function reset_password()
{
$email = filter_var($_GET["email"], FILTER_SANITIZE_EMAIL);
$user = filter_var($_GET["user"], FILTER_SANITIZE_STRING);
$key = filter_var($_GET["key"], FILTER_SANITIZE_STRING);
$target_id = WebUsers::getId($user);
$webUser = new WebUsers($target_id);
if (WebUsers::getIdFromEmail($email) == $target_id && hash('sha512', $webUser->getHashedPass()) == $key) {
//you are allowed on the page!
$GETString = "";
foreach ($_GET as $key => $value) {
$GETString = $GETString . $key . '=' . $value . "&";
}
if ($GETString != "") {
$GETString = '?' . $GETString;
}
$pageElements['getstring'] = $GETString;
return $pageElements;
} else {
global $WEBPATH;
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: " . $WEBPATH . "?page=error");
throw new SystemExit();
}
}
function forgot_password()
{
$email = filter_var($_POST["Email"], FILTER_SANITIZE_EMAIL);
$target_id = WebUsers::getIdFromEmail($email);
if ($target_id == "FALSE") {
//the email address doesn't exist.
$result['prevEmail'] = $email;
$result['EMAIL_ERROR'] = 'TRUE';
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('forgot_password', $result);
throw new SystemExit();
}
$webUser = new WebUsers($target_id);
$target_username = $webUser->getUsername();
$target_hashedPass = $webUser->getHashedPass();
$hashed_key = hash('sha512', $target_hashedPass);
if (isset($_COOKIE['Language'])) {
$lang = $_COOKIE['Language'];
} else {
global $DEFAULT_LANGUAGE;
$lang = $DEFAULT_LANGUAGE;
}
global $AMS_TRANS;
$variables = parse_ini_file($AMS_TRANS . '/' . $lang . '.ini', true);
$mailText = array();
foreach ($variables['email'] as $key => $value) {
$mailText[$key] = $value;
}
//create the reset url
global $WEBPATH;
$resetURL = $WEBPATH . "?page=reset_password&user="******"&email=" . $email . "&key=" . $hashed_key;
//set email stuff
$recipient = $email;
$subject = $mailText['email_subject_forgot_password'];
$body = $mailText['email_body_forgot_password_header'] . $resetURL . $mailText['email_body_forgot_password_footer'];
Mail_Handler::send_mail($recipient, $subject, $body, NULL);
$result['EMAIL_SUCCESS'] = 'TRUE';
$result['prevEmail'] = $email;
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('forgot_password', $result);
throw new SystemExit();
}
function reset_password()
{
//filter all data
$email = filter_var($_GET["email"], FILTER_SANITIZE_EMAIL);
$user = filter_var($_GET["user"], FILTER_SANITIZE_STRING);
$key = filter_var($_GET["key"], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['NewPass'], FILTER_SANITIZE_STRING);
$confirmpass = filter_var($_POST['ConfirmNewPass'], FILTER_SANITIZE_STRING);
$target_id = WebUsers::getId($user);
$webUser = new WebUsers($target_id);
if (WebUsers::getIdFromEmail($email) == $target_id && hash('sha512', $webUser->getHashedPass()) == $key) {
$params = array('user' => $user, 'CurrentPass' => "dummy", 'NewPass' => $password, 'ConfirmNewPass' => $confirmpass, 'adminChangesOther' => true);
$result = $webUser->check_change_password($params);
if ($result == "success") {
$result = array();
$status = WebUsers::setPassword($user, $password);
if ($status == 'ok') {
$result['SUCCESS_PASS'] = "******";
} else {
if ($status == 'shardoffline') {
$result['SUCCESS_PASS'] = "******";
}
}
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('reset_success', $result);
throw new SystemExit();
}
$GETString = "";
foreach ($_GET as $key => $value) {
$GETString = $GETString . $key . '=' . $value . "&";
}
if ($GETString != "") {
$GETString = '?' . $GETString;
}
$result['getstring'] = $GETString;
$result['prevNewPass'] = $password;
$result['prevConfirmNewPass'] = $confirmpass;
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('reset_password', $result);
throw new SystemExit();
}
}