<?php
$template_vars['header'] = array(
'TITLE' => $lang['FORGOT'],
'CSS' => $css
);
$template_vars['body'] = array();
$template->set_vars('header', $template_vars['header']);
$show_form = true;
if( empty($_POST) == false )
{
$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
$email = isset( $_POST['email'] ) ? (string) $_POST['email'] : '';
$code = isset( $_POST['code'] ) ? (int) $_POST['code'] : '';
$_SESSION['captcha_key'] = isset( $_SESSION['captcha_key'] ) ? $_SESSION['captcha_key'] : NULL;
$_SESSION['captcha_failures'] = isset( $_SESSION['captcha_failures'] ) ? $_SESSION['captcha_failures'] : 0;
if( get_magic_quotes_gpc() )
{
$email = stripslashes( $email );
}
$error = '';
if($_SESSION['captcha_key'] === NULL || ($_SESSION['captcha_key'] != $code) )
{
$error = $lang['ERR_CAPTCHA'];
if( ++$_SESSION['captcha_failures'] == 5 )
{
$error = $lang['ERR_CAPTCHA_TOO_MANY_FAILURES'];
$_SESSION['captcha_key'] = NULL;
$_SESSION['captcha_failures'] = 0;
}
}
else if( $id === 0 )
{
$error = $lang['ERR_EMPTY_ID'];
}
else if( $email === '' )
{
$error = $lang['ERR_EMPTY_EMAIL'];
}
if( $error == '' )
{
if( !($qresult = $sql->query("SELECT * FROM `" . CATALOGUE_SITES . "` WHERE `id` = " . $id . ";")) )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
if( $sql->num_rows() > 0 )
{
$site = $sql->fetch_assoc($sql->result);
if( !$sql->query("DELETE FROM `" . CATALOGUE_KEYS . "` WHERE `dt` < UNIX_TIMESTAMP() - 1800;") )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
if( !$sql->query("SELECT * FROM `" . CATALOGUE_KEYS . "` WHERE `site_id` = " . $id . ";") )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
if( $sql->num_rows() > 0 )
{
$template->set_block_vars('body', 'error', array('MESSAGE' => sprintf($lang['ERR_KEY_ALREADY_EXIST'], $email)));
}
else if( $email == $site['email'] )
{
$key = md5(random_string( 10 ));
$template->load_template('language/' . $_SESSION['language'] . '/mail/passwd_recovery_step1.tpl', 'letter');
$template->set_vars('letter', array(
'ID' => $id,
'SITE' => 'http://' . $site['site'] . '/',
'LINK' => 'http://' . $_SERVER['HTTP_HOST'] . gen_uri('key', '', 'key_id=' . $key, '', false, false),
'CATALOGUE_NAME' => $config['catalogue_name']
));
$headers = array();
$headers[] = 'From: ' . $config['catalogue_email'];
$headers[] = 'Content-Type: text/plain; charset=utf-8';
$message = $template->evaluate_tpl('letter');
$template->cancel('letter');
if( mail($email, 'Password recovery', $message, implode("\r\n", $headers)) )
{
$_SESSION['captcha_key'] = NULL;
$_SESSION['captcha_failures'] = 0;
if( !$sql->query("INSERT INTO `" . CATALOGUE_KEYS . "` SET `key` = '" . $key . "', `site_id` = " . $id . ", `email` = '" . $sql->escape_string($email) . "', `dt` = UNIX_TIMESTAMP();") )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
$template->load_template('templates/' . VERSION . '/message.tpl', 'body');
$template->set_vars('body', array('MESSAGE' => sprintf($lang['PASSWD_RECOVERY_SUCCESS_STEP1'], $email)));
$link = array(
array('HREF' => gen_uri('authentication'), 'NAME' => $lang['LOGIN']),
array('HREF' => gen_uri('index'), 'NAME' => $lang['BACK'])
);
for($i = 0; $i < count($link); $i++)
{
$template->set_block_vars('body', 'link', $link[$i]);
}
$show_form = false;
}
else
{
$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_MAIL_FAILURE']));
}
}
else
{
$template->set_block_vars('body', 'error', array('MESSAGE' => sprintf($lang['ERR_RECOVERY_INVALID_EMAIL'], $id)));
}
}
else
{
$template->set_block_vars('body', 'error', array('MESSAGE' => sprintf($lang['ERR_SITE_DNE'], $id)));
}
}
else
{
$template->set_block_vars('body', 'error', array('MESSAGE' => $error));
}
}
if( $show_form )
{
$pic_types = array('gif', 'jpg', 'png');
$pic_type = isset( $_GET['type'] ) ? (string) $_GET['type'] : '';
$pic_type = in_array($pic_type, $pic_types) ? $pic_type : 'gif';
$pic_type_links = array();
for($i = 0; $i < count($pic_types); $i++)
{
if( $pic_type != $pic_types[$i] )
{
$pic_type_links[] = "<a href='" . gen_uri($m, '', 'type=' . $pic_types[$i]) . "'>" . strtoupper($pic_types[$i]) . "</a>";
}
}
$pic_type_links = implode(', ', $pic_type_links);
$template_vars['body'] = array(
'ID' => $lang['ID'],
'CODE' => $lang['CODE'],
'CAPTCHA_SRC' => append_sid(PATH . '/captcha/?type=' . $pic_type),
'PIC_IS_NOT_LOAD' => $lang['PIC_IS_NOT_LOAD'],
'PIC_TYPE_LINKS' => $pic_type_links,
'SUBMIT' => $lang['SUBMIT'],
'PATH' => gen_uri($m, '', 'type=' . $pic_type . '&' . $nocache),
'LOGIN_HREF' => gen_uri('authentication'),
'LOGIN' => $lang['LOGIN'],
'BACK_HREF' => gen_uri('index'),
'BACK' => $lang['BACK'],
'NOCACHE' => $nocache,
);
$template->set_block_vars('body', 'captcha', array());
}
$template->set_vars('header', $template_vars['header']);
$template->set_vars('body', $template_vars['body']);
$template->set_vars('footer', array('SWITCH_VERSION' => switch_version($m, '', $show_form ? 'type=' . $pic_type . '&' . $nocache : $nocache)));
?>