forked from osCommerce/oscommerce2
/
password_reset.php
125 lines (92 loc) · 4.51 KB
/
password_reset.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<?php
/*
$Id$
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2012 osCommerce
Released under the GNU General Public License
*/
require('includes/application_top.php');
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_PASSWORD_RESET);
$error = false;
if ( !isset($HTTP_GET_VARS['account']) || !isset($HTTP_GET_VARS['key']) ) {
$error = true;
$messageStack->add_session('password_forgotten', TEXT_NO_RESET_LINK_FOUND);
}
if ($error == false) {
$email_address = tep_db_prepare_input($HTTP_GET_VARS['account']);
$password_key = tep_db_prepare_input($HTTP_GET_VARS['key']);
if ( (strlen($email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) || (tep_validate_email($email_address) == false) ) {
$error = true;
$messageStack->add_session('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
} elseif (strlen($password_key) != 40) {
$error = true;
$messageStack->add_session('password_forgotten', TEXT_NO_RESET_LINK_FOUND);
} else {
$check_customer_query = tep_db_query("select c.customers_id, c.customers_email_address, ci.password_reset_key, ci.password_reset_date from " . TABLE_CUSTOMERS . " c, " . TABLE_CUSTOMERS_INFO . " ci where c.customers_email_address = '" . tep_db_input($email_address) . "' and c.customers_id = ci.customers_info_id");
if (tep_db_num_rows($check_customer_query)) {
$check_customer = tep_db_fetch_array($check_customer_query);
if ( empty($check_customer['password_reset_key']) || ($check_customer['password_reset_key'] != $password_key) || (strtotime($check_customer['password_reset_date'] . ' +1 day') <= time()) ) {
$error = true;
$messageStack->add_session('password_forgotten', TEXT_NO_RESET_LINK_FOUND);
}
} else {
$error = true;
$messageStack->add_session('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
}
}
}
if ($error == true) {
tep_redirect(tep_href_link(FILENAME_PASSWORD_FORGOTTEN));
}
if (false !== $validated = tep_validate_form(array('action' => 'process', 'password' => 'strip_tags','confirmation' => 'strip_tags'))) {
extract($validated,EXTR_OVERWRITE);
if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('password_reset', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password != $confirmation) {
$error = true;
$messageStack->add('password_reset', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '" . tep_encrypt_password($password) . "' where customers_id = '" . (int)$check_customer['customers_id'] . "'");
tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now(), password_reset_key = null, password_reset_date = null where customers_info_id = '" . (int)$check_customer['customers_id'] . "'");
$messageStack->add_session('login', SUCCESS_PASSWORD_RESET, 'success');
tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
}
}
$breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_LOGIN, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2);
require(DIR_WS_INCLUDES . 'template_top.php');
require('includes/form_check.js.php');
?>
<h1><?php echo HEADING_TITLE; ?></h1>
<?php
if ($messageStack->size('password_reset') > 0) {
echo $messageStack->output('password_reset');
}
?>
<?php echo tep_draw_form('password_reset', tep_href_link(FILENAME_PASSWORD_RESET, 'account=' . $email_address . '&key=' . $password_key, 'SSL'), 'post', 'onsubmit="return check_form(password_reset);"', true); ?>
<div class="contentContainer">
<div class="contentText">
<div><?php echo TEXT_MAIN; ?></div>
<table border="0" cellspacing="2" cellpadding="2" width="100%">
<tr>
<td class="fieldKey"><?php echo ENTRY_PASSWORD; ?></td>
<td class="fieldValue"><?php echo tep_draw_password_field('password'); ?></td>
</tr>
<tr>
<td class="fieldKey"><?php echo ENTRY_PASSWORD_CONFIRMATION; ?></td>
<td class="fieldValue"><?php echo tep_draw_password_field('confirmation'); ?></td>
</tr>
</table>
</div>
<div class="buttonSet">
<span class="buttonAction"><?php echo tep_draw_hidden_field('action', 'process') . tep_draw_button(IMAGE_BUTTON_CONTINUE, 'triangle-1-e', null, 'primary'); ?></span>
</div>
</div>
</form>
<?php
require(DIR_WS_INCLUDES . 'template_bottom.php');
require(DIR_WS_INCLUDES . 'application_bottom.php');
?>