$email = '';
} else {
// Check if the email exists in the database
$sql = 'SELECT `user_id`,`username`,`display_name`,`email`,`last_reset`,`password` ' . 'FROM `' . TABLE_PREFIX . 'users` ' . 'WHERE `email`=\'' . $wb->add_slashes($_POST['email']) . '\'';
if ($results = $database->query($sql)) {
if ($results_array = $results->fetchRow()) {
// Get the id, username, email, and last_reset from the above db query
// Check if the password has been reset in the last 2 hours
if (time() - (int) $results_array['last_reset'] < 2 * 3600) {
// Tell the user that their password cannot be reset more than once per hour
$errMsg = $MESSAGE['FORGOT_PASS_ALREADY_RESET'];
} else {
$old_pass = $results_array['password'];
// Generate a random password then update the database with it
$new_pass = WbAuth::GenerateRandomPassword();
$sql = 'UPDATE `' . TABLE_PREFIX . 'users` ' . 'SET `password`=\'' . WbAuth::Hash($new_pass) . '\', ' . '`last_reset`=' . time() . ' ' . 'WHERE `user_id`=' . (int) $results_array['user_id'];
unset($pwh);
// destroy $pwh-Object
if ($database->query($sql)) {
// Setup email to send
$mail_to = $email;
$mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO'];
// Replace placeholders from language variable with values
$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
$replace = array($results_array['display_name'], WEBSITE_TITLE, $results_array['username'], $new_pass);
$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_FORGOT']);
// Try sending the email
if ($wb->mail(SERVER_EMAIL, $mail_to, $mail_subject, $mail_message)) {
$message = $MESSAGE['FORGOT_PASS_PASSWORD_RESET'];
$display_form = false;
} else {
// Get the id, username, email, and last_reset from the above db query
$results_array = $results->fetchRow();
// Check if the password has been reset in the last 2 hours
$last_reset = $results_array['last_reset'];
$time_diff = time() - $last_reset;
// Time since last reset in seconds
$time_diff = $time_diff / 60 / 60;
// Time since last reset in hours
if ($time_diff < 2) {
// Tell the user that their password cannot be reset more than once per hour
$message = $MESSAGE['FORGOT_PASS_ALREADY_RESET'];
} else {
$old_pass = $results_array['password'];
// Generate a random password then update the database with it
$new_pass = WbAuth::GenerateRandomPassword();
$database->query("UPDATE " . TABLE_PREFIX . "users SET password = '******', last_reset = '" . time() . "' WHERE user_id = '" . $results_array['user_id'] . "'");
if ($database->is_error()) {
// Error updating database
$message = $database->get_error();
} else {
// Setup email to send
$mail_to = $email;
$mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO'];
// Replace placeholders from language variable with values
$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
$replace = array($results_array['display_name'], WEBSITE_TITLE, $results_array['username'], $new_pass);
$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_FORGOT']);
// Try sending the email
if ($admin->mail(SERVER_EMAIL, $mail_to, $mail_subject, $mail_message)) {
$message = $MESSAGE['FORGOT_PASS_PASSWORD_RESET'];
$display_form = false;
// Check if the email already exists
$results = $database->query("SELECT user_id FROM " . TABLE_PREFIX . "users WHERE email = '" . $admin->add_slashes($_POST['email']) . "' AND user_id <> '" . $user_id . "' ");
if ($results->numRows() > 0) {
if (isset($MESSAGE['USERS_EMAIL_TAKEN'])) {
$admin->print_error($MESSAGE['USERS_EMAIL_TAKEN'], $js_back);
} else {
$admin->print_error($MESSAGE['USERS_INVALID_EMAIL'], $js_back);
}
}
// Prevent from renaming user to "admin"
if ($username != 'admin') {
$username_code = ", username = '******'";
} else {
$username_code = '';
}
// Update the database
if ($password == "") {
$query = "UPDATE " . TABLE_PREFIX . "users SET groups_id = '{$groups_id}', group_id = '{$group_id}', active = '{$active}'{$username_code}, display_name = '{$display_name}', home_folder = '{$home_folder}', email = '{$email}' WHERE user_id = '{$user_id}'";
} else {
// MD5 supplied password
$md5_password = WbAuth::Hash($password);
$query = "UPDATE " . TABLE_PREFIX . "users SET groups_id = '{$groups_id}', group_id = '{$group_id}', active = '{$active}'{$username_code}, display_name = '{$display_name}', home_folder = '{$home_folder}', email = '{$email}', password = '******' WHERE user_id = '{$user_id}'";
}
$database->query($query);
if ($database->is_error()) {
$admin->print_error($database->get_error(), $js_back);
} else {
$admin->print_success($MESSAGE['USERS_SAVED']);
}
// Print admin footer
$admin->print_footer();
$sql = 'SELECT `user_id` FROM `' . TABLE_PREFIX . 'users` WHERE `email` = \'' . $wb->add_slashes($email) . '\'';
$results = $database->query($sql);
if ($results->numRows() > 0) {
if (isset($MESSAGE['USERS_EMAIL_TAKEN'])) {
$wb->print_error($MESSAGE['USERS_EMAIL_TAKEN'], $js_back, false);
$bSignError = true;
} else {
$wb->print_error($MESSAGE['USERS_INVALID_EMAIL'], $js_back, false);
$bSignError = true;
}
}
if ($bSignError === false) {
// Generate a random password then update the database with it
$new_pass = WbAuth::GenerateRandomPassword();
// hash it
$md5_password = WbAuth::Hash($new_pass);
// Inser the user into the database
$sql = '';
$query = "INSERT INTO " . TABLE_PREFIX . "users (group_id,groups_id,active,username,password,display_name,email) VALUES ('{$groups_id}', '{$groups_id}', '{$active}', '{$username}','{$md5_password}','{$display_name}','{$email}')";
$database->query($query);
if ($database->is_error()) {
// Error updating database
$message = $database->get_error();
} else {
// Setup email to send
$mail_to = $email;
$mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO'];
// Replace placeholders from language variable with values
$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
$replace = array($display_name, WEBSITE_TITLE, $username, $new_pass);
$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_INFO']);