<?php
if (!isset($_GET['hash'])) {
die('');
}
header("Content-Type: text/html; charset=UTF-8");
define('READ_ONLY_SESSION', true);
define('CID', false);
require_once '../../../../include.php';
ModuleManager::load_modules();
DB::Execute('DELETE FROM user_reset_pass WHERE created_on<%T', array(time() - 3600 * 2));
$user_id = DB::GetOne('SELECT user_login_id FROM user_reset_pass WHERE hash_id=%s', array($_GET['hash']));
if ($user_id == false) {
die(__('Request failed. Authentication link is valid for 2 hours since sending request.'));
}
$pass = generate_password();
$pass_hash = function_exists('password_hash') ? password_hash($pass, PASSWORD_DEFAULT) : md5($pass);
if (!DB::Execute('UPDATE user_password SET password=%s WHERE user_login_id=%d', array($pass_hash, $user_id))) {
die(__('Unable to update password. Please contact system administrator.'));
}
if (!Base_User_LoginCommon::send_mail_with_password(Base_UserCommon::get_user_login($user_id), $pass, Base_User_LoginCommon::get_mail($user_id), true)) {
die(__('Unable to send e-mail with password. Mail module configuration invalid. Please contact system administrator.'));
}
DB::Execute('DELETE FROM user_reset_pass WHERE hash_id =%s', array($_GET['hash']));
header('Location: ' . get_epesi_url() . '?' . http_build_query(array('password_recovered' => 1)));
