if (isset($_GET['key'])) { $key = $_GET['key']; } $curtime = date("Y-m-d H:i:s"); $result = mysql_query("select password_reset_username from password_reset where password_reset_token='{$key}' and password_reset_taken = '0' and password_reset_expire > '{$curtime}' ") or die("mysql error @ line # 13"); $row = mysql_fetch_row($result); $password_reset_username = $row[0]; #print $password_reset_username; if ($password_reset_username != '') { $result = mysql_query("select account_email,account_name_first, account_name_last from account where account_username='******' or account_email = '{$password_reset_username}' ") or die("mysql error@ line 17"); $row = mysql_fetch_row($result); $email = $row[0]; $fullName = $row[1] . " " . $row[2]; $firstName = $row[1]; $reset_password = generateRandomString(10); sendResetEmail($firstName, $email, $password_reset_username, $reset_password); $result = mysql_query("select Encrypt('{$reset_password}','.v') ") or die("mysql error@ line 26"); $row = mysql_fetch_row($result); $password_encrypted = $row[0]; #print $password_encrypted; $result = mysql_query("update account SET account_password = '******' where account_username='******' or account_email = '{$password_reset_username}' ") or die("mysql error @ line # 29"); $result = mysql_query("update password_reset SET password_reset_token = '1' where password_reset_token='{$key}' ") or die("mysql error @ line # 31"); $server = 'http://' . $_SERVER['HTTP_HOST']; header("Location: {$server}/login?cred=pwd_reset_final&pmode={$pmode}"); } else { $server = 'http://' . $_SERVER['HTTP_HOST']; print "The session has been expired! <a href='{$server}/login?cred=forgot_pass&pmode={$pmode}'>Please try again<a>"; } /* $result = mysql_query("select account_id from account where account_username='******'") or die("mysql error@ finding account_id @ line # getAccountId"); $row = mysql_fetch_row($result);
<link rel="stylesheet" type="text/css" href="/styles/sparse.css"/> </head> <body bgcolor="#ffffff"> <table border="0" cellpadding="0" cellspacing="0" height="400" width="100%"> <tr> <td valign="center" height="100%" align="center"> <p> <? if( isset($_REQUEST['username']) ) { sendResetEmail( $_REQUEST['username'] ); } else if( isset( $_REQUEST['x'] ) && userRowFromCode( $_REQUEST['x'] ) ) { emitResetForm( $_REQUEST['x'] ); } else { sendMessageForm( ); } ?> </p> </td> </tr> </table> <? include '../includes/footer.txt' ?>
<p id="loaded_n_total"></p> </form> <h2>NPI Check Against HIPAA Space Test</h2> <form id="npi_form" method="post"> <input type="text" name="npi" id="npi"><br> <input type="button" value="Verify NPI" onclick="verifyNPI()"> <p id="npi_result"></p> </form> <?php try { $userID = '*****@*****.**'; $user = new \OnlineOrders\User($userID); //$user->changePassword($password, TRUE); $password = '******'; $results = sendResetEmail($password, $userID); echo "SUCESS!<br />" . $results . "<br />Please check your email. Your new password is " . $password . "."; } catch (Exception $e) { echo $e->getMessage(); } ?> <?php //echo dirname(__FILE__); //require '../../vendor/phpmailer/phpmailer/PHPMailerAutoload.php'; $mail = new PHPMailer(); //$mail->SMTPDebug = 3; // Enable verbose debug output $mail->isSMTP(); // Set mailer to use SMTP $mail->Host = 'localhost'; // Specify main and backup SMTP servers
function forgetPassword() { $coreUserLink = connetCoreUserDB(); $emailPhoneNumber = post("EmailOrPhoneNumber"); $validateCode = post("VCode"); //is phone if (is_numeric($emailPhoneNumber)) { if ($validateCode) { if ($validateCode == session("ResetCode") && session("PhoneNumber") == $emailPhoneNumber) { $uidRS = mysqli_query($coreUserLink, "select Uid from User where PhoneNumber = '" . session("PhoneNumber") . "'"); $uidData = mysqli_fetch_array($uidRS); if ($uidData) { $_SESSION["ResetPasswordUid"] = $uidData["Uid"]; printResultByMessage("Done", 0, array("SMSValidate" => true)); } } printResultByMessage(getLanguageString("ValiateCodeError"), 108); } else { if (!$validateCode) { //is phone number if (strlen($emailPhoneNumber) < 11) { printResultByMessage(getLanguageString("PhoneNumberFormat"), 108); } else { $phoneExistRs = mysqli_query($coreUserLink, "select PhoneNumber from User where PhoneNumber = {$emailPhoneNumber}"); if (mysqli_fetch_array($phoneExistRs)) { if (sendResetMessage($emailPhoneNumber)) { printResultByMessage("Done", 0); } } else { printResultByMessage(getLanguageString("UserPhoneNumberNotExist"), 108); } } //is email } } } else { if (filter_var($emailPhoneNumber, FILTER_VALIDATE_EMAIL)) { //delete expire data (1 day) mysqli_query($coreUserLink, "delete from ForgetPassword where TIMESTAMPDIFF(day,CreateTime,now())>1"); $uidRS = mysqli_query($coreUserLink, "select Uid from User where Email = '{$emailPhoneNumber}'"); $uidData = mysqli_fetch_array($uidRS); if (!$uidData) { printResultByMessage(getLanguageString("UserEmailNotExist"), 108); } else { $uid = $uidData["Uid"]; } $uidRS = mysqli_query($coreUserLink, "select Uid,EmailCode from ForgetPassword where Uid = '{$uid}'"); $uidData = mysqli_fetch_array($uidRS); if ($uidData) { $uid = $uidData[0]["Uid"]; if ($uid) { // update time for reset password mysqli_query($coreUserLink, "update ForgetPassword set CreateTime = now() where Uid = {$uid}"); if (sendResetEmail($emailPhoneNumber, $uidData[0]["EmailCode"])) { printResultByMessage(getLanguageString("ResetEmailSent"), 0, array("EmailValidate" => true)); } else { printResultByMessage(getLanguageString("EmailSentError"), 108); } } } else { $emailCode = md5(time() . "email%@@^&"); //insert reset code to list mysqli_query($coreUserLink, "insert into ForgetPassword(Uid,EmailCode,CreateTime) value({$uid},'{$emailCode}',now())"); if (sendResetEmail($emailPhoneNumber, $emailCode)) { printResultByMessage(getLanguageString("ResetEmailSent"), 0, array("EmailValidate" => true)); } else { printResultByMessage(getLanguageString("EmailSentError"), 108); } } } else { printResultByMessage(getLanguageString("AccountFormatIncorrect"), 108); } } }