function forgot_password_form() { global $_GET, $LANG; $form = '<div class="forgot_password other_form">'; if (isset($_GET['uid']) && isset($_GET['session']) && \user\mail_sessions::check('password_recovery', array('user' => $_GET['uid'], 'session' => $_GET['session']))) { /* RESET PASSWORD FORM */ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password']) && \site\utils::check_csrf($_POST['forgot_password']['csrf'], 'forgot_password_csrf')) { $pd = \site\utils::validate_user_data($_POST['forgot_password']); try { \user\main::reset_password($_GET['uid'], $pd); $form .= '<div class="success">' . $LANG['reset_pwd_success'] . '</div>'; \user\mail_sessions::clear('password_recovery', array('user' => $_GET['uid'])); } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['forgot_password_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#"> <div class="form_field"><label for="forgot_password[email]">' . $LANG['change_pwd_form_new'] . ':</label> <div><input type="password" name="forgot_password[password1]" id="forgot_password[password1]" value="" required /></div></div> <div class="form_field"><label for="forgot_password[email]">' . $LANG['change_pwd_form_new2'] . ':</label> <div><input type="password" name="forgot_password[password2]" id="forgot_password[password2]" value="" required /></div></div> <input type="hidden" name="forgot_password[csrf]" value="' . $csrf . '" /> <button>' . $LANG['reset_pwd_button'] . '</button> </form>'; } else { /* SEND A SESSION TO HIS EMAIL ADDRESS FORM */ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password']) && \site\utils::check_csrf($_POST['forgot_password']['csrf'], 'forgot_password_csrf')) { $pd = \site\utils::validate_user_data($_POST['forgot_password']); try { \user\main::recovery_password($_POST['forgot_password']); $form .= '<div class="success">' . $LANG['fp_success'] . '</div>'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['forgot_password_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#"> <div class="form_field"><label for="forgot_password[email]">' . $LANG['form_email'] . ':</label> <div><input type="email" name="forgot_password[email]" id="forgot_password[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" required /></div></div> <input type="hidden" name="forgot_password[csrf]" value="' . $csrf . '" /> <button>' . $LANG['recovery'] . '</button> </form>'; } $form .= '</div>'; return $form; }
<div class="password_recovery"> <div class="wrapper"> <?php $form = ''; if (isset($_GET['uid']) && isset($_GET['session']) && \user\mail_sessions::check('password_recovery', array('user' => $_GET['uid'], 'session' => $_GET['session']))) { if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password_form']) && isset($_POST['forgot_password_form']['csrf']) && isset($_SESSION['csrf']['forgot_password']) && $_POST['forgot_password_form']['csrf'] == $_SESSION['csrf']['forgot_password']) { $pd = \site\utils::validate_user_data($_POST['forgot_password_form']); try { \user\main::reset_password($_GET['uid'], $pd); $form .= '<div class="success">' . $LANG['reset_pwd_success'] . '</div>'; \user\mail_sessions::clear('password_recovery', array('user' => $_GET['uid'])); } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['csrf']['forgot_password'] = \site\utils::str_random(12); $form .= '<form action="#" method="POST"> <input type="password" name="forgot_password_form[password1]" value="' . (isset($pd['password1']) ? $pd['password1'] : '') . '" placeholder="' . $LANG['change_pwd_form_new'] . '" required /> <input type="password" name="forgot_password_form[password2]" value="' . (isset($pd['password2']) ? $pd['password2'] : '') . '" placeholder="' . $LANG['change_pwd_form_new2'] . '" required /> <button>' . $LANG['reset_pwd_button'] . '</button> <input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" /> </form>'; } else { if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password_form']) && isset($_POST['forgot_password_form']['csrf']) && isset($_SESSION['csrf']['forgot_password']) && $_POST['forgot_password_form']['csrf'] == $_SESSION['csrf']['forgot_password']) { $pd = \site\utils::validate_user_data($_POST['forgot_password_form']); try { \user\main::recovery_password($_POST['forgot_password_form'], '../', 1); $form .= '<div class="success">' . $LANG['fp_success'] . '</div>'; } catch (Exception $e) {