$result = $db->Execute($sql);
if (!($admin_email == $result->fields['admin_email'])) {
$error = true;
$email_message = MESSAGE_PASSWORD_SENT;
$resetToken = 'bad';
}
// BEGIN SLAM PREVENTION
if ($_POST['admin_email'] != '') {
if (!isset($_SESSION['login_attempt'])) {
$_SESSION['login_attempt'] = 0;
}
$_SESSION['login_attempt']++;
}
// END SLAM PREVENTION
if ($error == false) {
$new_password = zen_create_PADSS_password((int) ADMIN_PASSWORD_MIN_LENGTH < 7 ? 7 : (int) ADMIN_PASSWORD_MIN_LENGTH);
$resetToken = time() + ADMIN_PWD_TOKEN_DURATION . '}' . zen_encrypt_password($new_password);
$sql = "update " . TABLE_ADMIN . " set reset_token = :token: where admin_id = :admID: ";
$sql = $db->bindVars($sql, ':token:', $resetToken, 'string');
$sql = $db->bindVars($sql, ':admID:', $result->fields['admin_id'], 'string');
$db->Execute($sql);
$html_msg['EMAIL_CUSTOMERS_NAME'] = $result->fields['admin_name'];
$html_msg['EMAIL_MESSAGE_HTML'] = sprintf(TEXT_EMAIL_MESSAGE_PWD_RESET, $_SERVER['REMOTE_ADDR'], $new_password);
zen_mail($result->fields['admin_name'], $result->fields['admin_email'], TEXT_EMAIL_SUBJECT_PWD_RESET, sprintf(TEXT_EMAIL_MESSAGE_PWD_RESET, $_SERVER['REMOTE_ADDR'], $new_password), STORE_NAME, EMAIL_FROM, $html_msg, 'password_forgotten_admin');
$email_message = MESSAGE_PASSWORD_SENT;
}
}
?>
<!DOCTYPE html >
<html <?php
echo HTML_PARAMS;
}
// BEGIN SLAM PREVENTION
if ($_POST['email_address'] != '') {
if (!isset($_SESSION['login_attempt'])) {
$_SESSION['login_attempt'] = 0;
}
$_SESSION['login_attempt']++;
}
// END SLAM PREVENTION
$email_address = zen_db_prepare_input($_POST['email_address']);
$check_customer_query = "SELECT customers_firstname, customers_lastname, customers_password, customers_id\n FROM " . TABLE_CUSTOMERS . "\n WHERE customers_email_address = :emailAddress";
$check_customer_query = $db->bindVars($check_customer_query, ':emailAddress', $email_address, 'string');
$check_customer = $db->Execute($check_customer_query);
if ($check_customer->RecordCount() > 0) {
$zco_notifier->notify('NOTIFY_PASSWORD_FORGOTTEN_VALIDATED');
$new_password = zen_create_PADSS_password(ENTRY_PASSWORD_MIN_LENGTH > 0 ? ENTRY_PASSWORD_MIN_LENGTH : 5);
$crypted_password = zen_encrypt_password($new_password);
$sql = "UPDATE " . TABLE_CUSTOMERS . "\n SET customers_password = :password\n WHERE customers_id = :customersID";
$sql = $db->bindVars($sql, ':password', $crypted_password, 'string');
$sql = $db->bindVars($sql, ':customersID', $check_customer->fields['customers_id'], 'integer');
$db->Execute($sql);
$html_msg['EMAIL_CUSTOMERS_NAME'] = $check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname'];
$html_msg['EMAIL_MESSAGE_HTML'] = sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password);
// send the email
zen_mail($check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname'], $email_address, EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), STORE_NAME, EMAIL_FROM, $html_msg, 'password_forgotten');
$messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success');
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
} else {
$messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
}
}
$messageStack->add('no_account', ENTRY_EMAIL_ADDRESS_ERROR);
} elseif (zen_validate_email($email_address) == false) {
$error = true;
$messageStack->add('no_account', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
} else {
$check_email_query = "select count(*) as total\n from " . TABLE_CUSTOMERS . "\n where customers_email_address = '" . zen_db_input($email_address) . "'\n and COWOA_account != 1";
$check_email = $db->Execute($check_email_query);
if ($check_email->fields['total'] > 0) {
$error = true;
$messageStack->add('no_account', ENTRY_EMAIL_ADDRESS_ERROR_EXISTS);
}
}
$customers_referral = zen_db_prepare_input($_POST['customers_referral']);
// create password for no account
if (PROJECT_VERSION_MAJOR > 1 || PROJECT_VERSION_MAJOR == 1 && substr(PROJECT_VERSION_MINOR, 0, 3) >= '5.3') {
$password = zen_create_PADSS_password(15);
} else {
$password = zen_create_random_value(15, 'mixed');
}
// set default for country if free / virtual to avoid PHP errors in admin
if (isset($_GET['type']) || $_GET['type'] == 'free_virtual') {
$country = STORE_COUNTRY;
}
// end free / virtual required fields
if (!isset($_GET['type']) || $_GET['type'] != 'free_virtual') {
if (ACCOUNT_COMPANY == 'true') {
$company = zen_db_prepare_input($_POST['company']);
}
$nick = zen_db_prepare_input($_POST['nick']);
if (ACCOUNT_DOB == 'true') {
$dob = empty($_POST['dob']) ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_db_prepare_input($_POST['dob']);
