EVOLUTION-MANAGER
Edit File: forgot-password.php
<?php /* UserCake Version: 2.0.2 http://usercake.com */ require_once("models/config.php"); if (!securePage($_SERVER['PHP_SELF'])){die();} //User has confirmed they want their password changed if(!empty($_GET["confirm"])) { $token = trim($_GET["confirm"]); if($token == "" || !validateActivationToken($token,TRUE)) { $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); } else { $rand_pass = getUniqueCode(15); //Get unique code $secure_pass = generateHash($rand_pass); //Generate random hash $userdetails = fetchUserDetails(NULL,$token); //Fetchs user details $mail = new userCakeMail(); //Setup our custom hooks $hooks = array( "searchStrs" => array("#GENERATED-PASS#","#USERNAME#"), "subjectStrs" => array($rand_pass,$userdetails["display_name"]) ); if(!$mail->newTemplateMsg("your-lost-password.txt",$hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if(!$mail->sendMail($userdetails["email"],"Your new password")) { $errors[] = lang("MAIL_ERROR"); } else { if(!updatePasswordFromToken($secure_pass,$token)) { $errors[] = lang("SQL_ERROR"); } else { if(!flagLostPasswordRequest($userdetails["user_name"],0)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL"); } } } } } } //User has denied this request if(!empty($_GET["deny"])) { $token = trim($_GET["deny"]); if($token == "" || !validateActivationToken($token,TRUE)) { $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); } else { $userdetails = fetchUserDetails(NULL,$token); if(!flagLostPasswordRequest($userdetails["user_name"],0)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_CANNED"); } } } //Forms posted if(!empty($_POST)) { $email = $_POST["email"]; $username = sanitize($_POST["username"]); //Perform some validation //Feel free to edit / change as required if(trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } //Check to ensure email is in the correct format / in the db else if(!isValidEmail($email) || !emailExists($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } if(trim($username) == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } else if(!usernameExists($username)) { $errors[] = lang("ACCOUNT_INVALID_USERNAME"); } if(count($errors) == 0) { //Check that the username / email are associated to the same account if(!emailUsernameLinked($email,$username)) { $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); } else { //Check if the user has any outstanding lost password requests $userdetails = fetchUserDetails($username); if($userdetails["lost_password_request"] == 1) { $errors[] = lang("FORGOTPASS_REQUEST_EXISTS"); } else { //Email the user asking to confirm this change password request //We can use the template builder here //We use the activation token again for the url key it gets regenerated everytime it's used. $mail = new userCakeMail(); $confirm_url = lang("CONFIRM")."\n".$websiteUrl."forgot-password.php?confirm=".$userdetails["activation_token"]; $deny_url = lang("DENY")."\n".$websiteUrl."forgot-password.php?deny=".$userdetails["activation_token"]; //Setup our custom hooks $hooks = array( "searchStrs" => array("#CONFIRM-URL#","#DENY-URL#","#USERNAME#"), "subjectStrs" => array($confirm_url,$deny_url,$userdetails["user_name"]) ); if(!$mail->newTemplateMsg("lost-password-request.txt",$hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if(!$mail->sendMail($userdetails["email"],"Lost password request")) { $errors[] = lang("MAIL_ERROR"); } else { //Update the DB to show this account has an outstanding request if(!flagLostPasswordRequest($userdetails["user_name"],1)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS"); } } } } } } } //require_once("models/header.php"); require_once('header.php'); require_once('home-nav.php');?> <div class="container-fluid"> <div class="row-fluid"> <?php echo " <h2>Retrieve Your Password</h2>"; echo resultBlock($errors,$successes); echo " <div id='regbox'> <form name='newLostPass' action='".$_SERVER['PHP_SELF']."' method='post' class='form-horizontal well'> <p> <label>Username:</label> <input type='text' name='username' /> </p> <p> <label>Email:</label> <input type='text' name='email' /> </p> <p> <label> </label> <input type='submit' value='Submit' class='submit btn btn-danger'/> <a href='".$baseurl."login' title='Login' class='btn btn-link'>Login</a> </p> </form> </div> </div> <div id='bottom'></div>"; require_once("footer.php"); ?>