if (isset($_GET['key'])) {
$key = $_GET['key'];
}
$curtime = date("Y-m-d H:i:s");
$result = mysql_query("select password_reset_username from password_reset where password_reset_token='{$key}' and password_reset_taken = '0' and password_reset_expire > '{$curtime}' ") or die("mysql error @ line # 13");
$row = mysql_fetch_row($result);
$password_reset_username = $row[0];
#print $password_reset_username;
if ($password_reset_username != '') {
$result = mysql_query("select account_email,account_name_first, account_name_last from account where account_username='******' or account_email = '{$password_reset_username}' ") or die("mysql error@ line 17");
$row = mysql_fetch_row($result);
$email = $row[0];
$fullName = $row[1] . " " . $row[2];
$firstName = $row[1];
$reset_password = generateRandomString(10);
sendResetEmail($firstName, $email, $password_reset_username, $reset_password);
$result = mysql_query("select Encrypt('{$reset_password}','.v') ") or die("mysql error@ line 26");
$row = mysql_fetch_row($result);
$password_encrypted = $row[0];
#print $password_encrypted;
$result = mysql_query("update account SET account_password = '******' where account_username='******' or account_email = '{$password_reset_username}' ") or die("mysql error @ line # 29");
$result = mysql_query("update password_reset SET password_reset_token = '1' where password_reset_token='{$key}' ") or die("mysql error @ line # 31");
$server = 'http://' . $_SERVER['HTTP_HOST'];
header("Location: {$server}/login?cred=pwd_reset_final&pmode={$pmode}");
} else {
$server = 'http://' . $_SERVER['HTTP_HOST'];
print "The session has been expired! <a href='{$server}/login?cred=forgot_pass&pmode={$pmode}'>Please try again<a>";
}
/*
$result = mysql_query("select account_id from account where account_username='******'") or die("mysql error@ finding account_id @ line # getAccountId");
$row = mysql_fetch_row($result);
<link rel="stylesheet" type="text/css" href="/styles/sparse.css"/>
</head>
<body bgcolor="#ffffff">
<table border="0" cellpadding="0" cellspacing="0" height="400" width="100%">
<tr>
<td valign="center" height="100%" align="center">
<p>
<?
if( isset($_REQUEST['username']) ) {
sendResetEmail( $_REQUEST['username'] );
}
else if( isset( $_REQUEST['x'] ) && userRowFromCode( $_REQUEST['x'] ) ) {
emitResetForm( $_REQUEST['x'] );
} else {
sendMessageForm( );
}
?>
</p>
</td>
</tr>
</table>
<? include '../includes/footer.txt' ?>
<p id="loaded_n_total"></p>
</form>
<h2>NPI Check Against HIPAA Space Test</h2>
<form id="npi_form" method="post">
<input type="text" name="npi" id="npi"><br>
<input type="button" value="Verify NPI" onclick="verifyNPI()">
<p id="npi_result"></p>
</form>
<?php
try {
$userID = '*****@*****.**';
$user = new \OnlineOrders\User($userID);
//$user->changePassword($password, TRUE);
$password = '******';
$results = sendResetEmail($password, $userID);
echo "SUCESS!<br />" . $results . "<br />Please check your email. Your new password is " . $password . ".";
} catch (Exception $e) {
echo $e->getMessage();
}
?>
<?php
//echo dirname(__FILE__);
//require '../../vendor/phpmailer/phpmailer/PHPMailerAutoload.php';
$mail = new PHPMailer();
//$mail->SMTPDebug = 3; // Enable verbose debug output
$mail->isSMTP();
// Set mailer to use SMTP
$mail->Host = 'localhost';
// Specify main and backup SMTP servers
function forgetPassword()
{
$coreUserLink = connetCoreUserDB();
$emailPhoneNumber = post("EmailOrPhoneNumber");
$validateCode = post("VCode");
//is phone
if (is_numeric($emailPhoneNumber)) {
if ($validateCode) {
if ($validateCode == session("ResetCode") && session("PhoneNumber") == $emailPhoneNumber) {
$uidRS = mysqli_query($coreUserLink, "select Uid from User where PhoneNumber = '" . session("PhoneNumber") . "'");
$uidData = mysqli_fetch_array($uidRS);
if ($uidData) {
$_SESSION["ResetPasswordUid"] = $uidData["Uid"];
printResultByMessage("Done", 0, array("SMSValidate" => true));
}
}
printResultByMessage(getLanguageString("ValiateCodeError"), 108);
} else {
if (!$validateCode) {
//is phone number
if (strlen($emailPhoneNumber) < 11) {
printResultByMessage(getLanguageString("PhoneNumberFormat"), 108);
} else {
$phoneExistRs = mysqli_query($coreUserLink, "select PhoneNumber from User where PhoneNumber = {$emailPhoneNumber}");
if (mysqli_fetch_array($phoneExistRs)) {
if (sendResetMessage($emailPhoneNumber)) {
printResultByMessage("Done", 0);
}
} else {
printResultByMessage(getLanguageString("UserPhoneNumberNotExist"), 108);
}
}
//is email
}
}
} else {
if (filter_var($emailPhoneNumber, FILTER_VALIDATE_EMAIL)) {
//delete expire data (1 day)
mysqli_query($coreUserLink, "delete from ForgetPassword where TIMESTAMPDIFF(day,CreateTime,now())>1");
$uidRS = mysqli_query($coreUserLink, "select Uid from User where Email = '{$emailPhoneNumber}'");
$uidData = mysqli_fetch_array($uidRS);
if (!$uidData) {
printResultByMessage(getLanguageString("UserEmailNotExist"), 108);
} else {
$uid = $uidData["Uid"];
}
$uidRS = mysqli_query($coreUserLink, "select Uid,EmailCode from ForgetPassword where Uid = '{$uid}'");
$uidData = mysqli_fetch_array($uidRS);
if ($uidData) {
$uid = $uidData[0]["Uid"];
if ($uid) {
// update time for reset password
mysqli_query($coreUserLink, "update ForgetPassword set CreateTime = now() where Uid = {$uid}");
if (sendResetEmail($emailPhoneNumber, $uidData[0]["EmailCode"])) {
printResultByMessage(getLanguageString("ResetEmailSent"), 0, array("EmailValidate" => true));
} else {
printResultByMessage(getLanguageString("EmailSentError"), 108);
}
}
} else {
$emailCode = md5(time() . "email%@@^&");
//insert reset code to list
mysqli_query($coreUserLink, "insert into ForgetPassword(Uid,EmailCode,CreateTime) value({$uid},'{$emailCode}',now())");
if (sendResetEmail($emailPhoneNumber, $emailCode)) {
printResultByMessage(getLanguageString("ResetEmailSent"), 0, array("EmailValidate" => true));
} else {
printResultByMessage(getLanguageString("EmailSentError"), 108);
}
}
} else {
printResultByMessage(getLanguageString("AccountFormatIncorrect"), 108);
}
}
}
