File size: 5.54Kb
<?php
/*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\//
// Sitchi CMS - Mobile Content Management System //
// The author: Nikoloz Sitchinava [sitchi] //
// Link: http://sitchicms.num.ge //
// Skype: SitchiCMS //
// License: LICENSE.txt (see attached file) //
// Version: VERSION.txt (see attached file) //
//\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\*/
define('_SITCHICMS', 1);
$root_path='../';
require $root_path.'includes/db_connect.php';
require $root_path.'includes/start.php';
require $root_path.'includes/header.php';
require $root_path.'includes/functions.php';
require $root_path.'includes/head.php'; // თავი
$lng_pass = load_lng('pass');
head(''.$lng_pass['1_1'].'');
if (!isset($_GET['act']))$_GET['act']='';
$act=htmlspecialchars(trim($_GET['act']));
function passgen($length) {
$vals = "abcdefghijklmnopqrstuvwxyz0123456789";
for ($i = 1; $i <= $length; $i++) {
$result .= $vals{rand(0, strlen($vals))};
}
return $result;
}
switch ($act) {
case 'sent':
/*ვაგზავნით E-mail–ზე პაროლის აღსადგენ ინსტრუქციას*/
$login = isset($_POST['login']) ? trim($_POST['login']) : '';
$email = isset($_POST['email']) ? htmlspecialchars(trim($_POST['email'])) : '';
$code = isset($_POST['code']) ? trim($_POST['code']) : '';
$err = false;
if (!$login || !$email || !$code){
$err[] = '<div class="errmenu">'.$lng_pass['1_3'].'</div>';}
else
if (!isset($_SESSION['rand']) || mb_strlen($code) < 4 || $code != $_SESSION['rand']){
$err[] = '<div class="errmenu">'.$lng['1_13'].'</div>';}
unset($_SESSION['rand']);
if (!$err) {
// მონაცემების შემოწმება
$mot = mysql_query("SELECT * FROM `users` WHERE `login` = '$login' LIMIT 1");
if (mysql_num_rows($mot) == 1) {
$res = mysql_fetch_array($mot);
if (empty($res['email']) || $res['email'] != $email){
$err[] = '<div class="errmenu">'.$lng_pass['1_5'].'</div>';}
if ($res['rest_time'] > $time - 86400){
$err[] = '<div class="errmenu">'.$lng_pass['1_6'].'</div>';}
}else{
err();
}}
if (!$err) {
// ვაგზავნით ინსტრუქციას E-mail–ზე
$subject = ''.$lng_pass['1_1'].'';
$mail = "".$lng_pass['1_15'].", " . $res['name'] . "\r\n".$lng_pass['1_16']." http://".$_SERVER['SERVER_NAME']."\r\n";
$mail .= "".$lng_pass['1_17'].": \n\n http://".$_SERVER['SERVER_NAME']."/pages/lostpassword.php?act=set&id=" . $res['id'] . "&code=" . session_id() . "\n\n";
$mail .= "".$lng_pass['1_18']."\r\n";
$mail .= "".$lng_pass['1_19']."";
$adds = "From: <" . $set['email'] . ">\r\n";
$adds .= "Content-Type: text/plain; charset=\"utf-8\"\r\n";
if (mail($res['email'], $subject, $mail, $adds)) {
mysql_query("UPDATE `users` SET `rest_code` = '" . session_id() . "', `rest_time` = '$time' WHERE `id` = '" . $res['id'] . "'");
echo'<div class="egmenu"><p>'.$lng_pass['1_7'].'</p></div>';
}else{
echo'<div class="errmenu"><p>'.$lng_pass['1_8'].'</p></div>';
}
}else{
// შეცდომის ჩვენება
err();
}
break;
case 'set':
/*ახალი პაროლის დაყენება*/
$code = isset($_GET['code']) ? trim($_GET['code']) : '';
$id = isset($_GET['id']) ? trim($_GET['id']) : '';
$err = false;
if (!$id || !$code){
$err[] = '<div class="errmenu">'.$lng_pass['1_9'].'</div>';}
$mot = mysql_query("SELECT * FROM `users` WHERE `id` = '$id'");
if (mysql_num_rows($mot) == 1) {
$res = mysql_fetch_array($mot);
if (empty($res['rest_code']) || empty($res['rest_time']) || $code != $res['rest_code']) {
$err[] = '<div class="errmenu">'.$lng_pass['1_10'].'</div>';
}
if (!$err && $res['rest_time'] < $time - 3600) {
$err[] = '<div class="errmenu">'.$lng_pass['1_11'].'</div>';
mysql_query("UPDATE `users` SET `rest_code` = '', `rest_time` = '' WHERE `id` = '$id'");
}
}else{
$err[] = '<div class="errmenu">'.$lng_pass['1_12'].'</div>';
}
if (!$err) {
// ვაგზავნით პაროლს E-mail–ზე
$pass = passgen(4);
$login = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '$id'"));
$subject = ''.$lng_pass['1_20'].'';
$mail = "".$lng_pass['1_15'].", " . $res['name'] . "\r\n".$lng_pass['1_21']." http://".$_SERVER['SERVER_NAME']."\r\n";
$mail .= "".$lng_pass['1_22'].": $pass\r\n";
$mail .= "".$lng_pass['1_23']."";
$adds = "From: <" . $set['email'] . ">\n";
$adds .= "Content-Type: text/plain; charset=\"utf-8\"\r\n";
if (mail($res['email'], $subject, $mail, $adds)) {
mysql_query("UPDATE `users` SET `rest_code` = '', `pass` = '".md5($pass.$login['login'])."' WHERE `id` = '$id'");
echo'<div class="hdr">'.$lng_pass['1_13'].'</div>';
echo'<div class="egmenu"><p>'.$lng_pass['1_14'].'</p></div>';
}else{
echo'<div class="errmenu"><p>'.$lng_pass['1_8'].'</p></div>';
}
}else{
// შეცდომის ჩვენება
err();
}
break;
default:
/*პაროლის აღსადგენი ფორმა*/
echo'<div class="hdr"><b>'.$lng_pass['1_1'].'</b></div>';
echo'<div class="egmenu"><form action="lostpassword.php?act=sent" method="post">' .
''.$lng['1_42'].':<br/><input type="text" name="login" /><br/>' .
'e-mail:<br/><input type="text" name="email" /><br/>' .
'<img src="captcha.php" alt=""/><br/>' .
'<input type="text" size="5" maxlength="5" name="code"/>'.$lng['1_66'].'<br/>' .
'<input type="submit" value="'.$lng_pass['1_1'].'"/></form></div>';
echo'<div class="hdr"><small>'.$lng_pass['1_2'].'.</small></div>';
break;
}
require $root_path.'includes/end.php'; // დასასრული
?>