<?php define('STARTSECURE', true, 1); include '../../includes/config.php'; $fileInfo = array('title' => 'Forgot Password', 'fileName' => 'forgotPassword/index.php'); $debug->newFile($fileInfo['fileName']); $buildPage = new Adrlist_BuildPage(); $buildPage->addIncludes('forgotPasswordMethods.php'); $buildPage->addJs('forgotPassword.js'); echo $buildPage->output(), ' <div id="resetHolder"> ', buildReset(), ' </div> ', $buildPage->buildFooter();
function resetPasswordStep1() { global $debug, $message, $success, $Dbc, $returnThis; $output = ''; try { if (empty($_POST['email'])) { throw new Adrlist_CustomException('', '$_POST[\'email\'] is empty.'); } $_POST['email'] = trim($_POST['email']); $emailValidate = emailValidate($_POST['email']); if ($emailValidate !== true) { throw new Adrlist_CustomException('', '$_POST[\'email\'] is not valid.'); } $Dbc->beginTransaction(); //See if a user with the email exists before sending. $emailCheckQuery = $Dbc->prepare("SELECT\n\tuserId AS 'userId'\nFROM\n\tusers\nWHERE\n\tprimaryEmail = ?"); $debug->add('$_POST[\'email\']: ' . $_POST['email'] . '.'); $emailCheckQuery->execute(array($_POST['email'])); $row = $emailCheckQuery->fetch(PDO::FETCH_ASSOC); if (empty($row['userId'])) { $message .= 'Please <a href="' . LINKSUPPORT . '">contact support</a> for help with accessing your account.<br>'; } else { $resetCode = sha1($_POST['email'] . DATETIME); $insertQuery = $Dbc->prepare("INSERT INTO\n\tforgotPassword\nSET\n\tuserId = ?,\n\temailEntered = ?,\n\tresetCode = ?,\n\trequestMade = ?,\n\tREMOTE_ADDR = ?,\n\tHTTP_X_FORWARDED_FOR = ?"); $httpX = empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? '' : $_SERVER['HTTP_X_FORWARDED_FOR']; $insertQuery->execute(array($row['userId'], $_POST['email'], $resetCode, DATETIME, $_SERVER['REMOTE_ADDR'], $httpX)); $resetLink = LINKFORGOTPASSWORD . '/?resetCode=' . $resetCode; //This will build https://adrlist..... $subject = 'Reset password at ' . THENAMEOFTHESITE; $body = '<table width="100%" cellpadding="0" cellspacing="0" border="0" align="center" bgcolor="#FFFFFF"> <tr> <td align="center"><font face="' . FONT . '" size="' . SIZE4 . '"><b>Please follow the link below to reset your password:</b></font></td> </tr> <tr> <td align="center"><font face="' . FONT . '" size="' . SIZE4 . '"><a href="' . $resetLink . '">' . $resetLink . '</a> </font> <div> </div> <div> </div> <div> </div> </td> </tr> <tr> <td align="center"><font face="' . FONT . '" size="' . SIZE2 . '">The request was sent from ' . $_SERVER['REMOTE_ADDR'] . '. If you did not request to reset your password, please ignore this message.</font></td> </tr> </table>'; $textBody = "Please follow this link to reset your password: "******"\nIf you did not request to reset your password, please ignore this message."; $insertId = $Dbc->lastInsertId(); if (!empty($insertId) && email(EMAILDONOTREPLY, $_POST['email'], $subject, $body, $textBody) === true) { $Dbc->commit(); $success = true; $message .= 'An email has been sent to ' . $_POST['email'] . ' with instructions on how to reset your password. <div class="red textCenter" style="margin:1em 0">Didn\'t get an email? Be sure to check your spam folder.</div>'; $returnThis['buildReset'] = buildReset(); } else { $Dbc->rollback(); error(__LINE__, false, 'Could not add the record on line ' . __LINE__ . ' in forgotPasswordMethods.php.<br>'); } } } catch (Adrlist_CustomException $e) { } catch (PDOException $e) { error(__LINE__, '', '<pre>' . $e . '</pre>'); if (MODE == 'resetPasswordStep1') { returnData(); } } if (MODE == 'resetPasswordStep1') { returnData(); } }