<?php require('includes/config.php');//if logged in redirect to members page

1. <?php require('includes/config.php');
2.  
3. //if logged in redirect to members page
4. if( $user->is_logged_in() ){ header('Location: ../members.php'); }
5.  
6. //if form has been submitted process it
7. if(isset($_POST['submit'])){
8.  
9. //email validation
10. if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
11. $error[] = 'Please enter a valid email address';
12. } else {
13. $stmt = $db->prepare('SELECT email,username FROM users WHERE email = :email');
14. $stmt->execute(array(':email' => $_POST['email']));
15. $row = $stmt->fetch(PDO::FETCH_ASSOC);
16. $username = $row['username'];
17. if(empty($row['email'])){
18. $error[] = 'There is no account associated with this email address. If you believe this is an error please contact support.';
19. }
20.  
21. }
22.  
23. //if no errors have been created carry on
24. if(!isset($error)){
25.  
26.  
27. if (@array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
28. $ip = @array_pop(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']));
29. }
30. //create the activasion code
31. $token = bin2hex(random_bytes(32));
32. try {
33.  
34. $stmt = $db->prepare("UPDATE users SET resetToken = :token, resetComplete='No', reset_IP = :ip WHERE email = :email");
35. $stmt->execute(array(
36. ':email' => $row['email'],
37. ':token' => $token,
38. ':ip' => $ip
39. ));
40.  
41. //send email
42. $to = $row['email'];
43. $subject = "Password Reset";
44. $body = "<p>Someone requested that the password be reset for user $username.</p>
45. <p>If this was a mistake, just ignore this email and nothing will happen.</p>
46. <p>To reset your password, visit the following address: <a href='https://thedownliner.com/login/resetcomptest.php?key=$token'>https://thedownliner.com/login/resetPassword.php?key=$token</a></p>
47. <p>Accounts</p>
48. <p>The Downliner</p>";
49.  
50. $mail = new Mail();
51. $mail->setFrom(SITEEMAIL);
52. $mail->addAddress($to);
53. $mail->subject($subject);
54. $mail->body($body);
55. $mail->send();
56.  
57. //redirect to index page
58. header('Location: login.php?action=reset');
59. exit;
60.  
61. //else catch the exception and show the error.
62. } catch(PDOException $e) {
63. $error[] = $e->getMessage();
64. }
65.  
66. }
67.  
68. }
69.  
70. //define page title
71. $title = 'Reset Account';
72.  
73. //include header template
74. require('layout/header.php');
75. ?>
76. <div class="container" style="width: 932px;">
77. <br><br>
78. <div class="panel panel-default" style="padding: 10px;">
79. <div class="row">
80.  
81. <div class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3">
82. <form role="form" method="post" action="" autocomplete="off">
83. <h2>Reset Password</h2>
84.  
85. <hr>
86.  
87. <?php
88. //check for any errors
89. if(isset($error)){
90. foreach($error as $error){
91. echo '<div class="alert alert-danger" align="center">'.$error.'</div>';
92. }
93. }
94.  
95. if(isset($_GET['action'])){
96.  
97. //check the action
98. switch ($_GET['action']) {
99. case 'active':
100. echo "<div class='alert alert-success' align='center'>Your account is now active you may now log in.</div>";
101. break;
102. case 'reset':
103. echo "<div class='alert alert-success' align='center'>Please check your inbox for a reset link.</div>";
104. break;
105. }
106. }
107. ?>
108.  
109. <div class="form-group">
110. <input type="email" name="email" id="email" class="form-control input-lg" placeholder="Email" tabindex="1">
111. </div>
112.  
113. <hr>
114. <div class="row">
115. <div class="col-xs-6 col-md-6"><input type="submit" name="submit" value="Send Reset Link" class="btn btn-success btn-block btn-lg" tabindex="2"></div>
116. <div class="col-xs-6 col-md-6"><a href='login.php' class="btn btn-primary btn-block btn-lg">Back to login page</a></div>
117. </div>
118. </form>
119. <br><br>
120. </div>
121. </div>
122.  
123. </div>
124. </div>
125.  
126. <?php
127. //include header template
128. require('layout/footer.php');
129. ?>