Location: PHPKode > projects > Kwalbum > kwalbum/pages/LostPWPage.php
<?php

/*
 * Created on Sep 16, 2008
 * 2.0
 */
require_once 'include/IPage.php';

class LostPWPage implements IPage
{
	private $msg, $finished;
	private $newHash;

	function LostPWPage()
	{
		global $DB;

		if (isset($_GET['h']))
		{
			$temp = explode('.', $_GET['h']);
			$hash = $DB->FilterString($temp[0]);
			$userId = (int)$temp[1];
			$query = "SELECT UserId FROM ".USER_TABLE." WHERE UserId=$userId AND UserVerifier='$hash'";
			$result = $DB->Query($query);
			if (0 == $result->num_rows)
			{
				$DB->UpdateSingle(USER_TABLE, 'UserVerifier', "''", "UserId=$userId");
				$this->msg = '<span class="error">This address is no longer valid for changing your password.</span>';
				$this->finished = true;
				return;
			}
			if (isset($_POST['action']))
			{
				require_once 'include/JoinValidate.php';
				$JV = new JoinValidate();
				$pw = $_POST['pw'];
				if ($JV->validateAJAX($pw, 'txtPass1'))
				{
					$query = "UPDATE ".USER_TABLE." SET UserPassword='".sha1($pw)."', UserVerifier='' " .
							"WHERE UserId=$userId AND UserVerifier='$hash'";
					$DB->query($query);
					$this->msg = 'Your password has been changed and you can now <a href="'.PAGE_URL.'p=Login">log in</a>.';
					$this->finished = true;
				}
				else
				{
					$this->msg = '<div class="error">New password must be at least '.$JV->passLength.' characters long.</div>';
					$this->MakeNewHash($userId);
				}
			}
			else
				$this->MakeNewHash($userId);
		}
		elseif (isset($_POST['action']))
		{
			$loginName = $_POST['name'];
			$email = $_POST['email'];
			$query = 'SELECT UserId FROM '.USER_TABLE." WHERE UserName='$loginName' AND UserEmail='$email'";
			if ($row = @$DB->Query($query)->fetch_array(MYSQLI_ASSOC))
			{
				$userId = $row['UserId'];
				$this->MakeNewHash($userId);
				$host = $_SERVER['SERVER_NAME'];
				$emailMessage = "A password change has been requested for $loginName at $host.  To change it go to\nhttp://$host".PAGE_URL."p=LostPW&h=$this->newHash\n\nAutomatic email from\nKwalbum\nkwalbum.sourceforge.net \n\n";
				if (!mail($email, 'Lost Password on '.$host, $emailMessage, 'From: "'.$host.'" <kwalbum@'.$host.'>'))
					$this->msg = '<span class="error">Email with further instructions was not sent.  Please contact the website administrator.</span>';
				else
				{
					$this->msg = 'An email has been sent with further instructions.  If you do not recieve the email within a few hours, check your junk mail folder then contact the website administrator if you still can not find it.';
					$this->finished = true;
				}
			}
			else
				$this->msg = '<span class="error">Name and email combination was not found.  Please try again.</span>';
		}
	}
	function GetHead(& $title)
	{
		$title = 'Lost Password';
	}

	function ShowBody()
	{
		if (USER_ID)
		{
			echo '<p class="error">You are already logged in.</p>';
			return;
		}

		global $URLP;

		$error = $this->error;
		require 'LostPWPage.html.php';
	}

	private function MakeNewHash($userId)
	{
		global $DB;
		$hash = md5(rand());
		$DB->UpdateSingle(USER_TABLE, 'UserVerifier', "'$hash'", "UserId=$userId");
		$this->newHash = $hash.'.'.$userId;
	}
}
100% Free PHP Newsletter Script! Download now!
Return current item: Kwalbum