Viên ngọc phương Đông

ruạṛ

<?php
/**
 * Process request for a password reset link backported
 * @version 0.9
 * @author Robert Urquhart <programmer@activatedesign.co.nz>
 * @package dreamdiamondstore
*/

/*
 * site data and definitions
 * @var string $include_path - for easy global search/replace if include location changes
 * @var string $template_dir location of template specific functions (and user connection details if different permissions supported)
 */
$include_path = $_SERVER['DOCUMENT_ROOT'].'/admin/scripts-includes/';
$template_dir = $_SERVER['DOCUMENT_ROOT'].'/resources/template/';
require_once $include_path.'universal.php';
require_once $template_dir.'functions.php';

/*
 * start the session (after includes so objects stored in $_SESSION are created properly)
 */
session_start();

$connID = connect_to_db();

/**
 * suhosin workaround - load session user data
 * @var object $customer
 */
$customer = user_load();

/*
 * shouldn't be trying to access this if logged in
 */
if($customer->logged_in){
	getout('',select_one('page_data','path','page_type','customers'));
}
/**
 * get and clean form data
 * @var $string $email
 */
$email = clean_plain_data($_POST['email']);

/*
 * validate
 */
if(!is_email($email))
{
	//set_message('Please enter a valid email address');
	setCookie('resetMessage','Please enter a valid email address',time()+30,'/');
	getout('');
	exit;
}

if(!$user_id = select_one('users','user_id','email',$email))
{
	//set_message('There is no account associated with that email address. Please check the spelling and try again.');
	setCookie('resetMessage','There is no account associated with that email address. Please check the spelling and try again',time()+30,'/');
	getout();
	exit;
}

/**
 * generate and store validation string
 * @var string $validation string to check for email validation
 * - infintesimal but non-zero chance of getting identical strings for multiple records - hash unique record data instead?
 * - worst that will happen is someone changes someone elses password
 * - user name or email is output on reset form to mitigate this
 * @var string $query update query to store validation in database 
 */ 
$validation = mmm_salt(18);
$query = "update users set password_reset = '$validation' where user_id = '$user_id'";
if(!mysql_query($query))
{
	//set_message($db->error);
	setCookie('resetMessage',''.mysql_error().'',time()+30,'/');
	getout('');
	exit;
}

/*
 * send validation email
 * @var string $subject
 * @var string $body
 * @todo make these definitions in universal.php
 */
$subject = SITE_FROM_NAME.' password reset';
$body = 'Dear '.SITE_FROM_NAME.' member,

We have received a request to reset your password. To select a new password please follow the link below or copy and paste it into your browsers address bar.
If you did not make this request you may safely ignore this email (although you may want to alert someone).

http://'.SITE_ROOT.select_one('page_data','path','page_type','reset-password').'?verify='.$validation.'

- '.SITE_FROM_NAME.' notification service';

if(!send_email($body,$subject,$email))
{
	//set_message('There was a system error sending the email. Please try again or notify the developer.');
	setCookie('resetMessage','There was a system error sending the email. Please try again or notify the developer.',time()+30,'/');
}
else
{
	//set_message('A password reset link has been sent to '.$email);
	setCookie('resetMessage','A password reset link has been sent to '.$email.'',time()+30,'/');
}

getout('');
exit;
?>