if (!empty($hash)) {
//process hash from get and check it
$user_id = DM\Users::getIdByRecoveryHash($hash);
if (empty($user_id)) {
$_SESSION['msg'] = '<div class="alert alert-error">' . L\get('RecoverHashNotFound') . (IS_DEBUG_HOST ? $hash : '') . '</div>';
break;
}
//if recovery hash check passed - check and set new password if specified
if (isset($_POST['p']) && isset($_POST['p2'])) {
$p = $_POST['p'];
$p2 = $_POST['p2'];
if (empty($p) || $p != $p2) {
$_SESSION['p_msg'] = L\get('PasswordMissmatch');
break;
}
User::setNewPasswordByRecoveryHash($hash, $p);
$_SESSION['msg'] = '<div class="alert alert-success">' . L\get('PasswordChangedMsg') . '<br /> <br /><a href="' . $coreUrl . '">' . L\get('Login') . '</a></div>';
break;
}
$prompt_for_new_password = true;
break;
}
$e = @$_POST['e'];
$u = @$_POST['u'];
$e = trim($e);
$u = trim($u);
$e = mb_strtolower($e);
$u = mb_strtolower($u);
//redirect to recovery form if not submited or empty user and email
if (!isset($_POST['s']) || empty($e) && empty($u)) {
header('location: ' . $coreUrl . 'recover/forgot-password/');