This repository has been archived by the owner on Jun 7, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 201
/
password_reset.php
79 lines (56 loc) · 2.83 KB
/
password_reset.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<?php
/*
$Id$
CE Phoenix, E-Commerce made Easy
https://phoenixcart.org
Copyright (c) 2021 Phoenix Cart
Released under the GNU General Public License
*/
require 'includes/application_top.php';
// no reason to be on this page if the requirements not installed
if (!$customer_data->has(['email_address', 'password', 'password_reset_key', 'password_reset_date'])) {
tep_redirect(tep_href_link('index.php'));
}
require language::map_to_translation('password_reset.php');
$page_fields = [ 'password', 'password_confirmation' ];
$error = false;
if (isset($_GET['account']) && isset($_GET['key'])) {
$email_address = tep_db_prepare_input($_GET['account']);
$password_key = tep_db_prepare_input($_GET['key']);
$email_class = get_class($customer_data->get_module('email_address'));
if ( (strlen($email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) || !$email_class::validate($email_address) ) {
$error = true;
$messageStack->add_session('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
} elseif (strlen($password_key) != 40) {
$error = true;
$messageStack->add_session('password_forgotten', TEXT_NO_RESET_LINK_FOUND);
} else {
$check_customer_query = tep_db_query($customer_data->build_read(['id', 'email_address', 'password_reset_key', 'password_reset_date'], 'customers', ['email_address' => $email_address]));
if ($check_customer = tep_db_fetch_array($check_customer_query)) {
if ( empty($check_customer['password_reset_key']) || ($check_customer['password_reset_key'] != $password_key) || (strtotime($check_customer['password_reset_date'] . ' +1 day') <= time()) ) {
$error = true;
$messageStack->add_session('password_forgotten', TEXT_NO_RESET_LINK_FOUND);
}
} else {
$error = true;
$messageStack->add_session('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
}
}
} else {
$error = true;
$messageStack->add_session('password_forgotten', TEXT_NO_RESET_LINK_FOUND);
}
if ($error) {
tep_redirect(tep_href_link('password_forgotten.php'));
}
if (tep_validate_form_action_is('process')) {
$customer_details = $customer_data->process($page_fields);
if (tep_form_processing_is_valid()) {
$customer_data->update(['password' => $customer_data->get('password', $customer_details)], ['id' => (int)$customer_data->get('id', $check_customer)]);
tep_db_query("UPDATE customers_info SET customers_info_date_account_last_modified = NOW(), password_reset_key = NULL, password_reset_date = NULL WHERE customers_info_id = " . (int)$check_customer['customers_id']);
$messageStack->add_session('login', SUCCESS_PASSWORD_RESET, 'success');
tep_redirect(tep_href_link('login.php'));
}
}
require $oscTemplate->map_to_template(__FILE__, 'page');
require 'includes/application_bottom.php';