function content()
{
$errors = array();
page_header('Request password reset');
if (array_key_exists('reset', $_POST)) {
if (!isset($_POST['email']) || !$_POST['email']) {
$errors[] = "Please enter an email address";
} else {
$user = fetch_one_or_none('users', 'email_address', $_POST['email']);
if (!$user) {
$errors[] = "Incorrect email address supplied";
}
if (count($errors) == 0) {
$token = make_random_token();
update_all('users', array('activation_token' => $token), 'id', $user->id);
send_reset_email($user->email_address, $user->name, $token);
?>
<p>We have sent you an email containing a link allowing you to reset
your password.</p>
<?php
return;
}
}
}
?>
<p>If you have forgotten your password and need it resetting, please
enter your email address below and we will send you an email allowing
you to reset your password.</p>
<?php
show_error_list($errors);
?>
<form method="post" action="" accept-charset="UTF-8">
<div class="fieldrow">
<?php
text_field($_POST, 'email', 'Email address');
?>
</div>
<div class="fieldrow">
<input type="submit" name="reset" value="Reset" />
</div>
</form>
<?php
}
function password_reset_by_userid($userid)
{
// Generate a 20 character reset token
$token = generate_token(20);
// Open the database connection
$db = db_open();
// Get the users e-mail address
$stmt = $db->prepare("SELECT username, name, email FROM user WHERE value=:userid");
$stmt->bindParam(":userid", $userid, PDO::PARAM_INT);
$stmt->execute();
// Store the list in the array
$array = $stmt->fetchAll();
$username = $array[0]['username'];
$name = $array[0]['name'];
$email = $array[0]['email'];
// Insert into the password reset table
$stmt = $db->prepare("INSERT INTO password_reset (`username`, `token`) VALUES (:username, :token)");
$stmt->bindParam(":username", $username, PDO::PARAM_STR, 20);
$stmt->bindParam(":token", $token, PDO::PARAM_STR, 20);
$stmt->execute();
// Close the database connection
db_close($db);
// Send the reset e-mail
send_reset_email($username, $name, $email, $token);
}
$idcookie = User::id();
$dbh = db_connect();
$page = new PlansPage('Utilities', 'passwordreset', PLANSVNAME . ' - Password Reset', 'passwordreset.php');
if (User::logged_in()) {
populate_page($page, $dbh, $idcookie);
} else {
populate_guest_page($page);
}
$heading = new HeadingText('Password Reset', 1);
$page->append($heading);
if (User::logged_in()) {
$msg = new AlertText('You are already logged in. You can change your password from the <a href="/changepassword.php">Change Password</a> page.', 'Already logged in');
$page->append($msg);
} else {
if (isset($_POST['u']) && isset($_POST['email'])) {
if (send_reset_email($_POST['u'], $_POST['email'])) {
$msg = new InfoText("Check your email for a password reset link.", "Check email");
$page->append($msg);
} else {
$msg = new AlertText("Error: The email address you provided does not match our records, or something else went wrong. " . 'Please contact <a href="mailto:' . ADMIN_ADDRESS . '">' . ADMIN_ADDRESS . '</a> for assistance.', "Email address mismatch");
$page->append($msg);
$page->append(reset_step1());
}
} else {
if (isset($_REQUEST['u']) && isset($_REQUEST['e']) && isset($_REQUEST['h'])) {
if (User::getPasswordResetHash($_REQUEST['u'], $_REQUEST['e']) == $_REQUEST['h'] && $_REQUEST['e'] > time()) {
if (isset($_POST['password1']) && isset($_POST['password2'])) {
if ($_POST['password1'] == $_POST['password2'] && strlen($_POST['password1']) >= 4) {
if (User::resetPassword($_REQUEST['u'], $_REQUEST['e'], $_REQUEST['h'], $_POST['password1'])) {
$msg = new InfoText('Your password has been changed. Please <a href="/index.php">log in!</a>!', 'Reset successful');
$page->append($msg);
$success = false;
if (isset($_POST['reset_submitted'])) {
include_once "/var/www/includes/validation.php";
$email = trim($_POST['email']);
if ($email != "") {
//is_email_valid($email)) {
include_once "/var/www/includes/user.php";
include_once "/var/www/includes/crypt.php";
$u = new user();
$uid = $u->get_user_id($email);
if ($uid != 0) {
$cr = new crypto();
$token = base64_encode($cr->encrypt($uid));
$link = 'http://punbt090pc/reset.php?token=' . urlencode($token);
include_once "/var/www/includes/email.php";
send_reset_email($email, $link);
$msg = "Reset instruction are sent to email - " . $email . " Please check inbox/junkbox.";
$success = true;
} else {
$msg = "Email is not registered";
}
} else {
$msg = "Invalid Email " . $email;
}
} elseif (isset($_POST['resetpwd_submitted'])) {
$token = $_POST['token'];
$new_pwd = trim($_POST['new_password']);
$con_pwd = trim($_POST['con_password']);
if ($new_pwd == "" || $con_pwd == "") {
$msg = "No blank fields allowed";
} elseif ($new_pwd != $con_pwd) {
