-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrecover.php
executable file
·85 lines (75 loc) · 2.17 KB
/
recover.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
/*
Copyright © 2009,2015,2022 Siggi Bjarnason.
Licensed under GNU GPL v3 and later. Check out LICENSE.TXT for details
or see <https://www.gnu.org/licenses/gpl-3.0-standalone.html>
Page to help reset lost password. Required by LoginIncl.php
*/
$PostVarCount = count($_POST);
if($PostVarCount == 0 )
{
header("Location: index.php" );
}
require("header.php");
$strEmail = CleanReg(trim($_POST["txtRecEmail"]));
$RecoverAck = $TextArray["RecoverAck"];
if($strEmail)
{
printPg("Recovering the password for $strEmail","normal");
$strQuery = "select * from tblUsers where vcEmail = '$strEmail'";
$QueryData = QuerySQL($strQuery);
if($QueryData[0] > 0)
{
foreach($QueryData[1] as $Row)
{
$iUserID = $Row["iUserID"];
$strUID = $Row["vcUID"];
$strName = $Row["vcName"];
}
}
else
{
if($QueryData[0] < 0)
{
$strMsg = Array2String($QueryData[1]);
error_log("Query of $strQuery did not return data. Rowcount: $QueryData[0] Msg:$strMsg");
printPg($ErrMsg,"error");
}
}
if($PWDLength%2>0)
{
$PWDLength = $PWDLength + 1;
}
$Password = bin2hex(random_bytes($PWDLength/2));
$PWD = password_hash($Password, PASSWORD_DEFAULT);
$strQuery = "update tblUsers set vcPWD = '$PWD', bChangePWD=1 where iUserID='$iUserID'";
$bUpdate = UpdateSQL($strQuery,"update");
if($bUpdate)
{
$StrMsg = "Per your request login for our site is {$Row['vcUID']} and the new password is $Password";
if($OSEnv == "win")
{
$toEmail = "$strEmail";
$fromEmail = "From:$eFromAddr";
}
else
{
$toEmail = "\"$strName\" <$strEmail>";
$fromEmail = "From:$eFromName <$eFromAddr>";
}
if(EmailText($toEmail,"Your Password request",$StrMsg,$fromEmail))
{
printPg($RecoverAck,"normal");
}
}
else
{
printPg("There was an unknown error when attempting to email your password. Please let us know at $SupportEmail","error");
}
}
else
{
printPg("Email is required to look up your password.","error");
}
require("footer.php");
?>