Просмотр файла includes/modules/forgot.php

Размер файла: 5.5Kb
<?php
$template_vars['header'] = array(
'TITLE' => $lang['FORGOT'],
'CSS' => $css
);

$template_vars['body'] = array();

$template->set_vars('header', $template_vars['header']);

$show_form = true;

if( empty($_POST) == false )
{
	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
	$email = isset( $_POST['email'] ) ? (string) $_POST['email'] : '';
	$code = isset( $_POST['code'] ) ? (int) $_POST['code'] : '';

	$_SESSION['captcha_key'] = isset( $_SESSION['captcha_key'] ) ? $_SESSION['captcha_key'] : NULL;
	$_SESSION['captcha_failures'] = isset( $_SESSION['captcha_failures'] ) ? $_SESSION['captcha_failures'] : 0;

	if( get_magic_quotes_gpc() )
	{
		$email = stripslashes( $email );
	}

	$error = '';

	if($_SESSION['captcha_key'] === NULL || ($_SESSION['captcha_key'] != $code) )
	{
		$error = $lang['ERR_CAPTCHA'];

		if( ++$_SESSION['captcha_failures'] == 5 )
		{
			$error = $lang['ERR_CAPTCHA_TOO_MANY_FAILURES'];

			$_SESSION['captcha_key'] = NULL;
			$_SESSION['captcha_failures'] = 0;
		}	
	}
	else if( $id === 0 )
	{
		$error = $lang['ERR_EMPTY_ID'];
	}
	else if( $email === '' )
	{
		$error = $lang['ERR_EMPTY_EMAIL'];
	}

	if( $error == '' )
	{
		if( !($qresult = $sql->query("SELECT * FROM `" . CATALOGUE_SITES . "` WHERE `id` = " . $id . ";")) )
		{
			put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
		}

		if( $sql->num_rows() > 0 )
		{
			$site = $sql->fetch_assoc($sql->result);
		
			if( !$sql->query("DELETE FROM `" . CATALOGUE_KEYS . "` WHERE `dt` < UNIX_TIMESTAMP() - 1800;") )
			{
				put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
			}			

			if( !$sql->query("SELECT * FROM `" . CATALOGUE_KEYS . "` WHERE `site_id` = " . $id . ";") )
			{
				put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
			}

			if( $sql->num_rows() > 0 )
			{
				$template->set_block_vars('body', 'error', array('MESSAGE' => sprintf($lang['ERR_KEY_ALREADY_EXIST'], $email)));
			}
			else if( $email == $site['email'] )
			{
				$key = md5(random_string( 10 ));

				$template->load_template('language/' . $_SESSION['language'] . '/mail/passwd_recovery_step1.tpl', 'letter');
				$template->set_vars('letter', array(
				'ID' => $id,
				'SITE' => 'http://' . $site['site'] . '/',
				'LINK' => 'http://' . $_SERVER['HTTP_HOST'] . gen_uri('key', '', 'key_id=' . $key, '', false, false),
				'CATALOGUE_NAME' => $config['catalogue_name']
				));
				
				$headers = array();
				$headers[] = 'From: ' . $config['catalogue_email'];
				$headers[] = 'Content-Type: text/plain; charset=utf-8';

				$message = $template->evaluate_tpl('letter');
				$template->cancel('letter');

				if( mail($email, 'Password recovery', $message, implode("\r\n", $headers)) )
				{
					$_SESSION['captcha_key'] = NULL;
					$_SESSION['captcha_failures'] = 0;

					if( !$sql->query("INSERT INTO `" . CATALOGUE_KEYS . "` SET `key` = '" . $key . "', `site_id` = " . $id . ", `email` = '" . $sql->escape_string($email) . "', `dt` = UNIX_TIMESTAMP();") )
					{
						put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
					}

					$template->load_template('templates/' . VERSION . '/message.tpl', 'body');
					$template->set_vars('body', array('MESSAGE' => sprintf($lang['PASSWD_RECOVERY_SUCCESS_STEP1'], $email)));

					$link = array(
					array('HREF' => gen_uri('authentication'), 'NAME' => $lang['LOGIN']),
					array('HREF' => gen_uri('index'), 'NAME' => $lang['BACK'])
					);

					for($i = 0; $i < count($link); $i++)
					{
						$template->set_block_vars('body', 'link', $link[$i]);
					}

					$show_form = false;
				}
				else
				{
					$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_MAIL_FAILURE']));
				}
			}
			else
			{
				$template->set_block_vars('body', 'error', array('MESSAGE' => sprintf($lang['ERR_RECOVERY_INVALID_EMAIL'], $id)));
			}
		}
		else
		{
			$template->set_block_vars('body', 'error', array('MESSAGE' => sprintf($lang['ERR_SITE_DNE'], $id)));
		}
	}
	else
	{
		$template->set_block_vars('body', 'error', array('MESSAGE' => $error));
	}
}

if( $show_form )
{
	$pic_types = array('gif', 'jpg', 'png');
	$pic_type = isset( $_GET['type'] ) ? (string) $_GET['type'] : '';
	$pic_type = in_array($pic_type, $pic_types) ? $pic_type : 'gif';

	$pic_type_links = array();

	for($i = 0; $i < count($pic_types); $i++)
	{
		if( $pic_type != $pic_types[$i] )
		{
			$pic_type_links[] = "<a href='" . gen_uri($m, '', 'type=' . $pic_types[$i]) . "'>" . strtoupper($pic_types[$i]) . "</a>";
		}
	}

	$pic_type_links = implode(', ', $pic_type_links);

	$template_vars['body'] = array(
	'ID' => $lang['ID'],
	'CODE' => $lang['CODE'],
	'CAPTCHA_SRC' => append_sid(PATH . '/captcha/?type=' . $pic_type),
	'PIC_IS_NOT_LOAD' => $lang['PIC_IS_NOT_LOAD'],
	'PIC_TYPE_LINKS' => $pic_type_links,
	'SUBMIT' => $lang['SUBMIT'],
	'PATH' => gen_uri($m, '', 'type=' . $pic_type . '&amp;' . $nocache),
	'LOGIN_HREF' => gen_uri('authentication'),
	'LOGIN' => $lang['LOGIN'],
	'BACK_HREF' => gen_uri('index'),
	'BACK' => $lang['BACK'],
	'NOCACHE' => $nocache,
	);

	$template->set_block_vars('body', 'captcha', array());
}

$template->set_vars('header', $template_vars['header']);
$template->set_vars('body', $template_vars['body']);
$template->set_vars('footer', array('SWITCH_VERSION' => switch_version($m, '', $show_form ? 'type=' . $pic_type . '&amp;' . $nocache : $nocache)));
?>