<?php
/*******************************************************************/
/* Vsecurity */
/* Copyrights(C)2001 Jan Vilimek(hide@address.com) */
/* See GPL license in file license.txt */
/* and http://www.guanoweb.cz for more details */
/* */
/* Function: Secure your pages (sendpaswd) */
/* for instalation see readme.txt */
/*******************************************************************/
define("LOADED_PROPERLY", true);
die ("PATH NOT CHANGED IN ".__FILE__." on line " . __LINE__ .". please specify path to common.php");
include dirname(__FILE__)."/common.php"; /* change this please*/
xhtml_header($title_sendlogin,true,false);
if (($send_passwd_login!="")&&($secret_code!=""))
{
if ($secret_code!=$send_passwd_secret_number)
{
$send_passwd_login="";
echo "<div style=\"text-align:center\"><h3>BAD SECRET CODE!! <br> patné heslo!</h3>";
echo "<a href=\"".$VSecure_conf['sendpasswd_path']."\">back</a></div>";
xhtml_footer();
}
$new_password=random_passwd(16);
$qw="UPDATE `$VSecure_tbl_usr` SET `password` = MD5( '".$new_password."' ) ".
"WHERE login='".md5($send_passwd_login)."' " ;
$result= mysql_query ($qw , $MySQL_link)
or echo_error (__FILE__,__LINE__,ERR_MYSQL,"Could not change your password...");
$qw="SELECT name,nick,email FROM $VSecure_tbl_usr ".
"WHERE login='".md5($send_passwd_login)."' " ;
$result= mysql_query ($qw , $MySQL_link)
or echo_error (__FILE__,__LINE__,ERR_MYSQL,"Could not send you mail (lost information from table)...");
$row= mysql_fetch_array($result);
$subject=$message_sendpaswd_subj . $send_passwd_login;
$message=$message_sendpaswd_mess1 . $row['name'].
$message_sendpaswd_mess2 . $send_passwd_login .
$message_sendpaswd_mess6 . $row['nick'].
$message_sendpaswd_mess4 . $row['email'].
$message_sendpaswd_mess3 . $new_password;
$message.=$message_sendpaswd_mess5;
$multipleextras="From: ".$VSecure_conf['admin_email']."\nReply-To: ".$VSecure_conf['admin_email']."\nX-Mailer: autobot PHP/" . phpversion();
if (!mail($row['email'], $subject, $message,$multipleextras))
{
alert($message_sendpaswd_failed);
xhtml_footer();
}
?>
<div style="text-align:center; border:0px; margin: 15px; padding: 3px; background-color: White;" width="500" height="100" cellspacing="0" cellpadding="0">
Nové heslo bylo posláno na Vá email!
</div>
<script type="text/javascript">
<!--
window.focus();
//-->
</script>
<?
xhtml_footer();
}
elseif ($login!="")
{
$qw="SELECT name,nick,email FROM $VSecure_tbl_usr ".
"WHERE login='".md5($login)."' " ;
$result= mysql_query ($qw , $MySQL_link)
or die ("Error while reading data from the table... (sendpaswd,".__LINE__.")");
if (!($count= mysql_num_rows($result))||($count==0)){ alert($alert_nouser); $login=""; } else
{
# set sessions #
$_SESSION["send_passwd_login"]=$login;
$send_passwd_secret_number=random_passwd(6);
$row=mysql_fetch_array($result);
$subject="secret code";
$message="Hi ".$row['name']."\nYour secret code: ".$send_passwd_secret_number;
$message.="\nTaké mùete kliknout na odkaz dole...\nYou can also click on the link below...\n";
$message.=$VSecure_conf['sendpasswd_path']."?login=$login&secret_code=".$send_passwd_secret_number. "\n\n";
$multipleextras="From: ".$VSecure_conf['admin_email']."\nReply-To: ".$VSecure_conf['admin_email']."\nX-Mailer: autobot PHP/" . phpversion();
if (!@mail($row['email'], $subject, $message,$multipleextras))alert($message_sendpaswd_failed);else
alert("Message sent correctly...");
?>
<div style="text-align:center; border:0px; margin: 15px; padding: 3px; background-color: White;" width="500" height="100" cellspacing="0" cellpadding="0">
<form action='sendpasswd.php' method='post' name='posliheslo' id='posliheslo'>
Secret code:
<input type='text' name='secret_code' value='' size='10' maxlength='255'>
<input type='submit' value='<?php echo $message_sendpaswd_send;?>'>
</form>
</div>
<div style="text-align:center">
Nyní zadejte heslo pøesnì ve tvaru, v jakém Vám dolo na email. Po kliknutí na 'poli' Vám dojde novì vygenerované heslo. Zmìòte jej pak v sekci <b>USER</b>. Prosím, neodcházejte z této stránky dokud Vám email nedojde, vymazalo by se Vám poslané heslo.
</div>
<script type="text/javascript">
<!--
window.focus();
//-->
</script>
<?
xhtml_footer();
}
}
else $login=$message_sendpaswd_write;
?>
<div style="text-align:center; border:0px; margin: 15px; padding: 3px; background-color: White;" width="500" height="100" cellspacing="0" cellpadding="0">
<form action="sendpasswd.php" method="post" name="posliheslo" id="posliheslo" style="margin:0px;">
<?php echo $message_sendpaswd_mess2;?>
<input type="text" name="login" value="<?php echo $login;?>" style="border : 1px solid Black;color : #000000;font-weight:bold;margin:0px;background-color : #ffffff;vertical-align:center;" size="10" maxlength="255" />
<input type="hidden" name="languague" value="<?php echo $languague;?>" />
<input type="submit" value="<?php echo $message_sendpaswd_send;?>" style="border : 1px solid Black;color : #000000;font-weight:bold;width:60px;height:20px;margin:0px;background-color : #aaaaaa;vertical-align:center;" />
</form>
</div>
<br />
<div style="text-align:center">Zadejte prosím svùj login. Na email zadaný pøi registraci Vám pak dojde heslo, pomocí nìho bude v následujícím kroku na Vá email zasláno novì vygenerované heslo. (ochrana pøed zneuití tøetí osobou)
</div>
<script type="text/javascript">
<!--
window.focus();
//-->
</script>
<?php
xhtml_footer();
?>