<?php
define('STARTSECURE', true, 1);
include '../../includes/config.php';
$fileInfo = array('title' => 'Forgot Password', 'fileName' => 'forgotPassword/index.php');
$debug->newFile($fileInfo['fileName']);
$buildPage = new Adrlist_BuildPage();
$buildPage->addIncludes('forgotPasswordMethods.php');
$buildPage->addJs('forgotPassword.js');
echo $buildPage->output(), '
<div id="resetHolder">
', buildReset(), '
</div>
', $buildPage->buildFooter();
function resetPasswordStep1()
{
global $debug, $message, $success, $Dbc, $returnThis;
$output = '';
try {
if (empty($_POST['email'])) {
throw new Adrlist_CustomException('', '$_POST[\'email\'] is empty.');
}
$_POST['email'] = trim($_POST['email']);
$emailValidate = emailValidate($_POST['email']);
if ($emailValidate !== true) {
throw new Adrlist_CustomException('', '$_POST[\'email\'] is not valid.');
}
$Dbc->beginTransaction();
//See if a user with the email exists before sending.
$emailCheckQuery = $Dbc->prepare("SELECT\n\tuserId AS 'userId'\nFROM\n\tusers\nWHERE\n\tprimaryEmail = ?");
$debug->add('$_POST[\'email\']: ' . $_POST['email'] . '.');
$emailCheckQuery->execute(array($_POST['email']));
$row = $emailCheckQuery->fetch(PDO::FETCH_ASSOC);
if (empty($row['userId'])) {
$message .= 'Please <a href="' . LINKSUPPORT . '">contact support</a> for help with accessing your account.<br>';
} else {
$resetCode = sha1($_POST['email'] . DATETIME);
$insertQuery = $Dbc->prepare("INSERT INTO\n\tforgotPassword\nSET\n\tuserId = ?,\n\temailEntered = ?,\n\tresetCode = ?,\n\trequestMade = ?,\n\tREMOTE_ADDR = ?,\n\tHTTP_X_FORWARDED_FOR = ?");
$httpX = empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? '' : $_SERVER['HTTP_X_FORWARDED_FOR'];
$insertQuery->execute(array($row['userId'], $_POST['email'], $resetCode, DATETIME, $_SERVER['REMOTE_ADDR'], $httpX));
$resetLink = LINKFORGOTPASSWORD . '/?resetCode=' . $resetCode;
//This will build https://adrlist.....
$subject = 'Reset password at ' . THENAMEOFTHESITE;
$body = '<table width="100%" cellpadding="0" cellspacing="0" border="0" align="center" bgcolor="#FFFFFF">
<tr>
<td align="center"><font face="' . FONT . '" size="' . SIZE4 . '"><b>Please follow the link below to reset your password:</b></font></td>
</tr>
<tr>
<td align="center"><font face="' . FONT . '" size="' . SIZE4 . '"><a href="' . $resetLink . '">' . $resetLink . '</a>
</font>
<div> </div>
<div> </div>
<div> </div>
</td>
</tr>
<tr>
<td align="center"><font face="' . FONT . '" size="' . SIZE2 . '">The request was sent from ' . $_SERVER['REMOTE_ADDR'] . '. If you did not request to reset your password, please ignore this message.</font></td>
</tr>
</table>';
$textBody = "Please follow this link to reset your password: "******"\nIf you did not request to reset your password, please ignore this message.";
$insertId = $Dbc->lastInsertId();
if (!empty($insertId) && email(EMAILDONOTREPLY, $_POST['email'], $subject, $body, $textBody) === true) {
$Dbc->commit();
$success = true;
$message .= 'An email has been sent to ' . $_POST['email'] . ' with instructions on how to reset your password.
<div class="red textCenter" style="margin:1em 0">Didn\'t get an email? Be sure to check your spam folder.</div>';
$returnThis['buildReset'] = buildReset();
} else {
$Dbc->rollback();
error(__LINE__, false, 'Could not add the record on line ' . __LINE__ . ' in forgotPasswordMethods.php.<br>');
}
}
} catch (Adrlist_CustomException $e) {
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
if (MODE == 'resetPasswordStep1') {
returnData();
}
}
if (MODE == 'resetPasswordStep1') {
returnData();
}
}
