Code: Select all
<?php
include('header.php');
$n1 = rand(1, 9);
$n2 = rand(1, 9);
if(isset($_GET['hash']) && $_GET['hash'] > 0 && is_numeric($_GET['hash'])){
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$hash = $db->EscapeString($_GET['hash']);
$rec = $db->FetchArray($db->Query("SELECT id,login,email FROM `users` WHERE `rec_hash`='".$hash."' LIMIT 1"));
if($rec['id'] != ''){
if(isset($_POST['change'])) {
$nr1 = base64_decode($_POST['nr1']);
$nr2 = base64_decode($_POST['nr2']);
if($nr1 + $nr2 != $_POST['captcha']){
$mesaj = '<div class="error">ERROR: Security answer is wrong!</div>';
}elseif (!checkPwd($pass1,$pass2)) {
$mesaj = '<div class="error">ERROR: Passwords do not match!</div>';
}else{
$passc = MD5($pass1);
$db->Query("UPDATE `users` SET `pass`='".$passc."', `rec_hash`='0' WHERE `email`='".$rec['email']."'");
$mesaj = "<div class=\"success\">Password was successfully changed!</div>";
}
}
?>
<div class="block medium right">
<div class="top">
<h1>Change Password</h1>
</div>
<div class="content"><div class="msg"><?echo $mesaj;?></div>
<form id="form" method="post">
<input type="hidden" name="nr1" value="<? echo base64_encode($n1); ?>" />
<input type="hidden" name="nr2" value="<? echo base64_encode($n2); ?>" />
<fieldset>
<p>
<label>New Password</label>
<input class="text big" name="pass1" type="password" value="" required="required" />
</p>
<p>
<label>Repeat Password</label>
<input class="text big" name="pass2" type="password" value="" required="required" />
</p>
<p>
<label><?=($n1." + ".$n2." = ?")?></label>
<input class="text big" name="captcha" type="text" value="" required="required" />
</p>
<p style="text-align: center; padding-top: 15px;">
<input class="gbutton" type="submit" name="change" value="Submit" />
</p>
</fieldset>
</form>
</div>
</div>
<?
}
}else{
if(isset($_POST['send'])) {
$nr1 = base64_decode($_POST['nr1']);
$nr2 = base64_decode($_POST['nr2']);
$email = $db->EscapeString($_POST['email']);
$rec = $db->FetchArray($db->Query("SELECT id,login FROM `users` WHERE `email`='".$email."'"));
if($nr1 + $nr2 != $_POST['captcha']){
$mesaj = '<div class="error">ERROR: Security answer is wrong!</div>';
}elseif($_POST['email'] == ""){
$mesaj = '<div class="error">ERROR: Please enter your email address!</div>';
}elseif($rec['login'] == ""){
$mesaj = '<div class="error">ERROR: Email address is not registered in our database.!</div>';
}else{
$newhash = rand(1000000,9999999);
$db->Query("UPDATE `users` SET `rec_hash`='".$newhash."' WHERE `email`='".$email."'");
$subject ="Password";
$message="Hello {$rec['login']},
You asked for password recovery.
Your new password is: {$site['site_url']}/recover.php?hash={$newhash}
Best Regards!";
$header="From: {$site['site_email']} <{$site['site_email']}>";
$send_contact=mail($email,$subject,$message,$header);
$mesaj = "<div class=\"success\">Success! An email was sent!</div>";
}
}?>
<div class="block medium right">
<div class="top">
<h1>Recover Password</h1>
</div>
<div class="content"><div class="msg"><?echo $mesaj;?></div>
<form id="form" method="post">
<input type="hidden" name="nr1" value="<? echo base64_encode($n1); ?>" />
<input type="hidden" name="nr2" value="<? echo base64_encode($n2); ?>" />
<fieldset>
<p>
<label>Email</label>
<input class="text big" name="email" type="email" value="" required="required" />
</p>
<p>
<label><?=($n1." + ".$n2." = ?")?></label>
<input class="text big" name="captcha" type="text" value="" required="required" />
</p>
<p style="text-align: center; padding-top: 15px;">
<input class="gbutton" type="submit" name="send" value="Send" />
</p>
</fieldset>
</form>
</div>
</div>
<?}
include('footer.php');?>