<?php
################################################################################
##              -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =-                 #
## --------------------------------------------------------------------------- #
##  ApPHP AdminPanel Pro                                                       #
##  Developed by:  ApPHP <hide@address.com>                                      #
##  License:       GNU LGPL v.3                                                #
##  Site:          http://www.apphp.com/php-adminpanel/                        #
##  Copyright:     ApPHP AdminPanel (c) 2006-2011. All rights reserved.        #
##                                                                             #
################################################################################

    session_start();

    require_once("inc/config.inc.php");
    require_once("inc/settings.inc.php");
    include_once("inc/functions.inc.php");    
	require_once("modules/phpmailer/class.phpmailer.php");
	require_once("inc/languages/".$SETTINGS['site_language'].".php");

	$act 		= isset($_POST['act']) ? prepare_input($_POST['act']) : "";
    $adm_logged = (isset($_SESSION['adm_logged'])) ? $_SESSION['adm_logged'] : false;
	$login_type = isset($_POST['login_type']) ? prepare_input($_POST['login_type']) : "";
	$msg 		= "";
    
	if($adm_logged == true) exit;    		

	if($act == "send_password"){
		if(strtolower(_SITE_MODE) == "demo"){
			$msg = "99";			
		}else{			
			$email = isset($_POST['re_email']) ? prepare_input($_POST['re_email']) : "";
			
			$ses_email_sent      = isset($_SESSION['email_sent']) ? $_SESSION['email_sent'] : false;
			$ses_email_sent_time = isset($_SESSION['email_sent_time']) ? $_SESSION['email_sent_time'] : "";
			$timeout_diff = floor(time_diff(date("Y-m-d H:i:s"), $ses_email_sent_time) / 60);
			
			$table = ($login_type == "admin") ? TABLE_ADMINS : TABLE_USERS;
			
			if($ses_email_sent && ($timeout_diff < "2")){
				$msg = "3";			
			}else{
				$msg = "1";				
				$password_new = "";
				if($SETTINGS['passwords_encryption']){
					if($SETTINGS['passwords_encryption_type'] == "AES"){
						$password = "AES_DECRYPT(password, '".$SETTINGS['passwords_encrypt_key']."') as decoded_password";				
					}else{
						//$password = "MD5('".random_string(8)."') as password";
						$password_new = random_string(8);
						$password = "'".$password_new."' as decoded_password";
					}
				}else{
					$password = "password as decoded_password";
				}				
				$sql = "SELECT id, last_name, first_name, email, username, ".$password." FROM ".$table." WHERE is_active = 1 AND email = '".$email."'";			
				$db->Query($sql);
				if($row = @$db->FetchAssoc()){

					/////////////////////////////////////////////////////////
					$sql_template = "SELECT * FROM ".TABLE_EMAIL_TEMPLATES." WHERE template_name = 'password_forgotten'";
					$db->Query($sql_template);
					if($row1 = @$db->FetchAssoc()){
						
						$msg_title = $row1['template_subject'];
						if(($SETTINGS['passwords_encryption']) && ($SETTINGS['passwords_encryption_type'] == "MD5")){
							$msg_title .= " (New Password Sent)";
						}
						
						$message = $row1['template_content'];
						$message = str_replace("%USER NAME%", $row['username'], $message);
						$message = str_replace("%WEB SITE%", get_base_url(), $message);
						$message = str_replace("%USER PASSWORD%", $row['decoded_password'], $message);						
					
						$result = send_email($row['email'], $SETTINGS['admin_email'], $msg_title, $message);
						
						if($result){
							// update password field with new value
							if(($SETTINGS['passwords_encryption']) && ($SETTINGS['passwords_encryption_type'] == "MD5")){
								$sql = "UPDATE ".$table." SET password = '".$password_new."' WHERE id = '".$row['id']."'";
								$db->Exec($sql);								
							}							
						}
					}
					/////////////////////////////////////////////////////////

					$msg = "2";
					//$_SESSION['email_sent'] = true;
					//$_SESSION['email_sent_time'] = date("Y-m-d H:i:s");
				}					
			}			
		}		
	}
	

