<?php
# Jisko: An open-source microblogging application
# Copyright (C) 2010 Rubén Díaz <outime@gmail.com>
# 
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

global $_USER;
if ($_USER) header('Location: '.BASE.'notes');
 
define('TITLE', __('Recover password'));

global $db;
global $mailing;

if ($_POST) {
	if (defined('TOS') && (TOS == true && (!$_POST['legal']))) echo showStatus(__('You must accept the ToS!'), 'error');
	else {
		if (!empty($_POST['mail'])) {
			$userInfo = $db->getUserInfo(false, false, $_POST['mail']);
			if (!$userInfo) echo showStatus(__('That email doesn\'t exist in our database'), 'error');
		}
		elseif (!empty($_POST['user'])) {
			$userInfo = $db->getUserInfo(false, $_POST['user']);
			if (!$userInfo) echo showStatus(__('That user doesn\'t exist in our database'), 'error');
		}
		
		if ($userInfo) {
			$token = substr(md5(rand()), 0, 12);
			$db->newKey($userInfo['ID'], 'password', $token);
			$mailing->forgottenPassword($userInfo['email'], $userInfo['ID'], $token);
			echo showStatus(__('We have just sent an e-mail with instructions!'), 'ok');
		}
	}
}
else {
	if (($_GET['key']) && ($_GET['uid'])) {
		$check = $db->checkForgotKey($_GET['key'], $_GET['uid']);
		if ($check) {
			$userInfo = $db->getUserInfo($_GET['uid']);
			$salt = $userInfo['salt'];
			
			if ($userInfo) {
				$new_password = substr(md5(mt_rand()), 5, 15);
				$salt = substr(md5(mt_rand()), 0, 5);
				$password = md5(md5($new_password).md5($salt));
				$db->updatePassword($userInfo['ID'], $password, $salt);
				$mailing->resetPassword($userInfo['email'], $new_password, $userInfo['username']);
				$db->deleteKey($_GET['key'], $userInfo['ID']);
				echo showStatus(__('We have just sent you an e-mail with your new password'), 'ok');
			} else {
				echo showStatus(__('Invalid key'), 'error');
			}
		} else {
			echo showStatus(__('Invalid key'), 'error');
		}
	} else {
		doForgotForm();
	}
}

?>