be9704a768
TODO: add files to database TODO: hash folder to stick files in
44 lines
1.8 KiB
PHP
44 lines
1.8 KiB
PHP
<?php
|
|
|
|
function reset_password(){
|
|
//filter all data
|
|
$email = filter_var($_GET["email"], FILTER_SANITIZE_EMAIL);
|
|
$user = filter_var($_GET["user"], FILTER_SANITIZE_STRING);
|
|
$key = filter_var($_GET["key"], FILTER_SANITIZE_STRING);
|
|
|
|
$password = filter_var($_POST['NewPass'], FILTER_SANITIZE_STRING);
|
|
$confirmpass = filter_var($_POST['ConfirmNewPass'], FILTER_SANITIZE_STRING);
|
|
|
|
$target_id = WebUsers::getId($user);
|
|
$webUser = new WebUsers($target_id);
|
|
if( (WebUsers::getIdFromEmail($email) == $target_id) && (hash('sha512',$webUser->getHashedPass()) == $key) ){
|
|
$params = Array( 'user' => $user, 'CurrentPass' => "dummy", 'NewPass' => $password, 'ConfirmNewPass' => $confirmpass, 'adminChangesOther' => true);
|
|
$result = $webUser->check_change_password($params);
|
|
if ($result == "success"){
|
|
$result = array();
|
|
$status = WebUsers::setPassword($user, $password);
|
|
if($status == 'ok'){
|
|
$result['SUCCESS_PASS'] = "OK";
|
|
}else if($status == 'shardoffline'){
|
|
$result['SUCCESS_PASS'] = "SHARDOFF";
|
|
}
|
|
$result['no_visible_elements'] = 'TRUE';
|
|
helpers :: loadtemplate( 'reset_success', $result);
|
|
throw new SystemExit();
|
|
}
|
|
$GETString = "";
|
|
foreach($_GET as $key => $value){
|
|
$GETString = $GETString . $key . '=' . $value . "&";
|
|
}
|
|
if($GETString != ""){
|
|
$GETString = '?'.$GETString;
|
|
}
|
|
$result['getstring'] = $GETString;
|
|
$result['prevNewPass'] = $password;
|
|
$result['prevConfirmNewPass'] = $confirmpass;
|
|
$result['no_visible_elements'] = 'TRUE';
|
|
helpers :: loadtemplate( 'reset_password', $result);
|
|
throw new SystemExit();
|
|
|
|
}
|
|
}
|