public function resetPWD($user, $type)
{
$this->type = $type;
if ($this->type == 'username') {
$this->username = $user;
global $isv_db;
//select email from the db
$stmt = $isv_db->prepare("SELECT email FROM users WHERE username=?");
$stmt->bind_param('s', $this->username);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($userEmail);
$stmt->fetch();
if ($stmt->num_rows() < 1) {
$stmt->close();
$_SESSION['isv_error'] = 'No such user found in our database';
header('location:' . ISVIPI_URL . 'forgot');
exit;
}
$this->email = $userEmail;
//check if a validation code already exists in our db
if (valid_codeExists($this->email, 'email')) {
global $exstCode;
$newCode = $exstCode;
//update our query time
$stmt->prepare("UPDATE user_validations SET time=UTC_TIMESTAMP() WHERE code=?");
$stmt->bind_param('s', $newCode);
$stmt->execute();
$stmt->close();
} else {
//generate validation code
$newCode = randomCode($this->email, '25');
//save in our db
$stmt->prepare("INSERT INTO user_validations (email,code,time) VALUES (?,?,UTC_TIMESTAMP())");
$stmt->bind_param('ss', $this->email, $newCode);
$stmt->execute();
$stmt->close();
}
} else {
if ($this->type == 'email') {
$this->email = $user;
//check if a user with this email exists
global $isv_db;
$stmt = $isv_db->prepare("SELECT id FROM users WHERE email=?");
$stmt->bind_param('s', $this->email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($userID);
$stmt->fetch();
if ($stmt->num_rows() < 1) {
$stmt->close();
$_SESSION['isv_error'] = 'No such user found in our database';
header('location:' . ISVIPI_URL . 'forgot');
exit;
}
//check if a validation code already exists in our db
if (valid_codeExists($this->email, 'email')) {
global $exstCode;
$newCode = $exstCode;
//update our query time
$stmt->prepare("UPDATE user_validations SET time=UTC_TIMESTAMP() WHERE code=?");
$stmt->bind_param('s', $newCode);
$stmt->execute();
$stmt->close();
} else {
//generate validation code
$newCode = randomCode($this->email, '25');
//save in our db
$stmt = $isv_db->prepare("INSERT INTO user_validations (email,code,time) VALUES (?,?,UTC_TIMESTAMP())");
$stmt->bind_param('ss', $this->email, $newCode);
$stmt->execute();
$stmt->close();
}
}
}
/* include our email functions file */
require_once ISVIPI_FUNCTIONS_BASE . 'emails/resetPWD_email.php';
// send our email
$siteInfo = new siteManager();
$isv_siteSettings = $siteInfo->getSiteSettings();
$isv_siteDetails = $siteInfo->getSiteInfo();
sendResetPWDEmail($this->email, $newCode, $isv_siteDetails['s_email'], $isv_siteDetails['s_title'], $isv_siteDetails['s_url'], $isv_siteSettings['logo']);
//redirect with a success message
$_SESSION['isv_success'] = 'An email with your password reset link has been sent to ' . $this->email . '. Follow instructions in the email to change your password.';
header('location:' . ISVIPI_URL . 'forgot');
exit;
}
public function __construct($_code)
{
$this->code = $_code;
//check if the code is valid
if (!valid_codeExists($this->code, 'code')) {
$_SESSION['isv_error'] = 'Invalid validation code. Check your email for the correct validation code.';
notFound404Err();
exit;
}
//activate user
global $isv_db, $exstEmail;
$newStatus = 1;
$stmt = $isv_db->prepare("UPDATE users SET status=? where email=?");
$stmt->bind_param('is', $newStatus, $exstEmail);
$stmt->execute();
//delete code
$stmt->prepare("DELETE from user_validations where code=?");
$stmt->bind_param('s', $this->code);
$stmt->execute();
$stmt->close();
//redirect to index page with success message
$_SESSION['isv_success'] = 'Account Activated. Please sign in to proceed.';
header('location:' . ISVIPI_URL . '');
exit;
}
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
******************************************************/
require_once ISVIPI_PAGES_BASE . 'base.php';
if (!isset($PAGE[1]) || empty($PAGE[1])) {
$_SESSION['isv_error'] = 'Password reset code not found';
header('location:' . ISVIPI_URL . '404/');
exit;
}
$rCode = cleanGET($PAGE[1]);
//check to see if the reset code exists
if (!valid_codeExists($rCode, 'code')) {
$_SESSION['isv_error'] = 'No such password reset code found in our database';
header('location:' . ISVIPI_URL . '404/');
exit;
}
$_SESSION['isv_pwd_change_eml'] = $exstEmail;
$_SESSION['isv_pwd_code'] = $rCode;
include_once ISVIPI_ACT_THEME . 'reset.php';
