function check_auth()
{
global $auth_key;
global $auth_zid;
global $auth_user;
global $request_script;
global $javascript_enabled;
$auth_zid = "";
$javascript_enabled = false;
$auth = @$_COOKIE["auth"];
$map = map_from_url_string($auth);
$expire = @$map["expire"];
$zid = @$map["zid"];
$hash = @$map["hash"];
if ($zid == "") {
return;
}
if (!string_uses($expire, "[0-9]")) {
expire_auth();
die("invalid expire");
}
if (time() > $expire) {
expire_auth();
die("auth expired");
}
if (!string_uses($zid, "[a-z][0-9]@.-")) {
expire_auth();
die("invalid zid [{$zid}]");
}
$test = crypt_sha256($auth_key . "expire={$expire}&zid={$zid}");
if ($hash != $test) {
expire_auth();
die("wrong auth hash");
}
$auth_zid = $zid;
$auth_user = db_get_conf("user_conf", $auth_zid);
$javascript_enabled = $auth_user["javascript_enabled"];
}
$user_conf["password"] = $password;
$user_conf["salt"] = $salt;
db_set_conf("user_conf", $user_conf, $zid);
db_del_rec("email_challenge", $verify);
print_header("Password Reset");
writeln('<h1>Password Reset</h1>');
writeln('<p>Don\'t forget it this time!</p>');
print_footer();
die;
}
$username = http_post_string("username", array("len" => 20, "valid" => "[a-z][A-Z][0-9]"));
$zid = strtolower($username) . "@{$site_name}";
if (!is_local_user($zid)) {
die("no such user [{$zid}]");
}
$user_conf = db_get_conf("user_conf", $zid);
$hash = crypt_sha256(rand());
if (db_has_rec("email_challenge", array("username" => $username))) {
db_del_rec("email_challenge", array("username" => $username));
}
$email_challenge = array();
$email_challenge["challenge"] = $hash;
$email_challenge["username"] = $username;
$email_challenge["email"] = $user["email"];
$email_challenge["expires"] = time() + 86400 * 3;
db_set_rec("email_challenge", $email_challenge);
$subject = "Forgot Password";
$body = "Did you forget your password for \"{$username}\" on {$server_name}?\n";
$body .= "\n";
$body .= "In order to reset your password, you must visit the following link:\n";
$body .= "\n";