-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathiforgot.php
73 lines (59 loc) · 2.17 KB
/
iforgot.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<?php
require_once 'inc/standard.php';
$page = new Page('iforgot', ALL);
$page->setTitle('Forgot Password');
//clean each $_POST value of dangerous inputs
//example $newsettings['email'] = '[email protected]';
foreach ($_POST as $key => $value) {
//echo '$newsettings[\''.$key.'\'] = '.$value.';<br>';
$iforgot[$key] = trim(strip_tags($value));
}
$login = new Login();
$ucinetid = ($_POST['ucinetid'])? $_POST['ucinetid']:$_GET['ucinetid'];
$person = new UCIPerson($ucinetid);
$ucinetid = $person->ucinetid;
if($_POST['action'] == 'resetlogin')
{
$errors=1;
if(!($login->exists($ucinetid)))
{
$errors++;
$error_message = $login->error;
}
if($errors == 1)
{
$secret = substr(base64_encode(crypt('', '')), 0, 32);
$sql = 'SELECT l.*, u.*
FROM users AS u, logon AS l
WHERE u.ucinetid = "'.$ucinetid.'"
LIMIT 1';
$DB->query($sql);
$user = $DB->resultToSingleArray();
$sql = "REPLACE INTO reset (ucinetid, secret, date)
VALUES ('$ucinetid', '$secret', NOW())";
$result = $DB->query($sql);
$message = 'An email was sent to <a href="https://webmail.uci.edu/rcm/?_user='.$ucinetid.'">'.$user['email'].'</a> with instructions on how to reset your password. Visit <a href="https://webmail.uci.edu/rcm/?_user='.$ucinetid.'">WebMail</a>';
$page->setMessage($message, 'success');
//mail;
$link = WEBSITE.'recover.php?ucinetid='.$ucinetid.'&secret='.$secret;
$to = $user['email'];
$subject = 'Forgot your password?';
$body = ' <p>Hi '.$user['name'].', </p>
<p>A request to reset you password has been made. If you did not initiate this reset, please ignore this email.</p>
<br>
<p>To reset you password please follow the link provided, or copy and paste the following link into your browser:</p>
<strong><a href="'.$link.'">'.$link.'</a></strong>';
$mail = new Mail($to, $subject, $body);
$mail->send();
$page->login->logout();
}
else
{
$page->setMessage($error_message, 'failure');
}
}
$bottom = $login->resetForm('resetform','resetform','iforgot.php', $ucinetid);
$box = new Box('Forgot Password?', $bottom);
$box->setBadge('Register', 'register.php?ucinetid='.$ucinetid);
$page->setContent($box->display('half'));
$page->buildPage();