Location: PHPKode > projects > SecurityAdmin for PHP > psa-4.0.3/include/user_passwordreset.php
<h2><?php echo _("Password Reset") ?></h2>
<?php
    if(isset($_GET['id']) && !empty($_GET['id']) && !isset($_GET['ukey'])){
        // Let the user know the email has been sent.
        if(!$PSA_SYS->system_user($_GET['id'])){
            printf(_("The user <b>%s</b> does not exist in this system"),$_GET['id']);
        }else{
            // Generate random key & put in db.
            $userKey = $PSA_SYS->_get_rand_id($_GET['id']);
            // function to set the db confirm field active...
        
            // Get users email address
            $users=$PSA_SYS->get_users();
        
            $email=$users[$_GET['id']]['email'];
            $hash=$users[$_GET['id']]['hash'];
        
            // Send user the email.
            if($PSA_SYS->send_confirm_mail($PSA_RESETPASS_EMAIL, $email, $userKey, $hash)){
                printf(_("An email message has been sent to the address associated with the username <b>%s</b> with instructions to reset your password."),$_GET['id']);
            }else{
                $PSA_SYS->error();
            }
        }
    }else if(isset($_GET['ukey']) && !empty($_GET['ukey']) && isset($_GET['id']) && !empty($_GET['id'])){
        // The section the email link connects to, also includes the q & a section.
    
        // check to find the confirm match...
        if($PSA_SYS->confirm_link($_GET['id'],$_GET['ukey'])){
            echo '<p>',_("Thank you for verifying your identity. There is one last step required to reset your password. When you registered you created a question and answer to help us ensure your identity when resetting your password. Below is the question, please answer and press the submit button to reset your password. Your answer is CASE SENSITIVE."),'</p>',"\n";
            $users=$PSA_SYS->get_users();
            $ar=$users[$_GET['id']];
            echo '<form action="',$_SERVER['PHP_SELF'],'?psaSec=passwordreset" method="post">',"\n",
                ' <fieldset>',"\n",
                '  <input type="hidden" name="confirm" value="',$ar['confirm'],'" />',"\n",
                '  <input type="hidden" name="id" value="',$_GET['id'],'" />',"\n",
                '  <table cellpadding="0" cellspacing="0" border="0">',"\n",
                '   <tr>',"\n",
                '    <td>',_("Question"),'</td>',"\n",
                '    <td>',$ar['question'],'</td>',"\n",
                '   </tr>',"\n",
                '   <tr>',"\n",
                '    <td>',"\n",_("Answer"),'</td>',"\n",
                '    <td><input type="password" name="answer" /></td>',"\n",
                '   </tr>',"\n",
                '  </table>',"\n",
                '  <input type="submit" />',"\n",
                ' </fieldset>',"\n",
                '</form>',"\n";
        }else{
            $PSA_SYS->error();
            echo '<p class="psaErrorMsg">',_("If you feel you have received the above error(s) by mistake, please contact the site's administrator."),'</p>',"\n";
        }
    }else if(isset($_POST['confirm']) && !empty($_POST['confirm'])){
        // Does the user know the answer to their question?
        
