/** * Forgot Password. * * @url POST /user/forgotpassword/ */ public function forgotPassword() { global $messages; $websiteName = Settings::getInstance()->p['websiteName']; $email = $_POST['email']; if (strlen($email) == 0) { throw new RestException(400, "Wrong or missing parameters."); } $sql = "SELECT UserId, Language FROM User WHERE Email = '" . $email . "'"; $result = $this->mysqli->query($sql) or die($authIssueText); $recordsCount = mysqli_num_rows($result); if ($recordsCount >= 1 && $result != null) { $row = mysqli_fetch_array($result); $resetCode = generateRandomString(32); // Set the code in the database parent::CreateResetPasswordCode($row['UserId'], $resetCode); $forgotPasswordMessage = str_replace("<<IdUser>>", $row['UserId'], $messages[$row[1]]["forgotPasswordMessage"]); $forgotPasswordMessage = str_replace("<<ResetCode>>", $resetCode, $forgotPasswordMessage); $forgotPasswordMessage = str_replace("<<SendTo>>", $email, $forgotPasswordMessage); $mailer = new PHPMailer(); $mailer->isSMTP(); // Set mailer to use SMTP $mailer->Host = Settings::getInstance()->p['emailHost']; // Specify main and backup SMTP servers $mailer->SMTPAuth = true; // Enable SMTP authentication $mailer->Username = Settings::getInstance()->p['email']; // SMTP username $mailer->Password = Settings::getInstance()->p['emailPassword']; // SMTP password //$mailer->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted $mailer->Port = Settings::getInstance()->p['emailPort']; // TCP port to connect to $mailer->setFrom(Settings::getInstance()->p['email'], 'Support'); $mailer->addAddress($email); $mailer->isHTML(false); // Set email format to HTML $mailer->Subject = $websiteName . ' '; $mailer->Body = $forgotPasswordMessage; // HTML message body <b>in bold!</b> $mailer->AltBody = $forgotPasswordMessage; // Plain text body for non-HTML mail clients //$mailer->SMTPDebug = 1; if (!$mailer->send()) { echo 'Message could not be sent.'; echo 'Mailer Error: ' . $mailer->ErrorInfo; return "ERROR"; } return "OK"; } else { // User not found throw new RestException(403, "Forbidden - The user " . $email . " was not found." . $sql); } }