$user_page = "";
$a = explode(".", $http_host);
if (count($a) == 2) {
if ($http_host != $server_name) {
header("Location: {$protocol}://{$server_name}{$request_uri}");
die;
}
} else {
if (count($a) == 3) {
if ($a[1] . "." . $a[2] != $server_name) {
header("Location: {$protocol}://" . $a[0] . ".{$server_name}{$request_uri}");
die;
}
if ($a[0] == "www") {
header("Location: {$protocol}://{$server_name}{$request_uri}");
die;
}
$user_page = strtolower($a[0]);
if (!string_uses($user_page, "[a-z][0-9]")) {
die("invalid user page [{$user_page}]");
}
if (!is_local_user("{$user_page}@{$server_name}")) {
die("user not found [{$user_page}]");
}
}
}
if ($user_page != "") {
$zid = "{$user_page}@{$server_name}";
$user_conf = db_get_conf("user_conf", $zid);
}
check_auth();
}
$salt = crypt_sha256(rand());
$password = crypt_sha256("{$password_1}{$salt}");
$user_conf["password"] = $password;
$user_conf["salt"] = $salt;
db_set_conf("user_conf", $user_conf, $zid);
db_del_rec("email_challenge", $verify);
print_header("Password Reset");
writeln('<h1>Password Reset</h1>');
writeln('<p>Don\'t forget it this time!</p>');
print_footer();
die;
}
$username = http_post_string("username", array("len" => 20, "valid" => "[a-z][A-Z][0-9]"));
$zid = strtolower($username) . "@{$site_name}";
if (!is_local_user($zid)) {
die("no such user [{$zid}]");
}
$user_conf = db_get_conf("user_conf", $zid);
$hash = crypt_sha256(rand());
if (db_has_rec("email_challenge", array("username" => $username))) {
db_del_rec("email_challenge", array("username" => $username));
}
$email_challenge = array();
$email_challenge["challenge"] = $hash;
$email_challenge["username"] = $username;
$email_challenge["email"] = $user["email"];
$email_challenge["expires"] = time() + 86400 * 3;
db_set_rec("email_challenge", $email_challenge);
$subject = "Forgot Password";
$body = "Did you forget your password for \"{$username}\" on {$server_name}?\n";
function send_web_mail($to, $subject, $body, $in_reply_to = "", $sent = true)
{
global $auth_zid;
global $auth_user;
global $server_name;
global $server_title;
if ($auth_user["real_name"] == "") {
$from = "<{$auth_zid}>";
} else {
$from = $auth_user["real_name"] . " <{$auth_zid}>";
}
if (!$sent) {
$from = "{$server_title} <no-reply@{$server_name}>";
}
$time = time();
$message_id = generate_message_id();
$header = "From: {$from}\r\n";
$header .= "To: {$to}\r\n";
$header .= "Date: " . date("r", $time) . "\r\n";
$header .= "Subject: {$subject}\r\n";
if ($in_reply_to != "") {
$header .= "In-Reply-To: {$in_reply_to}\r\n";
}
$header .= "Message-ID: <{$message_id}>\r\n";
$header .= "Reply-To: {$from}\r\n";
$body = "{$header}\r\n{$body}";
$a = parse_mail_address($to);
if ($a["domain"] == $server_name) {
if (is_local_user($a["email"])) {
$mail = array();
$mail["mail_id"] = 0;
$mail["body"] = $body;
$mail["in_reply_to"] = $in_reply_to;
$mail["location"] = "Inbox";
$mail["mail_from"] = $from;
$mail["message_id"] = $message_id;
$mail["received_time"] = $time;
$mail["rcpt_to"] = $to;
$mail["reply_to"] = $from;
$mail["size"] = strlen($body);
$mail["subject"] = $subject;
$mail["zid"] = $a["email"];
db_set_rec("mail", $mail);
if ($sent) {
$mail["location"] = "Sent";
$mail["zid"] = $auth_zid;
db_set_rec("mail", $mail);
}
}
}
}
die("username is reserved [{$username}]");
}
if ($mail_1 != $mail_2) {
die("email addresses do not match [{$mail_1}] [{$mail_2}]");
}
$a = explode("@", $mail_1);
if (count($a) != 2) {
die("invalid email address [{$mail_1}]");
}
if (strlen($a[0]) == 0) {
die("invalid username in email address [{$mail_1}]");
}
if (strlen($a[1]) < 3 || !string_has($a[1], ".")) {
die("invalid domain in email address [{$mail_1}]");
}
if (is_local_user("{$luser}@{$server_name}")) {
die("username already exists [{$username}]");
}
if (!captcha_verify($answer)) {
die("captcha failed");
}
print_header("Email Sent");
writeln('<h1>Email Sent</h1>');
writeln('<p>Please visit the link in the email within 3 days to activate your account.</p>');
print_footer();
$ip = $_SERVER["REMOTE_ADDR"];
$hash = crypt_sha256(rand());
$email_challenge = array();
$email_challenge["challenge"] = $hash;
$email_challenge["username"] = $username;
$email_challenge["email"] = $mail_1;