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
    <title><?php echo $SETTINGS['site_name']; ?> :: <?php echo lang('admin_panel'); ?> :: <?php echo lang('forgot_password'); ?></title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <link href="styles/<?php echo $SETTINGS['css_style'];?>/style.css" type="text/css" rel="stylesheet">

	<script type='text/javascript' src='modules/datagrid/modules/jsafv/lang/jsafv-en.js'></script>
	<script type='text/javascript' src='modules/datagrid/modules/jsafv/chars/diactric_chars_utf8.js'></script>
	<script type='text/javascript' src='modules/datagrid/modules/jsafv/form.scripts.js'></script>
    
	<script type="text/javascript" src="js/functions.js"></script>

    <script type="text/javascript" >
	function onSubmitMyCheck(val){
		if(onSubmitCheck(document.forms['frmSendPassword'], false, false)){
			return true;
		}else{
			return false;
		}
	}	 
    </script>
</head>
<body>

<br /><br />
<table cellspacing="1" cellpadding="6" width="100%" align="left" border="0">
<tbody>
<tr>
    <td valign="top" nowrap height="350px">	
    <br />
	<?php
		if($msg == "1"){
			draw_message("error", lang("msg_fp_wrong_email"), true, "380px");
		}else if($msg == "2"){
			draw_message("success", lang("msg_fp_password_sent"), true, "380px");
		}else if($msg == "3"){
			draw_message("normal", lang("msg_fp_password_already_sent"), true, "380px");
		}else if($msg == "99"){
			draw_message("error", "This operation is blocked in demo version.", true, "380px");
		}
		
	?>
	<br />
    <form class="login_form" name="frmSendPassword" action="forgot_password.php" method="post">                                    
	<input type="hidden" value="send_password" name="act" /> 
	<table class="tborder" cellspacing="1" cellpadding="0" width="380px" align="center" border="0">
	<tbody>	
	<tr>
	    <td class="tcat" style="padding:7px;padding-top:7px;" colspan="2" align="center"><strong><?php echo lang('password_recovery'); ?></strong></td>
	</tr>
	<tr>
	    <td class="tcat2" style="padding:6px;">
			<table cellSpacing="0" align="center" width="93%" border="0" style="margin-top:7px;margin-bottom:2px;">
			<tbody>
			<tr vAlign="top">
				<td colSpan="3">
					<?php echo lang('msg_fp_enter_email'); ?>:<br />
					<input type="text" style="width:332px;margin-top:2px; margin-bottom:3px;" maxlength="100" name="re_email" id="re_email" value="" title="<?php echo lang('email_address'); ?>" autocomplete="off" />
				</td>
			</tr>
			<tr><td nowrap height='3px' colspan="3"></td></tr>
			<tr>
				<td colspan="3" align="right">
					<?php echo lang('account_type'); ?>:
					<select name="login_type">
						<option value='admin' <?php echo ($login_type == "admin") ? "selected='selected'" : ""; ?>><?php echo lang('admin'); ?></option>
						<?php if(module_istalled('users')){ ?>
						<option value='user' <?php echo ($login_type == "user") ? "selected='selected'" : ""; ?>><?php echo lang('user'); ?></option>
						<?php } ?>
					</select>
				</td>
			</tr>
			<tr valign="top">
				<td align="center" colspan="3">
					<table border="0" style="margin-top:8px; padding-top:8px; width:100%;" cellspacing='0'>
					<tr>
						<td></td>
						<td rowspan="2" align="right" valign="bottom" width="48px"><img src="images/password.png" style="margin-right:-7px;" alt="" /></td>
					</tr>
					<tr>
						<td align="left" style="border-top:1px solid #a7a7a7;">
							<input accessKey="s" type="submit" value="<?php echo lang("search");?>" onClick="return onSubmitMyCheck()" />
							&nbsp;<a href='login.php'><?php echo lang("msg_fp_back_to_login");?></a>	
						</td>
						
					</tr>
					</table>
				</td>
			</tr>			
			</tbody>
			</table>			
	    </td>
	</tr>
	</tbody>
	</table>
    </form>
    
    </td>
</tr>
</tbody>
</table>          
</body>
</html>

<script type="text/javascript">
<!--
document.getElementById("re_email").focus();
//-->
</script>