-
Notifications
You must be signed in to change notification settings - Fork 1
/
confirm_forgot.php
executable file
·126 lines (110 loc) · 3.2 KB
/
confirm_forgot.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
<?php
include("includes/header_login.php");
$database = new Database();
//setup some variables
$action = array();
$action['result'] = null;
//quick/simple validation
if(empty($_GET['email']) || empty($_GET['key'])){
$action['result'] = 'error';
$action['text'] = 'Error con las variables, regresa a tu email y da click de nuevo.';
}
if($action['result'] != 'error'){
//cleanup the variables
$email = $_GET['email'];
$key = $_GET['key'];
//check if the key is in the database
$sql = "SELECT * FROM `forgot` WHERE `email`=:email AND `key2`=:key LIMIT 1";
$database->query($sql);
$database->bind(':email', $email);
$database->bind(':key', $key);
$database->execute();
$check_key=$database->rowCount();
if($check_key != 0){
//get the confirm info
$confirm_info = $database->single();
//confirm the email and update the users database
$seed = '0123456789abcdefghijklmnopqrstuvwxyz';
$hash = sha1(uniqid($seed . mt_rand(), true));
$hash = substr($hash, 0, 10);
$pass = password_hash($hash, PASSWORD_DEFAULT);
$sql="UPDATE `users` SET `user_passwd`=:user_passwd WHERE `user_id`=:user_id LIMIT 1";
$database->query($sql);
$database->bindArray(array(
':user_id' => $confirm_info['userid'],
':user_passwd' => $pass
));
if($database->execute()){
$action['result'] = 'success';
$action['text'] = 'Restablecimiento correcto!';
$run=1;
}else{
$action['result'] = 'error';
$action['text'] = 'No se puede restablecer la contraseña debido a: '.$database->errorInfo();
$run=0;
}
//delete the confirm row
$sql="DELETE FROM `forgot` WHERE `id`=:f_id LIMIT 1";
$database->query($sql);
$database->bindArray(array(
':f_id' => $confirm_info['id']
));
$database->execute();
$sql="OPTIMIZE TABLE `forgot`";
$database->query($sql);
$database->execute();
if($update_users){
$action['result'] = 'success';
$action['text'] = 'Restablecimiento correcto!';
} else {
$action['result'] = 'error';
$action['text'] = 'No se puede restablecer la contraseña debido a: '.mysql_error();
}
} else {
$action['result'] = 'error';
$action['text'] = 'Tu clave de activación es incorrecta!.';
}
}
?>
<!-- BEGIN BODY -->
<body class="login">
<!-- BEGIN LOGO -->
<div class="logo">
<a href="index.html">
<img src="images/logo-big.png" alt=""/>
</a>
</div>
<!-- END LOGO -->
<!-- BEGIN SIDEBAR TOGGLER BUTTON -->
<div class="menu-toggler sidebar-toggler">
</div>
<!-- END SIDEBAR TOGGLER BUTTON -->
<!-- BEGIN LOGIN -->
<div class="content">
<!-- BEGIN FORGOT PASSWORD FORM -->
<h3>Restablecer contraseña</h3>
<p>
<?php
if($run==1) {
echo '<br />
<br />
Tu contraseña temporal es: <strong>'.$hash.'</strong>
<br /><br>
Entra al sistema, edita tu perfil y cambia tu contraseña de inmediato!';
}
?>
</p>
<div class="form-group">
<div class="input-icon">
</div>
</div>
<div class="form-actions">
<a href="index.php" id="back-btn" class="btn">
<i class="m-icon-swapleft"></i> Regresar </a>
<br>
</div>
</form>
<!-- END FORGOT PASSWORD FORM -->
</div>
<!-- END LOGIN -->
<?php include("includes/footer_login.php"); ?>