File: D:/HostingSpaces/SBogers10/deensekroon.komma-mediadesign.nl/wwwroot/admin/php/forgotPass.php
<?php
function initForgotPass(){
$output = '';
if(isset($_POST['back'])){
header('location: ../');
}
else if(isset($_POST['submit_mail'])){
$output .= validateForm();
}
else{
$output .= getForm();
}
return $output;
}
function getForm(){
/* language */
$siteLabels = getLanguage();
/* output form */
$output = '';
$output .= '<div id="login-holder">';
$output .= '<div id="login-header">';
//subtitle
$output .= '<span class="cp-title">'.strtolower($siteLabels['log-forgotpass-title']).'</span>';
$output .= '</div>';
$output .= '<div id="login-content">';
//show message and then unset
if(isset($_SESSION['feed-msg'])) $output .= $_SESSION['feed-msg'];
if(isset($_SESSION['feed-msg'])) unset($_SESSION['feed-msg']);
//form
$output .= '<form action="" method="post">';
$output .= $siteLabels['log-forgotpass-email'].'<br />';
$output .= '<input type="text" name="email" value="" class="txt" />';
$output .= '<input type="submit" name="submit_mail" value="'.$siteLabels['log-forgotpass-mailbtn'].'" class="btn176"/>';
$output .= '<input type="submit" name="back" value="'.$siteLabels['log-forgotpass-back'].'" class="btn176"/>';
$output .= '</form>';
$output .= '</div>';
$output .= '</div>';
return $output;
}
function validateForm(){
//access the global sql object
global $mysqli;
/* language */
$siteLabels = getLanguage();
$email = $_POST['email'];
#1 if nog empty field
if(!empty($email)){
#2 check if e-mail is in database
$query = "SELECT id, user FROM shop_admin WHERE email = '".addslashes($email)."'";
if(!$result = $mysqli->query($query)){
//error handling
}
else{
if ($result->num_rows > 0) { // if user found
//valid!
$record = $result->fetch_assoc();
$id = $record['id'];
$user = $record['user'];
//generate new pass
$newPass = randomPassword();
//$newPass = 'D33nseKr00n!!17';
//secure pass
$salt = generateSalt(04);
$hash = crypt($newPass,$salt);
//update database
$query = "UPDATE shop_admin
SET hash = '".$hash."'
WHERE id = '".$id."'";
if(!$mysqli->query($query)){
//error handling
}
//send mail
$header = "MIME-Version: 1.0\r\n";
$header .= "Content-type: text/html; charset=iso-8859-1\r\n";
$header .= "To: ".$user." <".$email.">\r\n";
$header .= "From: Mike Ontwerpt<noreply@mikeontwerpt.nl>\r\n";
$msg = getMailNewPass($user,$newPass);
if(mail($email, $siteLabels['mailNewPassSubject'] ,$msg, $header)){
$_SESSION['feed-msg'] = '<span class="fm-suc"><span class="fm-suc-v">√</span>'.$siteLabels['fm-emailsucsend'].'</span>';
header('location: ../');
}
else{
//feedback no email found
$_SESSION['feed-msg'] = '<span class="fm-err"><span class="fm-err-x">×</span>'.$siteLabels['fm-emailnotsend'].'</span>';
return getForm();
}
}
else{
//feedback no email found
$_SESSION['feed-msg'] = '<span class="fm-err"><span class="fm-err-x">×</span>'.$siteLabels['fm-noemailfound'].'</span>';
return getForm();
}
}
}
else{
//feedback fill in the fields
$_SESSION['feed-msg'] = '<span class="fm-err"><span class="fm-err-x">×</span>'.$siteLabels['fm-emptyonefield'].'</span>';
return getForm();
}
}
function randomPassword(){
$lenght = 6;
$lowercase = true;
$uppercase = true;
$numeric = true;
$special = false;
$availableCharacters = null;
$lowercaseCharacters = 'abcdefghijklmnopqrstuvwxyz';
$uppercaseCharacters = strtoupper($lowercaseCharacters);
$numericCharacters = '0123456789';
$specialCharacters = '!@#$%^&';
$availableCharacters = ($lowercase ? $lowercaseCharacters : '').($uppercase ? $uppercaseCharacters : '').($numeric ? $numericCharacters : '').($special ? $specialCharacters : '');
$numOfCharacters = strlen($availableCharacters);
$password = '';
for($i = 0; $i < $lenght; $i++){
$r = rand(1,$numOfCharacters);
$password .= substr($availableCharacters, $r, 1);
}
return $password;
}
?>