function guiLoginAnswer(&$session, &$message)
{
$session->trace(TC_Gui1, 'guiLoginAnswer; login_user: '******'login_user']);
$login_again = true;
$message = null;
$again = false;
$user = $_POST['login_user'];
$email = $_POST['login_email'];
$code = $_POST['login_code'];
if (isset($_POST['but_forget'])) {
if (empty($user)) {
$message = "+kein Benutzername angegeben";
} elseif (empty($email)) {
$message = "+keine EMail-Adresse angegeben";
} else {
$row = dbSingleRecord($session, 'select id,email from ' . dbTable($session, T_User) . ' where name=' . dbSqlString($session, $user));
if (!$row) {
$message = "+unbekannter Benutzer";
} elseif (empty($row[1])) {
$message = "+keine EMail-Adresse eingetragen";
} elseif (strcasecmp($row[1], $email) != 0) {
$message = "+EMail-Adresse ist nicht bekannt";
} else {
sendPassword($session, $row[0], $user, $email);
$message = 'Das Passwort wurde an ' . $email . ' verschickt';
}
}
$again = true;
} else {
$message = dbCheckUser($session, $user, $code);
if (!empty($message)) {
$again = true;
} else {
setLoginCookie($session, $user, $code);
$session->setPageName(P_Home);
$session->setSessionNo(1);
}
}
return $again;
}
}
// Check for gd library availability
if (!check_gd()) {
throw new iMSCP_Exception(tr("PHP GD extension not loaded."));
}
// Remove old unique keys
removeOldKeys($cfg['LOSTPASSWORD_TIMEOUT']);
$tpl = new iMSCP_pTemplate();
$tpl->define_dynamic(array('layout' => 'shared/layouts/simple.tpl', 'page' => 'lostpassword.tpl', 'page_message' => 'layout'));
$tpl->assign(array('TR_PAGE_TITLE' => tr('i-MSCP - Multi Server Control Panel / Lost Password'), 'CONTEXT_CLASS' => '', 'productLongName' => tr('internet Multi Server Control Panel'), 'productLink' => 'http://www.i-mscp.net', 'productCopyright' => tr('© 2010-2015 i-MSCP Team<br/>All Rights Reserved'), 'TR_CAPCODE' => tr('Security code'), 'GET_NEW_IMAGE' => tr('Get a new image'), 'TR_IMGCAPCODE' => '<img id="captcha" src="imagecode.php" width="' . $cfg['LOSTPASSWORD_CAPTCHA_WIDTH'] . '" height="' . $cfg['LOSTPASSWORD_CAPTCHA_HEIGHT'] . '" alt="captcha image" />', 'TR_USERNAME' => tr('Username'), 'TR_SEND' => tr('Send'), 'TR_CANCEL' => tr('Cancel')));
// A request for new password was validated ( User clicked on the link he has received by mail )
if (isset($_GET['key']) && $_GET['key'] != '') {
// Check key
clean_input($_GET['key']);
// Sending new password
if (sendPassword($_GET['key'])) {
set_page_message(tr('Your new password has been sent. Check your email.'), 'success');
redirectTo('index.php');
} else {
set_page_message(tr('New password has not been sent. Ask your administrator.'), 'error');
}
} elseif (!empty($_POST)) {
// Request for new password
$bruteForce = new iMSCP_Plugin_Bruteforce(iMSCP_Registry::get('pluginManager'), 'captcha');
if ($bruteForce->isWaiting() || $bruteForce->isBlocked()) {
set_page_message($bruteForce->getLastMessage(), 'error');
redirectTo('lostpassword.php');
} else {
$bruteForce->recordAttempt();
}
if (!empty($_POST['uname']) && isset($_SESSION['image']) && isset($_POST['capcode'])) {
<?php
include_once "includes/mp3act_functions.php";
include_once "includes/sessions.php";
// SEND PASSWORD
$error = '';
if (!empty($_POST['email'])) {
mp3act_connect();
if (sendPassword($_POST['email'])) {
$error = "A new password has been sent to: {$_POST['email']}.";
} else {
$error = "Email Address is not a valid account";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title><?php
echo $GLOBALS['server_title'];
?>
| Login</title>
<link rel="Stylesheet" href="css/mp3act_css.php" type="text/css" />
<script type="text/javascript">
function validator()
{
if(document.getElementById("email").value == ""){
$forgotForm = "<form action='' method='post'>" . "<font face='Verdana' color='red' size=6><b>Forgot Password</b></font><br><br>" . "<font face='Verdana' color='blue'><b>Enter your email address: </b> <input type='text' name='email' size='50'><br><br>" . "<input type='submit' style='color: red; font-family: Verdana; font-weight: bold; font-size: 16px; ' value='Submit'> </form>";
