-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathrecover.php
123 lines (108 loc) · 3.09 KB
/
recover.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php
require_once 'inc/standard.php';
$page = new Page('recover', PARTICIPANT);
$box = new Box('Recover');
$ucinetid = $_GET['ucinetid'];
$secret = $_GET['secret'];
if($_GET['action'] == 'change' && isset($_GET['ucinetid']) && $_POST)
{
$errors_change = 1;
if(!($page->login->exists($ucinetid)))
{
$errors_change++;
$error_message[$errors_change] = $ucinetid.' is not registered with '.PRODUCT.'. Please register here at the <a href="register.php">Registration Page</a>';
}
if(strlen($_POST['password']) < 6)
{
$errors_change++;
$error_message[$errors_change] = 'Your new password is too short';
}
if($_POST['password'] != $_POST['password2'])
{
$errors_change++;
$error_message[$errors_change] = 'Your passwords do not match';
}
if($errors_change == 1)
{
$e_password = md5($_POST['password']);
$sql = "UPDATE logon
SET password = '$e_password'
WHERE ucinetid = '$ucinetid'
LIMIT 1";
$DB->query($sql);
$sql = "DELETE FROM reset
WHERE ucinetid = '$ucinetid'";
$DB->query($sql);
$page->setMessage('Your password has been successfully changed', 'success');
$display_login = true;
$page->login->logout();
}
else
{
if(is_array($error_message))
{
$error_message = implode(', ', $error_message);
}
$page->setMessage($error_message, 'failure');
}
}
if($display_login)
{
$page->login->checkValidAccess($page, 'settings.php', $ucinetid);
}
if($_GET['ucinetid'] && $_GET['secret'])
{
$errors = 1;
$sql = "SELECT * FROM reset WHERE ucinetid = '$ucinetid' AND secret = '$secret'";
$result = $DB->query($sql);
$user = $DB->resultToSingleArray();
if($DB->isEmpty())
{
$errors++;
$error_message = 'Sorry, there was an error with reseting your password please visit the <a href="iforgot.php">Forgot Password</a> page to reset your password again.';
}
if($errors == 1)
{
$var_array = new VarArray();
$bottom = '
<form action="'.$_SERVER['PHP_SELF'].'?action=change&ucinetid='.$ucinetid.'&secret='.$secret.'" method="POST">
<div class="row">
<label class="fieldname" for="ucinetid">
UCInetID
<span class="require1">*</span>
</label>
<input class="textarea readonly" name="ucinetid" type="text" value="'.$ucinetid.'" readonly>
</div>
<div class="row">
<label class="fieldname" for="password">
New Password
<span class="require1">*</span>
</label>
<input class="textarea" name="password" type="password">
</div>
<div class="row">
<label class="fieldname" for="password2">
Confirm
<span class="require1">*</span>
</label>
<input class="textarea" name="password2" type="password">
</div>
<div class="separator"></div>
<div class="row">
<input type="submit" value="Change Password" name="submit_change">
</div>
</form>';
}
else
{
$bottom = $error_message;
}
}
else
{
$bottom = 'You have arrived to this page in error, please return to the <a href="index.php">Home Page</a>.';
}
$box->setContent($bottom);
$page->setContent($box->display('half'));
$page->buildPage();
?>