}
}
if ($method == 'findpwd') {
//Captcha Validate
require_once PHP_BASE_DIR . "/securimage/securimage.php";
$img = new Securimage();
if ($img->check($captcha) == false) {
$res['message'] = '验证码错误!';
$res['action'] = 'resend';
} else {
$db = new MySQL($log);
if ($mysqli = $db->openDB()) {
$user = new User($mysqli, $log);
$invitation = new Invitation($mysqli, $log);
if ($user->getUserByName($username)) {
$email_code = $invitation->genPwdEmailValidateCode($user->id);
$saemail = new SaeMail();
if ($saemail) {
//sea maill
$message = $username . " \r\n\t\t\t您好,欢迎您使用XSSRAT。XSSRAT是一个开放性的Web前端漏洞利用平台,您可以使用该平台进行一些Web前端漏洞的测试,并可以贡献自己的模块供其他用户使用。\r\n\t\t\t本平台是一个开放性的平台,可用于渗透测试或漏洞挖掘过程中,以提高Web应用的安全性,本身不具有任何恶意性。请勿将该平台用于非法用途,否则后果自负!\r\n\t\t\t您的用户名为:" . $username . "\r\n\t\t\t请及时访问以下链接重置您的密码:\t\t\t\t\t\r\n\t\t\thttp://xssrat.sinaapp.com/findpwd.php?code=" . $email_code . "&id=" . $user->id . "&method=resetpwd\r\n\t\t\t(该链接只能在同一浏览器,cookie有效期内生效)\t\r\n\t\t\r\n\t\t\thttp://xssrat.sinaapp.com\r\n\t\t\tMak3 hack m0r3 c00l!";
$ret = $saemail->quickSend($user->email, 'XSSRAT 密码重置', $message, MAIL_ACCOUNT, MAIL_PASS);
if ($ret) {
$res['result'] = true;
$res['message'] = '邮件已发出,请您及时查收,若您一直未收到,请稍后重新发送!';
$res['action'] = 'resend';
$reset_pwd = array('id' => $user->id, 'email_code' => $email_code, 'b_confirm' => false);
$_SESSION['reset_pwd'] = $reset_pwd;
}
if ($ret === false) {
$log->error($mail->errmsg());
$res['message'] = '邮件发送失败,请稍后重试!';
