pub.changepwd.php at Stuffed Tracker - Web Traffic Monitoring & Analysis

<?
if (!defined("NS_TRACKER_INDEX")) exit;
require_once SYS."/system/lib/validate.func.php";

$PageTitle=$Lang['ChangePass'];

$Email=V($_REQUEST['Email']);
$Code=V($_REQUEST['Code']);

if (!$Email || !$Code) $nsProduct->Redir("remind", "", "pub");

$Query = "SELECT SU.*, TU.MODIFIED AS M1, TA.MODIFIED AS M2
    FROM ?{PFX}_system_user SU
    LEFT JOIN ?_user TU
        ON TU.USER_ID=SU.ID
    LEFT JOIN ?_admin TA
        ON TA.USER_ID=SU.ID
    WHERE EMAIL=?";
$CheckUser=$Db->Select($Query,false,$Email);

if (!$CheckUser || (!$CheckUser->M1&&!$CheckUser->M2))  $nsProduct->Redir("remind", "", "pub");
$Modified=V($CheckUser->M1,$CheckUser->M2);
$LastM=@filemtime(SELF."/index.php");
$UserCode=substr(md5($Modified.$LastM.$CheckUser->ID.$CheckUser->LOGIN.$CheckUser->PWD),10,10);

if ($Code != $UserCode)  $nsProduct->Redir("remind", "", "pub");

$Login=$CheckUser->LOGIN;
$Pwd=V($_POST['Pwd']);
$Pwd2=V($_POST['Pwd2']);

if ($Pwd) ChangePwd($CheckUser->ID, $Pwd,$Pwd2);

include $nsTemplate->Inc();


function ChangePwd($UserId, $Pwd, $Pwd2=false)
{
    global $nsProduct,$Db,$Lang, $Logs;
    if (strlen($Pwd)<3) return $Logs->Err($Lang['PassTooShort']);
    if (strlen($Pwd)>64) return $Logs->Err($Lang['PassTooLong']);
    if (CheckSymb_($Pwd)) return $Logs->Err($Lang['SymbErr']);
    if ($Pwd!=$Pwd2) return $Logs->Err($Lang['PassNotPass2']);
    
    $Query = "UPDATE ?{PFX}_system_user SET PWD=? WHERE ID=?";
    $Db->Query($Query,md5($Pwd),$UserId);
    $Query = "UPDATE ?_user SET MODIFIED=NOW() WHERE USER_ID=?";
    $Db->Query($Query,$UserId);
    $Query = "UPDATE ?_admin SET MODIFIED=NOW() WHERE USER_ID=?";
    $Db->Query($Query,$UserId);
    
    $Logs->Msg($Lang['PassChanged']);
    $nsProduct->Redir("login", "", "admin");
}


?>