// If $email is not set, $message is empty so as $youremail, then show the form
if (!isset($_REQUEST['email'])) {
echo $forgotForm;
} else {
$email = $_REQUEST['email'];
$passValue = getPassword($email);
if ($passValue == "" or $passValue == null) {
echo $forgotForm;
echo "<font color='red' size=3>Your email address is not registered. Please contact the administrator on pkmittal82@gmail.com if you have any difficulties.</font>";
} else {
$message = "Hi, You have requested for the password for " . $full_tubename . ".Here are the details.";
$message = $message . "<br><br>" . $vURL;
$message = $message . "<br>" . "Username: "******"<br>" . "Password/Key: " . $passValue;
$send = sendPassword($email, $subject, $message);
// If we can not send this email let's show the error
if (!$send) {
echo "Error in sending email!";
} else {
echo "<font color='blue' size=6>Your password has been sent to " . $email . ". Now you can close this window</font>";
}
}
}
?>
<?php
function getPassword($email)
{
$query = "SELECT ikey FROM keystable where userid ='{$email}'";
$result = mysql_query($query);
function baseLoginAnswer(&$session)
{
$login_again = true;
$session->trace(TC_Gui1, 'baseLoginAnswer');
global $login_user, $login_code, $session_user, $but_forget, $login_email;
if (isset($but_forget)) {
$message = null;
if (empty($login_user)) {
$message = "+kein Benutzername angegeben";
} elseif (empty($login_email)) {
$message = "+keine EMail-Adresse angegeben";
} else {
$row = dbSingleRecord($session, 'select id,email from ' . dbTable($session, T_User) . ' where name=' . dbSqlString($session, $login_user));
if (!$row) {
$message = "+unbekannter Benutzer";
} elseif (empty($row[1])) {
$message = "+keine EMail-Adresse eingetragen";
} elseif (strcasecmp($row[1], $login_email) != 0) {
$message = "+EMail-Adresse ist nicht bekannt";
} else {
sendPassword($session, $row[0], $login_user, $login_email);
$message = 'Das Passwort wurde an ' . $login_email . ' verschickt';
}
}
guiLogin($session, $message);
} else {
$rc = dbCheckUser($session, $login_user, $login_code);
if (!empty($rc)) {
guiLogin($session, $rc);
} else {
setLoginCookie($session, $login_user, $login_code);
$session->setPageName(P_Start);
$login_again = false;
}
}
return $login_again;
}
well_done();
} elseif ($mode == $proto_mode_register) {
$email = addslashes(retrieve_from_post($proto_userid));
$fullname = addslashes(retrieve_from_post($proto_fullname));
$company = addslashes(retrieve_from_post($proto_company));
// Check if the email has already been registered.
$result = mysqli_query($global_mysqli_link, "SELECT email FROM users WHERE email='{$email}'") or die_nice('Cannot check user id existence: ' . mysqli_error($global_mysqli_link));
if (mysqli_num_rows($result) > 0) {
die_nice("Ooops! Email {$email} has already registered. Please check your mailbox or contact hello@kiri.travel");
}
// Generate and send password
$password = generate_password();
$hasher = new PasswordHash($passwordhash_cost_log2, $passwordhash_portable);
$passwordHash = $hasher->HashPassword($password);
mysqli_query($global_mysqli_link, "INSERT INTO users(email, password, privilegeApiUsage, fullName, company) VALUES('{$email}', '{$passwordHash}', 1, '{$fullname}', '{$company}')") or die_nice('Cannot add new user $email: ' . mysqli_error($global_mysqli_link));
sendPassword($email, $password, $fullname);
log_statistic("{$apikey_kiri}", 'REGISTER', "{$email}/{$fullname}/{$company}");
deinit_mysql();
well_done();
} elseif ($mode == $proto_mode_getprofile) {
$email = $active_userid;
$result = mysqli_query($global_mysqli_link, "SELECT fullName, company FROM users WHERE email='{$email}'") or die_nice('Cannot retrieve user details: ' . mysqli_error($global_mysqli_link));
if ($row = mysqli_fetch_row($result)) {
$fullname = $row[0];
$company = $row[1];
} else {
die_nice("User {$email} not found in database.");
}
deinit_mysql();
// Construct json.
$json = array($proto_status => $proto_status_ok, $proto_fullname => $fullname, $proto_company => $company);
