<section class="msg">
<h2>' . $LANG['usubscr_title'] . '</h2>
' . sprintf($LANG['usubscr_body'], '<span id="seconds">5</span>') . ' <br /><br />
<a href="index.php">' . $LANG['verify_clickhere'] . '</a>
</section>
</body>
</html>';
die;
} else {
if (isset($_GET['user']) && isset($_GET['token']) && \user\mail_sessions::check('confirmation', array('user' => (int) $_GET['user'], 'session' => $_GET['token']))) {
$stmt = $db->stmt_init();
$stmt->prepare("UPDATE " . DB_TABLE_PREFIX . "users SET valid = 1 WHERE id = ?");
$stmt->bind_param("i", $_GET['user']);
$stmt->execute();
@$stmt->close();
\user\mail_sessions::clear('confirmation', array('user' => (int) $_GET['user']));
// check if user has been refered
$uinfo = \query\main::user_infos($_GET['user']);
if (!empty($uinfo->refid)) {
\user\update::add_points($uinfo->refid, \query\main::get_option('u_points_refer'));
}
echo '<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="robots" content="noindex, nofollow">
<meta http-equiv="Refresh" content="5; url=index.php" />
function forgot_password_form()
{
global $_GET, $LANG;
$form = '<div class="forgot_password other_form">';
if (isset($_GET['uid']) && isset($_GET['session']) && \user\mail_sessions::check('password_recovery', array('user' => $_GET['uid'], 'session' => $_GET['session']))) {
/* RESET PASSWORD FORM */
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password']) && \site\utils::check_csrf($_POST['forgot_password']['csrf'], 'forgot_password_csrf')) {
$pd = \site\utils::validate_user_data($_POST['forgot_password']);
try {
\user\main::reset_password($_GET['uid'], $pd);
$form .= '<div class="success">' . $LANG['reset_pwd_success'] . '</div>';
\user\mail_sessions::clear('password_recovery', array('user' => $_GET['uid']));
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['forgot_password_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#">
<div class="form_field"><label for="forgot_password[email]">' . $LANG['change_pwd_form_new'] . ':</label> <div><input type="password" name="forgot_password[password1]" id="forgot_password[password1]" value="" required /></div></div>
<div class="form_field"><label for="forgot_password[email]">' . $LANG['change_pwd_form_new2'] . ':</label> <div><input type="password" name="forgot_password[password2]" id="forgot_password[password2]" value="" required /></div></div>
<input type="hidden" name="forgot_password[csrf]" value="' . $csrf . '" />
<button>' . $LANG['reset_pwd_button'] . '</button>
</form>';
} else {
/* SEND A SESSION TO HIS EMAIL ADDRESS FORM */
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password']) && \site\utils::check_csrf($_POST['forgot_password']['csrf'], 'forgot_password_csrf')) {
$pd = \site\utils::validate_user_data($_POST['forgot_password']);
try {
\user\main::recovery_password($_POST['forgot_password']);
$form .= '<div class="success">' . $LANG['fp_success'] . '</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['forgot_password_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#">
<div class="form_field"><label for="forgot_password[email]">' . $LANG['form_email'] . ':</label> <div><input type="email" name="forgot_password[email]" id="forgot_password[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" required /></div></div>
<input type="hidden" name="forgot_password[csrf]" value="' . $csrf . '" />
<button>' . $LANG['recovery'] . '</button>
</form>';
}
$form .= '</div>';
return $form;
}
<div class="password_recovery">
<div class="wrapper">
<?php
$form = '';
if (isset($_GET['uid']) && isset($_GET['session']) && \user\mail_sessions::check('password_recovery', array('user' => $_GET['uid'], 'session' => $_GET['session']))) {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password_form']) && isset($_POST['forgot_password_form']['csrf']) && isset($_SESSION['csrf']['forgot_password']) && $_POST['forgot_password_form']['csrf'] == $_SESSION['csrf']['forgot_password']) {
$pd = \site\utils::validate_user_data($_POST['forgot_password_form']);
try {
\user\main::reset_password($_GET['uid'], $pd);
$form .= '<div class="success">' . $LANG['reset_pwd_success'] . '</div>';
\user\mail_sessions::clear('password_recovery', array('user' => $_GET['uid']));
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['csrf']['forgot_password'] = \site\utils::str_random(12);
$form .= '<form action="#" method="POST">
<input type="password" name="forgot_password_form[password1]" value="' . (isset($pd['password1']) ? $pd['password1'] : '') . '" placeholder="' . $LANG['change_pwd_form_new'] . '" required />
<input type="password" name="forgot_password_form[password2]" value="' . (isset($pd['password2']) ? $pd['password2'] : '') . '" placeholder="' . $LANG['change_pwd_form_new2'] . '" required />
<button>' . $LANG['reset_pwd_button'] . '</button>
<input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" />
</form>';
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password_form']) && isset($_POST['forgot_password_form']['csrf']) && isset($_SESSION['csrf']['forgot_password']) && $_POST['forgot_password_form']['csrf'] == $_SESSION['csrf']['forgot_password']) {
$pd = \site\utils::validate_user_data($_POST['forgot_password_form']);
try {
\user\main::recovery_password($_POST['forgot_password_form'], '../', 1);
$form .= '<div class="success">' . $LANG['fp_success'] . '</div>';
} catch (Exception $e) {