Location: PHPKode > projects > Gnew > Gnew-2013.1/users/password.php
<?php
// -----------------------------------------------------------------------------
// $Id: password.php 644 2013-03-22 12:54:09Z raoul $
//
// Copyright (C) 2013 Raoul Proença
// License: GNU GPL version 3 (see copying.txt file)
// Website: http://www.gnew.fr/
// -----------------------------------------------------------------------------
// This program is free software: you can redistribute it and/or modify it under
// the terms of the GNU General Public License as published by the Free Software
// Foundation, either version 3 of the License, or (at your option) any later
// version.
//
// This program is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
// details.
//
// You should have received a copy of the GNU General Public License along with
// this program. If not, see <http://www.gnu.org/licenses/>.
// -----------------------------------------------------------------------------

include('./../includes/common.php');

page_header($lang['USERS_PASSWORD']);

// From password form?
if (isset($_POST['password']))
{
    $error = '';
    if (check_email($_POST['user_email']))
    {
        $user_email = $_POST['user_email'];
    }
    else
    {
        $user_email = '';
    }
    $sql->query('SELECT user_id, user_email
                 FROM ' . TABLE_USERS . '
                 WHERE user_name = \'' . utf8_entities($_POST['user_name']) . '\'
                 OR user_email = \'' . $user_email . '\'');
    $table_users = $sql->fetch();
    if (!trim($_POST['user_name']) && !trim($_POST['user_email']))
    {
        $error .= $lang['ERROR_NO_USER'];
    }
    else
    {
        // Check user
        if (!$table_users['user_id'])
        {
            $error .= $lang['ERROR_NO_USER_ID'];
        }
    }
    if ($error)
    {
        error_template($error);
    }
    else
    {
        // Generate new password - 8 chars
        $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
        $new_password = '';
        srand((double)microtime() * 1000000);
        for ($i = 0; $i < 8; $i++)
        {
            $new_password .= $chars{rand() % strlen($chars)};
        }

        $subject = sprintf($lang['MAIL_PASSWORD_SUBJECT'], utf8_chars($settings['site_name']));
        $message = sprintf($lang['MAIL_PASSWORD_MESSAGE'], $new_password, utf8_chars($settings['sender_name']), $settings['site_url']);
        $header = 'From: ' . utf8_chars($settings['sender_name']) . ' <' . $settings['sender_email'] . '>' . "\n";
        $header .= 'Reply-To: ' . utf8_chars($settings['sender_name']) . ' <' . $settings['sender_email'] . '>' . "\n";
        $header .= 'X-Mailer: PHP/' . get_phpversion() . "\n";
        $header .= 'MIME-Version: 1.0' . "\n";
        $header .= 'Content-Type: text/plain; charset=utf-8' . "\n";
        mail($table_users['user_email'], $subject, $message, $header);
        $sql->query('UPDATE ' . TABLE_USERS . '
                     SET user_password = \'' . sha1($new_password) . '\'
                     WHERE user_id = \'' . $table_users['user_id'] . '\'');
        // For the time being user_password is not displayed
        // $GLOBALS['cache']->clean(TABLE_USERS);
        success_template($lang['PASSWORD_SENT'], './../index.php');
    }
}
// Password form
else
{
    $template->set_file('password', 'users/password.htpl');
    $template->parse('password');
}

page_footer();

?>
Return current item: Gnew