if (isset($_GET['reset_pass'])) { if (!isset($_GET['username'])) { httperror(404); } $result = $db->query('SELECT id FROM `#^users` WHERE username=\'' . $db->escape($_GET['username']) . '\' AND recover_key=\'' . $db->escape($_GET['key']) . '\'') or error('Failed to find user', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) { httperror(404); } list($id) = $db->fetch_row($result); if (isset($_POST['reset_form_sent'])) { if ($_POST['pass1'] != $_POST['pass2']) { echo '<p>' . translate('passnomatch') . '</p>'; return; } $db->query('UPDATE `#^users` SET password=\'' . $db->escape(futurebb_hash($_POST['pass1'])) . '\',recover_key=NULL WHERE id=' . $id) or error('Failed to update password', __FILE__, __LINE__, $db->error()); LoginController::LogInUser($id, futurebb_hash($_POST['pass1']), $_SERVER['HTTP_USER_AGENT'], true); echo '<p>' . translate('pwdresetsuccess') . '<br /><a href="' . $base_config['baseurl'] . '">' . translate('login') . '</a></p>'; return; } else { ?> <form action="<?php echo $base_config['baseurl']; ?> /login?reset_pass&username=<?php echo htmlspecialchars($_GET['username']); ?> &key=<?php echo htmlspecialchars($_GET['key']); ?> " method="post" enctype="multipart/form-data"> <h2><?php
<?php LoginController::LogInUser(0, '', ''); header('Location: ' . $base_config['baseurl']); return;
echo '</form>'; PMBox(); break; case 'security': if (isset($_POST['form_sent'])) { $common = explode("\n", base64_decode(file_get_contents(FORUM_ROOT . '/app_config/commonpasswords.txt'))); if ($_POST['pwd1'] != $_POST['pwd2']) { echo '<p><b>' . translate('passnomatch') . '</b></p>'; } elseif (strlen($_POST['pwd1']) < 8) { echo '<p><b>' . translate('shortpass') . '</b></p>'; } elseif (in_array($_POST['pwd1'], $common)) { echo '<p><b>' . translate('commonpass') . '</b></p>'; } else { $db->query('UPDATE `#^users` SET password=\'' . futurebb_hash($_POST['pwd1']) . '\' WHERE username=\'' . $db->escape($user) . '\'') or error('Failed to update password', __FILE__, __LINE__, $db->error()); if ($cur_user['id'] == $futurebb_user['id']) { LoginController::LogInUser($futurebb_user['id'], futurebb_hash($_POST['pwd1']), $_SERVER['HTTP_USER_AGENT']); } redirect($base_config['baseurl'] . '/users/' . rawurlencode($dirs[2])); } } echo '<form action="' . $base_config['baseurl'] . '/users/' . htmlspecialchars($dirs[2]) . '/security" method="post" enctype="multipart/form-data">'; ?> <h2><?php echo translate('changepass'); ?> </h2> <table border="0"> <tr> <td><?php echo translate('newpass'); ?>