Location: PHPKode > projects > php Blogger > recovery.php
<?php session_start();
/* * ********************************************************************
*  Copyright notice PHP Blogger 1.1.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpblogger[dot]org
*  All rights reserved
*
*  This script is part of the PHP Blogger project. 
*  The PHP Blogger project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
* ********************************************************************** */
##############################
# recovery.php   version 1.1.#
##############################
if(@$_SESSION['INC_USER_ID'] == true) {
	echo "Error. Signin User";
	die();
}
include ('settings.php');
$smarty->display('blank.php');
require_once ('languages/lang_'.$language.'.php'); ?>
<script language="JavaScript">
function validationEmail(maForm) {
if (/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(maForm.email.value)){
return (true)
}
alert("Invalid E-mail Address! Please re-enter.")
return (false)
}
</script>
<?php if(isset($_POST['Submit'])) {
	if(!isset($_SESSION["jumps"]))
		$_SESSION["jumps"] = 0;
	$_SESSION["jumps"] = $_SESSION["jumps"] + 1;
	if($_SESSION["jumps"] > 12) {
		echo "Error.</div>";
		$smarty->display('footer.php');
		die();
	}
	$ccemail = $_POST['email'];
	if(preg_match("/%/",$ccemail)) {
		echo "<center><div id=\"toprow\">Invalid Characters \"%\" </div>";
		die();
	}
	if(preg_match("/;/",$ccemail)) {
		echo "<center><div id=\"toprow\">Invalid Characters \";\" </div>";
		die();
	}
	if(preg_match("/</",$ccemail)) {
		echo "<center><div id=\"toprow\">Invalid Characters \"<\" HTML is not allowed";
		die();
	}
	if(preg_match("/\\[/",$ccemail)) {
		echo "<center><div id=\"toprow\">Invalid Characters \"[\" BB code is not allowed";
		die();
	}
	if(strlen($ccemail) < 2) {
		echo "<center><span style=\"background:#FFF1A8\">Field must be at least 2 characters long
</center>";
		die();
	}
	if(strlen($ccemail) > 50) {
		echo "<center><span style=\"background:#FFF1A8\">Max Characters Field: 50
</center>";
		die();
	}
	$arecordSet = &$conn->Execute("SELECT * FROM users where `email`  = '".mysql_real_escape_string($ccemail)."'");
	
		if($arecordSet->fields == 0) {
			echo "<div style=\"padding:5px;color:#555\" id=\"ercont\"><center>You have not entered an email address that we recognize. 
Please <a href=\"javascript:history.go(-1)\">try again</a> or contact the 
<a href=\"mailto:$ccmail?subject=$title\">administrator</a>.</center></div>";
			$recordSet->Close();
			$arecordSet->Close();
			$conn->Close();
			die();
		} else {
		$usid = $arecordSet->fields['usid'];
		$username = $arecordSet->fields['username'];
		$password = $arecordSet->fields['password'];
		$email = $arecordSet->fields['email'];
	$tips = 'YjuPKnBfghfEeNqAuL';
	$cchash = sha1(uniqid($tips.mt_rand(),true));
	$brecordSet = &$conn->Execute("UPDATE users SET tempass='$cchash' WHERE usid = '".mysql_real_escape_string($usid)."' ");
	$myurl = "$sitepath/reset.php?id=".$cchash;
	$headers = 'MIME-Version: 1.0'."\r\n";
	$headers .= 'Content-type: text/html; charset=utf-8'."\r\n";
	$headers .= "From: $sitemail"."\r\n";
	$bodys = "
<head>
<style>
#content{
align:center;
padding:5px;
margin:0px auto;
background:#fff;
border-top:2px solid #FF8300;
width:100%;
font-family;tahoma;
color:#222;
}
</style>
</head>
<div id = 'content'>
<h4>$sitetitle</h4>$lang[RETHEADE] \"$username\",<br />$lang[RETMESSG]<br /><br /><a href=\"$myurl\">$myurl</a><br /><br />
$lang[RETREGAR], $sitetitle $lang[RETTEAM]";
	$subject = "$sitetitle";
	mail($sitemail,$subject,$bodys,$headers);
	echo "<div style=\"padding:5px;color:#555\" id=\"ercont\"><center>$lang[PASTHE]</center></div></div>";
	$recordSet->Close();
	$arecordSet->Close();
	$arecordSet->Close();
	$conn->Close();
}
} else {
    ?>
<div style="width:955px;">
<form name="maForm" action="recovery.php" method="post" onSubmit="return validationEmail(this)">
<div style="width:955px;height:75px;">
<?php echo $lang['RETRIVED'] ?>
</div>
<div style="width:555px;height:75px;">
<p style="float:left;width:255px;height:35px"><b>
<?php echo $lang['EMAIL'] ?>
</b> 
<?php echo $lang['REQUI'] ?></p>
<p style="float:right;width:300px;height:35px"><input style="width:318px;" class="incc" name="email" type="text" /></p>
</div>
<div style="width:555px;height:75px;">
<input class="cbuton" type="submit" value="<?php echo $lang['RECOVERY'] ?>" name="Submit" type="button" />
</div>
</form>
</div>
<?php
$recordSet->Close();
$conn->Close();
}
?>
</div>
<?php $smarty->display('footer.php'); ?>
Return current item: php Blogger