/** * Reset password * send an email with new credentials * * @param integer $id User ID * @param string $md5 Encrypted verification code * @return void */ public function reset($id, $md5) { $mod = new X4Auth_model('users'); $user = $mod->get_by_id($id, 'users', 'last_in, password, mail, username'); if ($user) { // user exists if (md5($user->last_in . SITE . $user->password) == $md5 && time() - strtotime($user->last_in) < 604800) { $new_pwd = X4Text_helper::random_string(6); $result = $mod->reset($user->mail, $new_pwd); if ($result) { // load dictionary $this->dict->get_wordarray(array('login', 'pwd_recovery')); $src = array('XXXUSERNAMEXXX', 'XXXPASSWORDXXX'); $rpl = array($user->username, $new_pwd); $view = new X4View_core(X4Utils_helper::set_tpl('mail')); $view->subject = SERVICE . ' - ' . _RECOVERY_SUBJECT; $view->message = str_replace($src, $rpl, _RECOVERY_BODY_RESET); // build msg $body = $view->__toString(); $msg = mb_convert_encoding($body, 'ISO-8859-1', 'auto'); // recipients $to = array(array('mail' => $user->mail, 'name' => $user->username)); $check = X4Mailer_helper::mailto(MAIL, true, $view->subject, $msg, $to, array()); X4Utils_helper::set_msg($check, _RECOVERY_PWD_OK, _MSG_ERROR); header('Location: ' . BASE_URL . 'login/recovery'); die; } // log if (LOGS) { $mod->logger($user->id, 1, 'users', 'recovery password completed for ' . $user->mail); } } else { if (LOGS) { $mod->logger($user->id, 1, 'users', 'recovery password failed for ' . $user->mail); } } } else { if (LOGS) { $mod->logger($user->id, 1, 'users', 'recovery password attempt from unknown id ' . $id); } } X4Utils_helper::set_msg(false, '', _RECOVERY_PWD_ERROR); header('Location: ' . BASE_URL . 'login/recovery'); die; }