/** * Checks if a user has the rights to view this page, is not locked/banned or not logged in * * @param string $name - permission name */ function auth($name) { locked(); // stop blocked people from acessing if (!$this->loggedIn()) { // if not authorised/logged in set_error('Please login to Echelon'); sendLogin(); exit; } if (!$this->reqLevel($name)) { // if users level is less than needed access, deny entry, and cause error set_error('You do not have the correct privilages to view that page'); sendHome(); exit; } }
$token = genFormToken('resetpw'); // setup token // gets vars and check valid $key = cleanvar($_GET['key']); $email = cleanvar($_GET['email']); // check email is valid if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { set_error('You cannot reset your password without a valid link from an email'); sendLogin(); exit; } $result = $dbl->verifyRegKey($key, $email, $key_expire); if (!$result) { // if non key set_error('You cannot reset your password without a valid link from an email'); sendLogin(); exit; } ?> <fieldset id="lostpw-field"> <legend>Reset Password</legend> <form id="lostpw-form" action="login.php" method="post"> <p>Please enter your new password.</p> <label for="pw1">Password:</label> <input type="password" name="pw1" id="pw1" tabindex="1" /> <label for="pw2">Password Again:</label> <input type="password" name="pw2" id="pw2" tabindex="2" />