$statusmessage = $lang['lostpassword_no_success'];
							$page_lostpassword = $content_lostpassword_sent;
							$errorcode = 14;
							}
						}
					else
						{
						// new password was already requested
						$errorcode = 13;
						$page_lostpassword = $content_lostpassword;
						}
					}
				}
			else
				{
				// invalid email
				$errorcode = 7;
				$page_lostpassword = $content_lostpassword;
				}
			}
		}

	if (isset($errorcode) AND $errorcode == 7) { $errormessage = $lang['errormessage7']; }		// invalid email
	if (isset($errorcode) AND $errorcode == 12) { $errormessage = $lang['errormessage12']; }	// invalid or expired key
	if (isset($errorcode) AND $errorcode == 13) { $errormessage = $lang['errormessage13']; }	// new password was already requested
	if (isset($errorcode) AND $errorcode == 14) { $errormessage = $lang['errormessage14']; }	// problem with mail server
	if (!isset($errorcode)) { $content_errormessage = NULL; };

	// Template replacement

	// Header
	$page_header = $content_header;
	$page_header = template("H_LANGUAGE_SHORT", $language_short, $page_header);
	$page_header = template("H_DOMAIN", $settings['h_domain'], $page_header);
	$page_header = template("H_AUTHOR", $settings['h_author'], $page_header);
	$page_header = template("H_KEYWORDS", $settings['h_keywords'], $page_header);
	$page_header = template("H_DESCRIPTION", $settings['h_description'], $page_header);
	$page_header = template("H_CHARSET", $charset, $page_header);
	if(!isset($refresh)) { $refresh = NULL; }
	$page_header = template("REFRESH", $refresh, $page_header);

	// Body
	$page_lostpassword = template("TEMPLATE_HEADER", $page_header, $page_lostpassword);
	$page_lostpassword = template("TEMPLATE_ERRORMESSAGE", $content_errormessage, $page_lostpassword);
	$page_lostpassword = template("ERRORMESSAGE", $errormessage, $page_lostpassword);
	$page_lostpassword = template("LOSTPASSWORD_STATUSMESSAGE", $statusmessage, $page_lostpassword);
	
	$page_lostpassword = template("LANG_LOSTPASSWORD_MAIL", $lang['lostpassword_mail'], $page_lostpassword);
	$page_lostpassword = template("LANG_GET_NEW_PW", $lang['get_new_pw'], $page_lostpassword);

	// Footer
	$page_lostpassword = template("TEMPLATE_COPYRIGHT", $content_copyright, $page_lostpassword);
	$page_lostpassword = template("TEMPLATE_FOOTER", $content_footer, $page_lostpassword);
	$page_lostpassword = template("COPYRIGHT_DATE", date("Y"), $page_lostpassword);

	// close sql connection
	@mysql_close($link);

	echo $page_lostpassword;
?>
Return current item: MGB OpenSource Guestbook