/
pwretrieve.php
93 lines (74 loc) · 2.66 KB
/
pwretrieve.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php
/*
pwretrieve v0.95
Written by B. van Ouwerkerk bvo@atz.nl
Published under the same license as FishCart.
Please send questions to the FishCart users list.
You can call this file from anywhere with a form method=post
the name of the inputbox is supposed to be pwlostmail.
This is the first release. Adding more features and languages
as soon as possible.
Latest release is available via CVS.
I hope this might be useful to someone, use it at your own risk..
This file is still under development and should currently not
be used in combination with ESD.
*/
header("Expires: 0");
header("Pragma: no-cache");
header("Cache-control: No-Cache");
require_once( '../bit_setup_inc.php' );
require('./functions.php');
// ========== start of variable loading ==========
// load passed variables and cookie variables
// int or double cast the numbers, no exceptions
// custid cookie is mime encoded, don't escape
$pwlostmail = getparam('pwlostmail');
// ========== end of variable loading ==========
require('./public.php');
if (eregi("^[a-z0-9_\'\.-]+@[a-z0-9_\.-]+\.[a-z]{2,4}$",$pwlostmail)){
$pwlostmail=$pwlostmail;}else{
$pwlostmail="";
}
if ($pwlostmail==""){
echo 'no email address found or no valid email address in your request';
exit;
}
// retrieve the record for the email address
$wwkwijt = new FC_SQL;
$wwkwijt->query("SELECT pwactive,pwemail,pwuid,pwpw from pw ".
"where pwemail='$pwlostmail' limit 1");
$wwkwijt->next_record();
if($wwkwijt->f("pwuid")==""){
//no record for this address so we're supposed to build an errormessage here
//let's keep it simple for now
//this will be fixed in the next release
echo "sorry, we don't know the address entered";
exit;
}
if($wwkwijt->f("pwactive")=="0"){
//login is not active so we're supposed to build an errormessage here
//let's keep it simple for now
//this will be fixed in the next release
echo 'account is currently not active';
exit;
}
$login=$wwkwijt->f("pwuid");
$ww=$wwkwijt->f("pwpw");
//record found now sending email
$subject .="Information you requested from ";
$messages .="Your catalog password:\n";
$messages .="username : $login\n";
$messages .="password : $ww\n";
$headers .="From: ".$gBitSystem->getSenderEmail()."\n";
$headers .="Return-Path: <".$gBitSystem->getSenderEmail().">\n";
mail($wwkwijt->f("pwemail"), $subject, $messages, $headers);
$wwkwijt->free_result();
?>
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<a href="index.php">login with password</a>
</BODY>
</HTML>