-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpwd_recovery.php
68 lines (53 loc) · 1.84 KB
/
pwd_recovery.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
class ControllerIndex{
private $_system;
private $_hat;
private $_shoe;
function __construct()
{
require_once 'libs/config.php';
$this->_system = System::singleton();
$this->_hat = new Hat();
$this->_shoe = new Shoe();
$data["baseHref"] = $this->_system->GetBaseRef();
$data["skin"] = $this->_system->get('skin');
$data['env'] = $this->_system->getEnviroment();
$data['token'] = session_id(); //token for cross site injection
$email = (empty($_POST['email'])) ? null : $this->_system->nohacker($_POST['email']);
$token = (empty($_POST['token'])) ? null : $this->_system->nohacker($_POST['token']);
$type = (empty($_GET['t'])) ? null : $this->_system->nohacker($_GET['t']);
$this->_hat->pintaHat('login');
$array_bg = array();
$directory = $this->_system->get('background');
$dirint = dir($directory);
while (($archivo = $dirint->read()) !== false){
if (eregi("gif", $archivo) || eregi("jpg", $archivo) || eregi("png", $archivo)){
array_push($array_bg, $directory.$archivo);
}
}
$dirint->close();
$data['background'] = $array_bg;
if($email){
if($token===session_id()){
require_once 'libs/apps/users/class.users.php';
$users = new Users();
$request = $users->recoveryRequest($email);
if($request['status']==="Accepted"){
$data['ok'] = true;
$this->_system->fShow($this->_system->get('skin')."/tpl_pwd_recovery_2.php",$data);
}else{
$data['ok'] = false;
$this->_system->fShow($this->_system->get('skin')."/tpl_pwd_recovery_2.php",$data);
}
}else{
echo "Cross site injection detected";
}
}else{
$data['type'] = $type;
$this->_system->fShow($this->_system->get('skin')."/tpl_pwd_recovery_1.php",$data);
}
$this->_shoe->pintaShoe();
}
}
new ControllerIndex();
?>