-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlost.php
83 lines (66 loc) · 2.42 KB
/
lost.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?php
/**
* eXtreme Message Board
* XMB 1.10.00-alpha
*
* Developed And Maintained By The XMB Group
* Copyright (c) 2001-2025, The XMB Group
* https://www.xmbforum2.com/
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
use function XMB\Services\sql;
define('X_SCRIPT', 'lost.php');
require 'header.php';
loadtemplates(
'lost_pw_reset',
'misc_feature_not_while_loggedin'
);
$token1 = postedVar('a', '', false, false, false, 'g');
$token2 = postedVar('token', '', false, false, false, 'p');
$valid_get = preg_match('%^[a-f0-9]{32}$%', $token1) === 1;
$valid_post = preg_match('%^[a-f0-9]{32}$%', $token2) === 1;
if (X_MEMBER) {
eval('$page = "'.template('misc_feature_not_while_loggedin').'";');
} elseif ($valid_get) {
// Link from email received.
$token = $token1;
eval('$page = "'.template('lost_pw_reset').'";');
} elseif ($valid_post) {
// New password from posted form received.
$username = postedVar('username', '', true, false);
if ('' == $username) {
error($lang['textnousername']);
}
if (strlen($username) < $vars::USERNAME_MIN_LENGTH || strlen($username) > $vars::USERNAME_MAX_LENGTH) {
error($lang['username_length_invalid']);
}
$newPass = $core->assertPasswordPolicy('password1', 'password2');
// Inputs look reasonable. Check the token.
if (! \XMB\Token\consume($token2, 'Lost Password', $username)) {
error($lang['lostpw_bad_token']);
}
$passMan = new \XMB\Password($sql);
$passMan->changePassword($username, $newPass);
unset($newPass, $passMan);
$sql->deleteWhosonline($username);
$session->logoutAll($username);
message($lang['lostpw_success']);
} else {
error($lang['lostpw_bad_token']);
}
eval('$header = "'.template('header').'";');
end_time();
eval('$footer = "'.template('footer').'";');
echo $header, $page, $footer;