*/ require_once '../include/load_config.php'; require_once '../classes/formutils.class.php'; require_once '../classes/lang.class.php'; require_once '../classes/dbutils.class.php'; require_once '../classes/usernotices.class.php'; $notice = UserNotices::get_instance(); $mysqli = DBUtils::get_mysqli_link($configObject->get('cfg_db_host'), $configObject->get('cfg_db_username'), $configObject->get('cfg_db_passwd'), $configObject->get('cfg_db_database'), $configObject->get('cfg_db_charset'), $notice, $configObject->get('dbclass')); $email = isset($_GET['email']) ? $_GET['email'] : ''; $message = ''; $errors = array(); $form_util = new FormUtils(); if (isset($_POST['submit']) and $_POST['submit'] == $string['send']) { $email = $_POST['email']; // Process the form submission $errors = $form_util->check_required(array('email' => $string['emailaddress'])); if (count($errors) == 0) { // Check if the supplied value is an email address (avoid an unnecessary DB call) if (!$form_util->is_email($email)) { $errors[] = $string['emailaddressinvalid']; } else { if ($form_util->is_email_in_cfg_institutional_domains($email)) { $errors[] = $string['emailaddressininstitutionaldomains']; } else { // If it is, look for the user in the database $stmt = $mysqli->prepare("SELECT id, title, surname FROM users WHERE email = ? ORDER BY id DESC LIMIT 1"); $stmt->bind_param('s', $email); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($user_id, $title, $surname); $stmt->fetch();
} else { // Check if the token exists and has not expired $stmt = $mysqli->prepare("SELECT id, user_id FROM password_tokens WHERE token = ? AND time > DATE_ADD(NOW(), INTERVAL -1 DAY) ORDER BY id DESC LIMIT 1"); $stmt->bind_param('s', $token); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($id, $user_id); $stmt->fetch(); if ($stmt->num_rows == 0) { $critical_errors[] = 'Invalid token'; } $stmt->close(); } if (count($critical_errors) == 0 and isset($_POST['token']) and $_POST['token'] != '') { // Process form submission $errors = $form_util->check_required(array('email' => $string['emailaddress'], 'password' => $string['password'], 'password_confirm' => $string['passwordconfirm'])); if (!$form_util->is_email($_POST['email'])) { $email = $_POST['email']; $errors[] = $string['emailaddressinvalid']; } if ($_POST['password'] != $_POST['password_confirm']) { $errors[] = $string['passwordsnotmatch']; } if (count($errors) == 0) { $email = $_POST['email']; $password = $_POST['password']; // Check if email address matches that of the user in the token record $stmt = $mysqli->prepare("SELECT username, email, roles FROM users WHERE id = ?"); $stmt->bind_param('i', $user_id); $stmt->execute(); $stmt->store_result();