View file www/partner/forgot_password.php

File size: 3.3Kb
<?
include("../../includes/common.php");

if($PARTNER_ID>0){
	header("Location: $PARTNER_URL");
	exit;
}

function LocalCheck(){
	global $_POST;

	reset ($_POST);
	while (list($key, $value) = each ($_POST)){
		$$key = $value;
	}
	
	$err_arr = Array();
	
	if(!ValidateEmail($email)){
		$err_arr['email'] = "Enter correct e-mail address, please.";
	}

	return $err_arr;
}

if(isset($_GET['hash'])){
	$hash = trim($_GET['hash']);
	
	if(eregi("^[A-Za-z0-9]+$",$hash)){
		$row = mysql_fetch_object(mysql_query("select * from hashes where type=3 and hash='$hash'"));	
		
		if($row->owner_id!=""){
			$pass = GenRandom(10);
			mysql_query("update partners set password = '".md5($pass)."' where id=$row->owner_id");

			$user_row = mysql_fetch_object(mysql_query("select * from partners where id=$row->owner_id"));

			$mail_arr = GetEmailTemplate('PARTNER_NEW_PASSWORD');
			
			$msg = $mail_arr['body'];
			$msg = str_replace("FIRST_NAME",stripslashes($user_row->first_name),$msg);
			$msg = str_replace("LAST_NAME",stripslashes($user_row->last_name),$msg);
			$msg = str_replace("PASSWORD",$pass,$msg);
			SendEMail($user_row->email,$mail_arr['subject'],$msg,$mail_arr['from'],$mail_arr['format']);
			
			mysql_query("delete from hashes where id=$row->id and type=3");	

			$_SESSION['STATUS_MSG'] = "New password was sent to your e-mail. We recommend to change it as soon as possible.";
			header("Location: $PARTNER_URL/login.php");
			exit;
		}
		else{
			$_SESSION['ERROR_MSG'] = $SETTINGS['invalid_request_msg'];
			header("Location: $PARTNER_URL/login.php");
			exit;
		}
	}
	else{
		$_SESSION['ERROR_MSG'] = $SETTINGS['invalid_request_msg'];
		header("Location: $PARTNER_URL/login.php");
		exit;
	}
}

if(isset($_POST['subm'])){
	reset ($_POST);
	while (list($key, $value) = each ($_POST)){
		$$key = $value;
	}
	
	$err_arr = LocalCheck();

	if(sizeof($err_arr)==0){
	
		$user_row = mysql_fetch_object(mysql_query("select * from partners where upper(email)='".strtoupper($email)."'"));
		if($user_row->id!=""){
			$hash = GenRandom(30);
	
			$prms = Array(
				"owner_id" => $user_row->id,
				"hash" => $hash,
				"type"  => 3,
				"regdate"  => time()
			);
			if(AddRecord("hashes",$prms)){
				$mail_arr = GetEmailTemplate('PARTNER_PASSWORD_REQUEST');
				
				$link = $PARTNER_URL."/forgot_password.php?hash=$hash";
				$link = "<a href='$link'>".$link."</a>";
		
				$msg = $mail_arr['body'];
				$msg = str_replace("FIRST_NAME",stripslashes($user_row->first_name),$msg);
				$msg = str_replace("LAST_NAME",stripslashes($user_row->last_name),$msg);
				$msg = str_replace("REMOTE_IP",$_SERVER['REMOTE_ADDR'],$msg);
				$msg = str_replace("RESET_LINK",$link,$msg);
				
				SendEMail($user_row->email,$mail_arr['subject'],$msg,$mail_arr['from'],$mail_arr['format']);
			}
//			print_r($user_row." ".$msg);
		}
		$_SESSION['STATUS_MSG'] = "A letter with instructions was e-mail to specified address. Follow them to reset password, please.";
		header("Location: $PARTNER_URL/login.php");
		exit;
	}
}

$error=is_array($err_arr)?implode("<br>",$err_arr):"";
$smarty->assign('errors',$err_arr);
$smarty->assign('error',$error);

$email = htmlspecialchars(stripslashes($email));
$smarty->assign('email',$email);

$smarty->display("partner_forgotten_pass.tpl");
?>