Location: PHPKode > projects > Spacemarc News > spacemarc-news/admin/sendpwd.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">  
  <head>    
    <title>Reimposta password     
    </title>
    <link rel="stylesheet" href="../style.css" type="text/css" />  
  </head>  
  <body>    
    <div align="center">
<?php

/*****************************************************************
*  Spacemarc News
*  Version: 1.2.0
*  Author and copyright (C): Marcello Vitagliano
*  Web site: http://www.spacemarc.it
*  License: GNU General Public License
*
*  This psend_pwd_errorrogram is free software: you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation, either version 3
*  of the License, or (at your option) any later version.
*
*  Current file: sendpwd.php
*****************************************************************/
define('IN_NEWS', true);
header('Content-type: text/html; charset=ISO-8859-1');

//includo i file di configurazione
require_once (dirname(__FILE__) . '/../config.php');
require_once (dirname(__FILE__) . '/functions.php');
require_once (dirname(__FILE__) . '/../lang/lang.php');
$db = mysql_connect($db_host, $db_user, $db_password) or die("Impossibile connettersi a MySQL<br />Numero errore: " . mysql_errno() . "<br />Tipo di errore: " . mysql_error());
mysql_select_db($db_name, $db) or die("Impossibile selezionare il database $db_name<br />Numero errore: " . mysql_errno() . "<br />Tipo di errore: " . mysql_error());
$pwd_msg = "Ricevi una nuova password";

if (isset($_POST['submit'])) {
    
    if (!preg_match('/^[.a-z0-9_-]+@[.a-z0-9_-]+\.[a-z]{2,4}$/', $_POST['email'])) {
        echo "<div id=\"error\">Inserisci la tua email</div><br />";
    }
    else {

        //estraggo i record dell'utente
        $result = mysql_query("SELECT nu.nome_cognome, nu.email, nc.url_sito FROM $tab_utenti nu, $tab_config nc WHERE nu.email='" . mysql_real_escape_string(trim($_POST['email'])) . "' AND nu.attivo=1 LIMIT 1");
        $riga = @mysql_fetch_assoc($result);
        
        if ($riga['email'] == $_POST['email']) {
            $newpassword = NewPassword();
            $key_pwd = substr(md5(uniqid(microtime())) , 0, 10);
            mysql_query("UPDATE $tab_utenti SET new_pwd='$newpassword', key_pwd='$key_pwd' WHERE email='" . $riga['email'] . "' LIMIT 1");
            $header = "From: " . $_SERVER['SERVER_ADMIN'] . "\n";
            $header.= "Reply-To: " . $_SERVER['SERVER_ADMIN'] . "\n";
            $header.= "Return-Path: " . $_SERVER['SERVER_ADMIN'] . "\n";
            $header.= "X-Mailer: PHP/" . phpversion() . "\n";
            $header.= "MIME-Version: 1.0\n";
            $header.= "Content-type: text/plain; charset=ISO-8859-1\n";
            $header.= "Content-Transfer-encoding: 7bit\n";
            @mail($riga['email'], "Amministrazione News: nuova password", "Invio nuova password per l'utente " . html_entity_decode($riga['nome_cognome'], ENT_QUOTES) . " dall'IP " . $_SERVER['REMOTE_ADDR'] . "\n\nLa nuova password: $newpassword\n\nClicca su questo link per attivarla: $dir_admin/sendpwd.php?key=$key_pwd\n\nSe non sei stato tu a richiederla puoi semplicemente cestinare questo messaggio.\n\n-- \n" . $riga['url_sito'] . "", $header);
            echo "<div id=\"success\">" . $lang['send_pwd_ok'] . "</div><script language=\"JavaScript\" type=\"text/JavaScript\">setTimeout('window.close()', 4500)</script>";
            $pwd_msg = NULL;
        }
        else {
            echo "<div id=\"error\">" . $lang['send_pwd_error'] . "</div><br />";
        }
    }
}
elseif (isset($_GET['key']) && preg_match('/^([a-z0-9]{10})$/', $_GET['key'])) {
    $result_pwd = mysql_query("SELECT user_id, attivo, key_pwd, new_pwd FROM $tab_utenti WHERE key_pwd='" . $_GET['key'] . "' AND attivo=1 LIMIT 1");
    $rigap = mysql_fetch_array($result_pwd);
    
    if ($rigap['key_pwd'] == $_GET['key']) {
        define('SALT', '0123456789abcdefghij>-+*/%!=[$');
        $new_pwd = md5(SALT . $rigap['new_pwd']);
        mysql_query("UPDATE $tab_utenti SET user_password='$new_pwd', new_pwd=NULL, key_pwd=NULL WHERE user_id=" . $rigap['user_id'] . " LIMIT 1");
        echo "<br /><span class=\"text\">Nuova password attivata! <a href=\"login.php\">Effettua il login</a></span></div></body></html>";
        exit();
    }
    else {
        echo "Chiave non valida</div></body></html>";
        exit();
    }
}
?>      
      <span class="text"><b>
          <?php echo $pwd_msg; ?></b>      
      </span><br /><br />      
      <form method="post" name="sendpwd" action="sendpwd.php">        
        <table width="85%" border="0" align="center" cellpadding="1" cellspacing="1">          
          <tr>            
            <td align="right" class="text">Email</td><td>              
              <input type="text" name="email" size="14" maxlength="30" /><input type="submit" name="submit" value="Invia" /></td>          
          </tr>        
        </table>      
      </form>    
    </div>  
  </body>
</html>
Return current item: Spacemarc News