        // check to find the randstr confirm match...
        if(!$PSA_SYS->confirm_link($_POST['id'], $_POST['confirm'])){
            echo '<p class="psaErrorMsg">',_("The page you have reached is no longer valid."),'</p>',"\n",
                '<p class="psaErrorMsg">',_("If you feel you have received the above error(s) by mistake, please contact the site's administrator."),'</p>',"\n";
        }else{
            // Do the answers match?
            $users=$PSA_SYS->get_users();
            $ar=$users[$_POST['id']];
            if($_POST['answer']!=$ar['answer']){
                echo '<p class="psaErrorMsg">';
                printf(_("The posted answer does not match what is recorded in the database for user %s"),$_POST['id']);
                echo '</p>',"\n";
            }else{
                // update the confirm field with a random id
                $randStr=$PSA_SYS->_get_rand_id($_POST['id']);
                $PSA_SYS->passwd_final_reset($_POST['id'], $randStr);
                echo '<form action="',$_SERVER['PHP_SELF'],'?psaSec=passwordreset" method="post">',"\n",
                    ' <fieldset>',"\n";
                echo '  <p>',_("You may now change your password!"),'</p>',"\n",
                    '  <input type="hidden" name="final" value="',$randStr,'" />',"\n",
                    '  <input type="hidden" name="id" value="',$_POST['id'],'" />',"\n",
                    '  <table cellpadding="0" cellspacing="0" border="0">',"\n",
                    '   <tr>',"\n",
                    '    <td>',_("New Password"),'</td>',"\n",
                    '    <td><input type="password" name="password1" /></td>',"\n",
                    '   </tr>',"\n",
                    '   <tr>',"\n",
                    '    <td>',"\n",_("Confirm Password"),'</td>',"\n",
                    '    <td><input type="password" name="password2" /></td>',"\n",
                    '   </tr>',"\n",
                    '  </table>',"\n",
                    '  <input type="submit" />',"\n",
                    ' </fieldset>',"\n",
                    '</form>',"\n";
            }
        }
    }else if(isset($_POST['final']) && !empty($_POST['final'])){
        // Actually change the pw.
    
        // Check the random db match
        $ukey = $_POST['final'];
        $id = $_POST['id'];
        if(!$PSA_SYS->confirm_link($id, $ukey)){
            echo '<p class="psaErrorMsg">',_("The page you have reached is no longer valid. If you feel you have received this message in error, please contact the site's administrator."),'</p>',"\n";
        }else{
            // Check the password validity
            if($_POST['password1']==$_POST['password2'] && $PSA_SYS->password_valid($_POST['password1'])){
                // Change the password.
                $result=$PSA_SYS->passwd_reset($id,$_POST['password1']);
                if(!$result){
                    $PSA_SYS->error();
                }
                echo '<p>',_("Your password has been changed. You may now login to access your account."),'</p>',"\n";
            }else{
                // Passwords don't match
                echo '<form action="',$_SERVER['PHP_SELF'],'?psaSec=passwordreset" method="post">',"\n";
                echo '<p class="psaErrorMsg">',_("Passwords have invalid format or do not match."),' ',_("Please try again."),'</p>',"\n",
                    ' <fieldset>',"\n",
                    '  <input type="hidden" name="final" value="',$_POST['randStr'],'" />',"\n",
                    '  <input type="hidden" name="id" value="',$_POST['id'],'" />',"\n",
                    '  <table cellpadding="0" cellspacing="0" border="0">',"\n",
                    '   <tr>',"\n",
                    '    <td>',"\n",
                    '     ',_("New Password"),
                    '    </td>',"\n",
                    '    <td><input type="password" name="password1" /></td>',"\n",
                    '   </tr>',"\n",
                    '   <tr>',"\n",
                    '    <td>',"\n",
                    '     ',_("Confirm Password"),
                    '    </td>',"\n",
                    '    <td><input type="password" name="password2" /></td>',"\n",
                    '   </tr>',"\n",
                    '  </table>',"\n",
                    '  <input type="submit" />',"\n",
                    ' </fieldset>',"\n",
                    '</form>',"\n";
            }
        }
    }else{
        // Start the request process.
        echo '<p>',_("If you have lost your password, we will do our best to return your account to your control.  But first, we need some input from you to assure that you are indeed who you say you are.<br /><br />We have a quick and easy two step password recovery process.  First, we will send a message to the email address listed with your registration information.  Second, we will ask the personal question that you chose upon registration.  You will then have the opportunity to reset your password."),'</p>',"\n";
        echo '<hr><p>',_("Please enter your username below to begin the password recovery process:"),'</p>',"\n";
        echo '<form action="',$_SERVER['PHP_SELF'],'" method="get">',"\n",
            ' <fieldset>',"\n",
            '  <input type="hidden" name="psaSec" value="passwordreset" />',"\n",
            '  <p align="center"><b>',_("Username"),'</b>: <input type="text" size="10" maxlength="255" name="id" /><br />',"\n",
            '  <input type="submit" /></p>',"\n",
            ' </fieldset>',"\n",
            '</form>',"\n";
    }

?>
Return current item: SecurityAdmin for PHP