Просмотр файла modules/user/recovery.php

<?php
/**********************************
*	@package: PerfCMS			  *
*	@year: 2012					  *
*	@author: Artas				  *
*	@link: http://perfcms.pp.ua	  *
**********************************/
if(isset($user))  { header('location: /'); exit; }
$page = 'auth';
if(isset($_POST['save_pass']) && $_GET['act']== 'change_pass' && isset($_GET['tmphash']) && isset($_GET['email'])) {
$RecoveryUserData = $db->query("SELECT * FROM `users` WHERE `password` = '". input($_GET['tmphash']) ."' AND `email` = '". input($_GET['email']) ."'")->fetch();
$pass1 = $_POST['npass'];
$pass = $_POST['pass'];
 if (!empty($pass1) && (mb_strlen($pass1, 'UTF-8') < 5 || mb_strlen($pass1, 'UTF-8') > 64)) $err .= $lang->word('e_pass').'<br />';        
if (!empty($pass1) && !empty($pass) && $pass1 != $pass) $err .= $lang->word('e_pass2').'<br />';
if(input($_GET['tmphash']) == $RecoveryUserData['password']) {
$db->query("UPDATE `users` SET `password` = '". crypto($pass)."' WHERE `email` = '". input($_GET['email'])."' ");
// print_r($db->errorInfo());
go('/');
	} else { echo $lang->word('ex_mail').'<br/>'; }
}
$title = $lang->word('recovery');
require_once(SYS.'/view/header.php');
$tpl->div('title', $lang->word('recovery'));
if(!empty($_POST['nick']) && !empty($_POST['email'])) {
	$nick = escape($_POST['nick']);
	$mail = input($_POST['email']);
	if($db->query("SELECT * FROM `users` WHERE `nick` = '". $nick ."' AND `email` = '". $mail ."'")->rowCount() == 1) {
		$RecoveryUserData = $db->query("SELECT * FROM `users` WHERE `nick` = '". $nick ."' AND `email` = '". $mail ."'")->fetch();
		import_lib('mail.class');
		$_libMail = new Mail('UTF-8');
		$_libMail->From('no-reply@'.$_SERVER['HTTP_HOST']);
		$_libMail->To($nick.';'.$mail);
		$_libMail->Subject("Password recovery | ".$lang->word('recovery')." - ".$_SERVER['HTTP_HOST']);
		$_libMail->Body($lang->word('hello').", ".$nick."!\n".
						$lang->word('recovery_1')." ".URL."\n".
						$lang->word('recovery_2')."\n
						".URL."/user/recovery?act=reset&tmphash=".$RecoveryUserData['password']."&email=".$mail."\n
						".$lang->word('recovery_3')."\n
						".$lang->word('recovery_4')." ".$system['copyright']);
		$_libMail->Priority(3);
		$_libMail->Send();
		echo '<div class="menu">'.$lang->word('recovery_alert').'</div>';
		// print_r($_libMail->Get());
		$tpl->div('block', HICO .'<a href="/">'. $lang->word('home') .'</a>');
		require_once(SYS.'/view/footer.php');
		exit;
	} 
	else 
	{ 
		echo $tpl->div('error', $lang->word('fail_a'));
	}
} 
elseif(isset($_GET['act']) && $_GET['act'] == 'reset' && isset($_GET['tmphash']) && isset($_GET['email']))
	{
		if($db->query("SELECT * FROM `users` WHERE `password` = '". input($_GET['tmphash']) ."' AND `email` = '". input($_GET['email']) ."'")->rowCount() == 1)
			{
				echo '<form action="?act=change_pass&tmphash='.input($_GET['tmphash']).'&amp;email='.input($_GET['email']).'" method="post">
				<div class="post">
				<b>'. $lang->word('new_e') .' '. $lang->word('password') .'</b><br/>
				<input type="text" name="npass"/><br/>
				<b>'. $lang->word('confirm') .' '. $lang->word('password') .'</b>:<br/>
				<input type="text" name="pass"/><br/>
				<input type="submit" name="save_pass" value="'. $lang->word('save') .'" /><br/>
				</div>
				</form>';
				$tpl->div('block', HICO .'<a href="/">'. $lang->word('home') .'</a>');
				require_once(SYS.'/view/footer.php');
				exit;
			}
		else
			{
				echo $tpl->div('error', $lang->word('fail_a'));
			}
	}
 
echo '<div class="menu">
<form action="/user/recovery?" method="post">
		'. $lang->word('nick') .':<br/>
		<input type="text" name="nick" /><br/>
		E-mail:<br/>
		<input type="text" name="email" /><br/>
		<input type="submit" value="Ok!" />
	</form>
	</div>';
$tpl->div('block', HICO .'<a href="/">'. $lang->word('home') .'</a>');
require_once(SYS.'/view/footer.php');
?>