public function set_new_key()
{
//now we're going to set the random key
$this->random_key = random_key(20);
//before we can set that random key to the object
//we NEED to make sure it doesn't exist
while (Reset_Password::is_random_key_being_used($this->random_key)) {
//while this key does it exist, keep looping through and generating new
//random keys until it already exists
$this->random_key = random_key(20);
}
}
// create the page
$page = new Page();
$page->name = "Reset my Password";
// check to see if a user is already logged in
if ($session->is_logged_in) {
$session->message("You are already logged in! To use the Reset my Password feature, please logout first.");
redirect_head(ROOT_URL);
}
//make sure the key is setup as a GET superglobal
if (!isset($_GET['reset_key'])) {
$session->message("You have a bad URL, please copy the correct URL.");
redirect_head(ROOT_URL);
}
//at this point, we know there is a key set
//now we need to make sure the key exists
$the_key = Reset_Password::find_by_name($_GET['reset_key'], 'random_key');
if (!$the_key) {
$session->message("You have a bad URL, please copy the correct URL.");
redirect_head(ROOT_URL);
}
//at this point, we now know that there is a key entered
//also, we now know that the key actually exists
//so now, we need to do the following checks
//1. Make sure that the request entered does not belong to a user who's deleted.
//2. Make sure that the request entered is the latest request for that user.
//3. Make sure that the request entered has not already been used.
//4. Make sure that the request entered is less than 24 hours old.
//check #1
if ($the_key->user_wk->is_deleted == '1') {
$session->message("You cannot reset a password for a disabled account.");
redirect_head(ROOT_URL);
// the user submitted the form
if (isset($_POST["submit"])) {
$found_user = User::find_by_name($database->escape_value($_POST['email_address']), 'email_address');
if ($found_user) {
//the e-mail address was found
//now we need to make sure it does not belong to an account that is deleted
if ($found_user->is_deleted == '1') {
$session->message("The account associated to that Email Address is disabled.");
}
} else {
//the e-mail address is not associated with an account
$session->message("The e-mail address you entered does not belong to an account.");
}
//only execute here if there was an account found, AND it is not soft-deleted
if (empty($session->message())) {
$new_request = new Reset_Password();
$new_request->set_new_key();
$new_request->user_wk = $found_user->user_wk;
//save the record
$new_request->save();
//send e-mail here
//only if we're not in a local environment
if (!$am_i_local) {
$to = $found_user->email_address;
$subject = "Password Reset Request";
$message = "\n\t\t\t\t<html>\n\t\t\t\t\t<head>\n\t\t\t\t\t\t<title>" . $subject . "</title>\n\t\t\t\t\t</head>\n\t\t\t\t\t<body>\n\t\t\t\t\t\t<p>Your username is: <strong>" . $found_user->username . "</strong></p>\n\t\t\t\t\t\t<p>Please the link below to reset your password. The link will be acive for 24 hours.</p>\n\t\t\t\t\t\t<p><a href=\"" . ROOT_URL . "reset_my_password.php?reset_key=" . $new_request->random_key . "\">" . ROOT_URL . "reset_my_password.php?reset_key=" . $new_request->random_key . "</a></p>\n\t\t\t\t\t</body>\n\t\t\t\t</html>\n\t\t\t\t";
// Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
// More headers
$headers .= 'From: <support@pet_adoption.com>' . "\r\n";
