-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathgetpass.php
131 lines (130 loc) · 5.52 KB
/
getpass.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<?php
// Ultimate PHP Board
// Author: Tim Hoeppner aka RR_Pilot, FixITguy
// Website: http://www.myupb.com
// Version: 2.0
// Using textdb Version: 4.3.2
if (!isset($_GET["ref"])) $ref = "index.php";
else $ref = $_GET["ref"];
require_once("./includes/upb.initialize.php");
$where = "Lost Password";
$e = false;
if (isset($_POST["u_name"]))
$u_name = xml_clean($_POST["u_name"]);
else
$u_name = "";
if (isset($_POST["u_name"])) {
$user = $tdb->query("users", "user_name='$u_name'", 1, 1);
if ($user[0]['id'] != '') {
$results = $tdb->basicQuery("getpass", "user_id", $user[0]['id'], 1, 1);
if ($results[0]['id'] != '') {
$expire = alterDate($results[0]['time'], 2, 'days');
if (mkdate() > $expire) {
$tdb->delete('getpass', $results[0]['id']);
unset($results);
}
}
if ($results[0]['id'] == '') {
$passcode = rand();
$request_ID = $tdb->add("getpass", array("passcode_HASH" => generateHash($passcode), time => mkdate(), "user_id" => $user[0]['id']));
if (FALSE !== ($question_mark_where = strpos($_SERVER['REQUEST_URI'], '?'))) {
$url = substr($_SERVER['REQUEST_URI'], 0, $question_mark_where);
}
else $url = $_SERVER['REQUEST_URI'];
mail($user[0]["email"], "Lost Password Confirmation", "The IP Address: ".$_SERVER['REMOTE_ADDR']." has requested a password retrieval from an account linked to this e-mail address. If you did request this, visit here to confirm that you would like to change your password for ".$user[0]["user_name"]."\n\nhttp://".$_SERVER['HTTP_HOST'].$url."?request_ID=".$request_ID."&passcode=".$passcode."\n\nBut you did not request a Password Retrieval, please alert an administrator, and give them the IP Address provided.", "From: ".$_REGIST['admin_email']);
$error = "A confirmation e-mail has been sent to the e-mail address attached to the username.";
$e = true;
}
else $error = "Unable to send: A confirmation e-mail has already been sent to the e-mail address attched to the username with in the last 48 hours.";
}
else $error = "Unable to find the specified username";
}
if (isset($_POST['passcode']) && isset($_POST['request_ID'])) {
$results = $tdb->get('getpass', $_POST['request_ID']);
$passcode_HASH = generateHash($_POST['passcode'], $results[0]['passcode_HASH']);
if ($passcode_HASH == $results[0]['passcode_HASH']) {
if ($_POST['pass1'] != $_POST['pass2']) {
$_GET['passcode'] = $_POST['passcode'];
$_GET['request_ID'] = $_POST['request_ID'];
$error = "Passwords do not match";
} else {
$tdb->edit('users', $results[0]['user_id'], array("password" => generateHash($_POST['pass1'])));
$tdb->delete('getpass', $_POST['request_ID']);
$where = "Lost Password ".$_CONFIG["where_sep"]." Set New";
require_once('includes/header.php');
echo "Your password was successfully changed";
require_once("includes/footer.php");
redirect('login.php', 2);
exit;
}
} else {
$error = "Unable to confirm: Unvalid Passcode";
$e = true;
}
}
if (isset($_GET['passcode']) && isset($_GET['request_ID'])) {
$_GET['passcode'] = trim($_GET['passcode']);
$results = $tdb->get('getpass', $_GET['request_ID']);
$expire = alterDate($results[0]['time'], 2, 'days');
if (mkdate() < $expire) {
$passcode_HASH = generateHash($_GET['passcode'], $results[0]['passcode_HASH']);
if ($passcode_HASH == $results[0]['passcode_HASH']) {
$where = "Lost Password ".$_CONFIG["where_sep"]." Create New";
require_once('./includes/header.php');
echo '<form action="'.basename(__FILE__).'" method="POST"><input type="hidden" name="passcode" value="'.$_GET['passcode'].'"><input type="hidden" name="request_ID" value="'.$_GET["request_ID"].'">';
echoTableHeading(str_replace($_CONFIG["where_sep"], $_CONFIG["table_sep"], $where), $_CONFIG);
echo "
<tr>
<td class='area_1' style='text-align:right;'><strong>New Password:</strong></td>
<td class='area_2'><input type=password name='pass1' size=30></td>
</tr>
<tr>
<td class='area_1' style='text-align:right;'><strong>New Password:</strong></td>
<td class='area_2'><input type=password name='pass2' size=30></td>
</tr>
<tr>
<td class='footer_3a' style='text-align:center;' colspan='2'><input type=submit value='Submit'></td>
</tr>
</form>";
echoTableFooter(SKIN_DIR);
require_once('includes/footer.php');
exit;
} else {
$error = "Unable to confirm: Unvalid Passcode";
$e = true;
}
} else {
$tdb->delete('getpass', $_GET['request_ID']);
$error = "Unable to confirm: The request expired. Please request again";
}
}
$where = "Lost Password ".$_CONFIG["where_sep"]." Request";
require_once('./includes/header.php');
if (isset($error)) {
echo "<div class='alert'><div class='alert_text'>
<strong>Caution!</strong></div><div style='padding:4px;'>$error</div></div><br />";
if ($e) {
require_once('./includes/footer.php');
exit;
}
}
if (!$tdb->is_logged_in()) {
if (!isset($_POST['u_name'])) $_POST['u_name'] = '';
echo "<form action='".basename(__FILE__)."?ref=$ref' method=POST>";
echoTableHeading(str_replace($_CONFIG["where_sep"], $_CONFIG["table_sep"], $where), $_CONFIG);
echo "
<tr>
<th colspan='2'>Enter your username and a confirmation e-mail will be emailed to you.</th>
</tr>
<tr>
<td class='area_1' style='text-align:right;padding:20px;'><strong>User Name:</strong></td>
<td class='area_2'><input type=text name=u_name value='".$_POST['u_name']."' size=30> </td>
</tr>
<tr>
<td class='footer_3a' style='text-align:center;' colspan='2'><input type=submit value='Submit'></td>
</tr>
</form>";
echoTableFooter(SKIN_DIR);
}
require_once("./includes/footer.php");
?>