$result = $db->Execute($sql); if (!($admin_email == $result->fields['admin_email'])) { $error = true; $email_message = MESSAGE_PASSWORD_SENT; $resetToken = 'bad'; } // BEGIN SLAM PREVENTION if ($_POST['admin_email'] != '') { if (!isset($_SESSION['login_attempt'])) { $_SESSION['login_attempt'] = 0; } $_SESSION['login_attempt']++; } // END SLAM PREVENTION if ($error == false) { $new_password = zen_create_PADSS_password((int) ADMIN_PASSWORD_MIN_LENGTH < 7 ? 7 : (int) ADMIN_PASSWORD_MIN_LENGTH); $resetToken = time() + ADMIN_PWD_TOKEN_DURATION . '}' . zen_encrypt_password($new_password); $sql = "update " . TABLE_ADMIN . " set reset_token = :token: where admin_id = :admID: "; $sql = $db->bindVars($sql, ':token:', $resetToken, 'string'); $sql = $db->bindVars($sql, ':admID:', $result->fields['admin_id'], 'string'); $db->Execute($sql); $html_msg['EMAIL_CUSTOMERS_NAME'] = $result->fields['admin_name']; $html_msg['EMAIL_MESSAGE_HTML'] = sprintf(TEXT_EMAIL_MESSAGE_PWD_RESET, $_SERVER['REMOTE_ADDR'], $new_password); zen_mail($result->fields['admin_name'], $result->fields['admin_email'], TEXT_EMAIL_SUBJECT_PWD_RESET, sprintf(TEXT_EMAIL_MESSAGE_PWD_RESET, $_SERVER['REMOTE_ADDR'], $new_password), STORE_NAME, EMAIL_FROM, $html_msg, 'password_forgotten_admin'); $email_message = MESSAGE_PASSWORD_SENT; } } ?> <!DOCTYPE html > <html <?php echo HTML_PARAMS;
} // BEGIN SLAM PREVENTION if ($_POST['email_address'] != '') { if (!isset($_SESSION['login_attempt'])) { $_SESSION['login_attempt'] = 0; } $_SESSION['login_attempt']++; } // END SLAM PREVENTION $email_address = zen_db_prepare_input($_POST['email_address']); $check_customer_query = "SELECT customers_firstname, customers_lastname, customers_password, customers_id\n FROM " . TABLE_CUSTOMERS . "\n WHERE customers_email_address = :emailAddress"; $check_customer_query = $db->bindVars($check_customer_query, ':emailAddress', $email_address, 'string'); $check_customer = $db->Execute($check_customer_query); if ($check_customer->RecordCount() > 0) { $zco_notifier->notify('NOTIFY_PASSWORD_FORGOTTEN_VALIDATED'); $new_password = zen_create_PADSS_password(ENTRY_PASSWORD_MIN_LENGTH > 0 ? ENTRY_PASSWORD_MIN_LENGTH : 5); $crypted_password = zen_encrypt_password($new_password); $sql = "UPDATE " . TABLE_CUSTOMERS . "\n SET customers_password = :password\n WHERE customers_id = :customersID"; $sql = $db->bindVars($sql, ':password', $crypted_password, 'string'); $sql = $db->bindVars($sql, ':customersID', $check_customer->fields['customers_id'], 'integer'); $db->Execute($sql); $html_msg['EMAIL_CUSTOMERS_NAME'] = $check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname']; $html_msg['EMAIL_MESSAGE_HTML'] = sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password); // send the email zen_mail($check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname'], $email_address, EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), STORE_NAME, EMAIL_FROM, $html_msg, 'password_forgotten'); $messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success'); zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); } else { $messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND); } }
$messageStack->add('no_account', ENTRY_EMAIL_ADDRESS_ERROR); } elseif (zen_validate_email($email_address) == false) { $error = true; $messageStack->add('no_account', ENTRY_EMAIL_ADDRESS_CHECK_ERROR); } else { $check_email_query = "select count(*) as total\n from " . TABLE_CUSTOMERS . "\n where customers_email_address = '" . zen_db_input($email_address) . "'\n and COWOA_account != 1"; $check_email = $db->Execute($check_email_query); if ($check_email->fields['total'] > 0) { $error = true; $messageStack->add('no_account', ENTRY_EMAIL_ADDRESS_ERROR_EXISTS); } } $customers_referral = zen_db_prepare_input($_POST['customers_referral']); // create password for no account if (PROJECT_VERSION_MAJOR > 1 || PROJECT_VERSION_MAJOR == 1 && substr(PROJECT_VERSION_MINOR, 0, 3) >= '5.3') { $password = zen_create_PADSS_password(15); } else { $password = zen_create_random_value(15, 'mixed'); } // set default for country if free / virtual to avoid PHP errors in admin if (isset($_GET['type']) || $_GET['type'] == 'free_virtual') { $country = STORE_COUNTRY; } // end free / virtual required fields if (!isset($_GET['type']) || $_GET['type'] != 'free_virtual') { if (ACCOUNT_COMPANY == 'true') { $company = zen_db_prepare_input($_POST['company']); } $nick = zen_db_prepare_input($_POST['nick']); if (ACCOUNT_DOB == 'true') { $dob = empty($_POST['dob']) ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_db_prepare_input($_POST['dob']);