& Matías Parodi # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # ## if (!defined("SECURITY")) { exit; } if ($_SESSION['LOGIN'] === true) header("Location: {$base}notes"); $username = safe_str($_GET['username'], true); $token = safe_str($_GET['token'], true); if ((!empty($username)) and (!empty($token))) { $sql = "SELECT * FROM `tokens` WHERE ((`tokens`.`token` = '" . $token . "') AND (`tokens`.`username` = '" . $username . "') AND (`tokens`.`type` = 'forgot')) LIMIT 1;"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); mysql_free_result($result); if (mysql_affected_rows() == 1) { if (($username == $row['username']) and ($token == $row['token']) and ($row['type'] == 'forgot')) { if (get_seconds($row['date']) <= 86400) { $new_password = substr(md5(rand()), 0, 8); $salt = substr(md5(rand()), 0, 5); $password_md5 = md5(md5($new_password) . md5($salt)); $sql = "UPDATE `users` SET `password` = '" . $password_md5 . "', `salt` = '" . $salt . "' WHERE (`users`.`username` = '" . $username . "') LIMIT 1;"; $result = mysql_query($sql); $sql = "DELETE FROM `tokens` WHERE (`tokens`.`token` = '" . $token . "') LIMIT 1;"; $result = mysql_query($sql); $old_msg_body = sprintf(_("Éstas son tus nuevas credenciales:\n\nUsuario: %s\nContraseña: %s\n\nA partir de ahora deberás utilizarlas para acceder a tu cuenta.\n--\nAdministración de Jisko (%s)"), $username, $new_password, $CONFIG['EMAIL_CONTACT'], $CONFIG['EMAIL_CONTACT']); $msg_body = ereg_replace("\n", "
", $old_msg_body); $subject = "Nueva contraseña en Jisko"; $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; UTF-8\r\n"; $headers .= "From: Jisko <" . $CONFIG['EMAIL_CONTACT'] . ">"; $sql = "SELECT `users`.* FROM `users` WHERE (`users`.`username` = '" . $username . "') LIMIT 1;"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); mysql_free_result($result); @ mail($row['email'], $subject, $msg_body, $headers); echo '
' . _('Recibirás un correo con tu nueva contraseña en breve.') . '
'; return; } else { $sql = "DELETE FROM `tokens` WHERE (`tokens`.`token` = '" . $token . "') LIMIT 1;"; $result = mysql_query($sql); echo '
' . _('Código de confirmación caducado') . '
'; } } else { echo '
' . _('Código de confirmación inválido') . '
'; } } else { echo '
' . _('Código de confirmación inválido') . '
'; } } else { if ($_POST) { $email = safe_str($_POST['email'], true); if (!empty($email)) { $sql = "SELECT `users`.* FROM `users` WHERE (`users`.`email` ='" . $email . "') LIMIT 1;"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); mysql_free_result($result); if ($row['email'] == $email) { $username = $row['username']; $token = substr(md5(rand()), 0, 10); $sql = "INSERT INTO `tokens` (`username`, `type`, `token`, `date`) VALUES ('" . $username . "', 'forgot', '" . $token . "', UNIX_TIMESTAMP());"; $result = mysql_query($sql) or die (mysql_error()); $old_msg_body = sprintf(_("¿Has perdido tu contraseña? No te preocupes, a todos nos pasa alguna vez. Sólo tienes que seguir el siguiente enlace:\n\nRecuperar contraseña\n--\nAdministración de Jisko (%s)"), $username, $token, $CONFIG['EMAIL_CONTACT'], $CONFIG['EMAIL_CONTACT']); $msg_body = ereg_replace("\n", "
", $old_msg_body); $subject = _('Recuperación de contraseña'); $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; UTF-8\r\n"; $headers .= "From: Jisko <" . $CONFIG['EMAIL_CONTACT'] . ">"; @ mail($email, $subject, $msg_body, $headers); echo '
' . _('Recibirás un correo con instrucciones en breve') . '
'; return; } else { $user_err = _('El e-mail no existe'); } } else { $user_err = _('Debe especificar un e-mail'); } } ?>


' . $user_err . '
'; ?>
: