} } if ($method == 'findpwd') { //Captcha Validate require_once PHP_BASE_DIR . "/securimage/securimage.php"; $img = new Securimage(); if ($img->check($captcha) == false) { $res['message'] = '验证码错误!'; $res['action'] = 'resend'; } else { $db = new MySQL($log); if ($mysqli = $db->openDB()) { $user = new User($mysqli, $log); $invitation = new Invitation($mysqli, $log); if ($user->getUserByName($username)) { $email_code = $invitation->genPwdEmailValidateCode($user->id); $saemail = new SaeMail(); if ($saemail) { //sea maill $message = $username . " \r\n\t\t\t您好,欢迎您使用XSSRAT。XSSRAT是一个开放性的Web前端漏洞利用平台,您可以使用该平台进行一些Web前端漏洞的测试,并可以贡献自己的模块供其他用户使用。\r\n\t\t\t本平台是一个开放性的平台,可用于渗透测试或漏洞挖掘过程中,以提高Web应用的安全性,本身不具有任何恶意性。请勿将该平台用于非法用途,否则后果自负!\r\n\t\t\t您的用户名为:" . $username . "\r\n\t\t\t请及时访问以下链接重置您的密码:\t\t\t\t\t\r\n\t\t\thttp://xssrat.sinaapp.com/findpwd.php?code=" . $email_code . "&id=" . $user->id . "&method=resetpwd\r\n\t\t\t(该链接只能在同一浏览器,cookie有效期内生效)\t\r\n\t\t\r\n\t\t\thttp://xssrat.sinaapp.com\r\n\t\t\tMak3 hack m0r3 c00l!"; $ret = $saemail->quickSend($user->email, 'XSSRAT 密码重置', $message, MAIL_ACCOUNT, MAIL_PASS); if ($ret) { $res['result'] = true; $res['message'] = '邮件已发出,请您及时查收,若您一直未收到,请稍后重新发送!'; $res['action'] = 'resend'; $reset_pwd = array('id' => $user->id, 'email_code' => $email_code, 'b_confirm' => false); $_SESSION['reset_pwd'] = $reset_pwd; } if ($ret === false) { $log->error($mail->errmsg()); $res['message'] = '邮件发送失败,请稍后重试!';