function content() { $errors = array(); page_header('Request password reset'); if (array_key_exists('reset', $_POST)) { if (!isset($_POST['email']) || !$_POST['email']) { $errors[] = "Please enter an email address"; } else { $user = fetch_one_or_none('users', 'email_address', $_POST['email']); if (!$user) { $errors[] = "Incorrect email address supplied"; } if (count($errors) == 0) { $token = make_random_token(); update_all('users', array('activation_token' => $token), 'id', $user->id); send_reset_email($user->email_address, $user->name, $token); ?> <p>We have sent you an email containing a link allowing you to reset your password.</p> <?php return; } } } ?> <p>If you have forgotten your password and need it resetting, please enter your email address below and we will send you an email allowing you to reset your password.</p> <?php show_error_list($errors); ?> <form method="post" action="" accept-charset="UTF-8"> <div class="fieldrow"> <?php text_field($_POST, 'email', 'Email address'); ?> </div> <div class="fieldrow"> <input type="submit" name="reset" value="Reset" /> </div> </form> <?php }
function password_reset_by_userid($userid) { // Generate a 20 character reset token $token = generate_token(20); // Open the database connection $db = db_open(); // Get the users e-mail address $stmt = $db->prepare("SELECT username, name, email FROM user WHERE value=:userid"); $stmt->bindParam(":userid", $userid, PDO::PARAM_INT); $stmt->execute(); // Store the list in the array $array = $stmt->fetchAll(); $username = $array[0]['username']; $name = $array[0]['name']; $email = $array[0]['email']; // Insert into the password reset table $stmt = $db->prepare("INSERT INTO password_reset (`username`, `token`) VALUES (:username, :token)"); $stmt->bindParam(":username", $username, PDO::PARAM_STR, 20); $stmt->bindParam(":token", $token, PDO::PARAM_STR, 20); $stmt->execute(); // Close the database connection db_close($db); // Send the reset e-mail send_reset_email($username, $name, $email, $token); }
$idcookie = User::id(); $dbh = db_connect(); $page = new PlansPage('Utilities', 'passwordreset', PLANSVNAME . ' - Password Reset', 'passwordreset.php'); if (User::logged_in()) { populate_page($page, $dbh, $idcookie); } else { populate_guest_page($page); } $heading = new HeadingText('Password Reset', 1); $page->append($heading); if (User::logged_in()) { $msg = new AlertText('You are already logged in. You can change your password from the <a href="/changepassword.php">Change Password</a> page.', 'Already logged in'); $page->append($msg); } else { if (isset($_POST['u']) && isset($_POST['email'])) { if (send_reset_email($_POST['u'], $_POST['email'])) { $msg = new InfoText("Check your email for a password reset link.", "Check email"); $page->append($msg); } else { $msg = new AlertText("Error: The email address you provided does not match our records, or something else went wrong. " . 'Please contact <a href="mailto:' . ADMIN_ADDRESS . '">' . ADMIN_ADDRESS . '</a> for assistance.', "Email address mismatch"); $page->append($msg); $page->append(reset_step1()); } } else { if (isset($_REQUEST['u']) && isset($_REQUEST['e']) && isset($_REQUEST['h'])) { if (User::getPasswordResetHash($_REQUEST['u'], $_REQUEST['e']) == $_REQUEST['h'] && $_REQUEST['e'] > time()) { if (isset($_POST['password1']) && isset($_POST['password2'])) { if ($_POST['password1'] == $_POST['password2'] && strlen($_POST['password1']) >= 4) { if (User::resetPassword($_REQUEST['u'], $_REQUEST['e'], $_REQUEST['h'], $_POST['password1'])) { $msg = new InfoText('Your password has been changed. Please <a href="/index.php">log in!</a>!', 'Reset successful'); $page->append($msg);
$success = false; if (isset($_POST['reset_submitted'])) { include_once "/var/www/includes/validation.php"; $email = trim($_POST['email']); if ($email != "") { //is_email_valid($email)) { include_once "/var/www/includes/user.php"; include_once "/var/www/includes/crypt.php"; $u = new user(); $uid = $u->get_user_id($email); if ($uid != 0) { $cr = new crypto(); $token = base64_encode($cr->encrypt($uid)); $link = 'http://punbt090pc/reset.php?token=' . urlencode($token); include_once "/var/www/includes/email.php"; send_reset_email($email, $link); $msg = "Reset instruction are sent to email - " . $email . " Please check inbox/junkbox."; $success = true; } else { $msg = "Email is not registered"; } } else { $msg = "Invalid Email " . $email; } } elseif (isset($_POST['resetpwd_submitted'])) { $token = $_POST['token']; $new_pwd = trim($_POST['new_password']); $con_pwd = trim($_POST['con_password']); if ($new_pwd == "" || $con_pwd == "") { $msg = "No blank fields allowed"; } elseif ($new_pwd != $con_pwd) {