<?php
require 'config.php';
require './src/class.phpmailer.php';
require './src/class.smtp.php';
require './src/security.php';
$action = @$_POST['action'];
if ($action == 'sign_up') {
sign_up();
}
if ($action == 'get_token') {
send_token();
}
function sign_up()
{
$email = validate_email(@$_POST['email']);
$pass = security_filter(@$_POST['password']);
$token = security_filter(@$_POST['token']);
if (email_overlap($email)) {
echo "email overlap";
die;
}
$count = count($GLOBALS['DB']->query("SELECT * FROM user WHERE email=? and token=?", array($email, $token)));
if ($count > 0) {
echo "token auth success";
$result = $GLOBALS['DB']->query("UPDATE user SET activated='1', enable='1', pass=?, passwd='0000000' WHERE email=? and token=?", array($pass, $email, $token));
} else {
echo "token auth fail";
}
}
function send_token()
if (SystemPref::Get("PasswordRecovery")=='N') {
$disabled = true;
} else
if (Input::Get("f_post_sent", "int",0)==1) {
$email = Input::Get("f_email");
if (stristr($email, "@") == false) { // || stristr($email, ".")==false)
$errors[] = getGS("Email: incorrect format.");
}
if (!isset($errors)) {
$usr = User::FetchUserByEmail($email);
if ($usr!=null && is_numeric($usr->getUserId()) && $usr->getUserId()>0) {
$usr->setPasswordResetToken();
$token = $usr->getPasswordResetToken();
send_token($email, $token);
$sent = true;
$logMessage = getGS('Password recovery request for $1', $email);
Log::Message($logMessage, NULL, 54);
}
else {
$errors[] = getGS("No user is registered with this email.");
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" xml:lang="en">
<head>
