<?php
require_once "../includes/session.php";
require_once "../includes/sanitize-all.php";
// Auto load the class when it is beeing created
spl_autoload_register(function ($class) {
require_once "../classes/" . $class . ".class.php";
});
if (empty($_POST["email"]) or empty($_POST["token"]) or empty($_POST["new-reset-password"]) or empty($_POST["confirm-reset-password"]) or empty($_POST["javascript"])) {
die(Translate::string("reset_password_alert.all_fields_required"));
}
if ($_POST["new-reset-password"] != $_POST["confirm-reset-password"]) {
die(Translate::string("reset_password_alert.passwords_dont_match"));
}
$email = $_POST["email"];
$token = $_POST["token"];
$new_password = $_POST["new-reset-password"];
$session_id = session_id();
$ip_address = $_SERVER['REMOTE_ADDR'];
$javascript = $_POST["javascript"];
$browser = $_SERVER['HTTP_USER_AGENT'];
if (!User::isTokenValid($email, $token)) {
die(Translate::string("reset_password_alert.token_expired"));
}
$user = new User();
$reset = $user->resetPassword($email, $new_password);
if (!$reset or !$user->destroyToken($token)) {
die(Translate::string("reset_password_alert.something_went_wrong"));
}
$user->insertLog("password changed", $email, $javascript, $browser, $ip, $session_id);
$user->checkCredentials($email, $new_password, $javascript, $browser, $ip_address, $session_id);
