Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <div id="column1" class="column">
- <div class="habblet-container ">
- <div class="cbb clearfix red ">
- <h2 class="title">Reset your Password<span style="float: right; font-weight: normal; font-size: 75%;"></span></h2>
- <div class="box-content" style="text-align:left;">
- <?php
- echo '<html><head><title>Fresh: Password Reset</title></head><body>';
- $MySQLi = mysqli_connect('localhost', 'root', 'kaneisgay') or die(mysqli_error());
- mysqli_select_db($MySQLi, 'freshdb') or die("Could not connect to database, error: " . mysqli_error());
- function sendEmail($to, $to_username, $body, $subject){
- $url = 'https://api.sendgrid.com/';
- $user = 'FreshNetworksv1';
- $pass = 'kaneisgay55';
- $url = 'https://api.sendgrid.com/';
- file_get_contents($url.'api/mail.send.json?api_user='.urlencode($user).'&api_key='.urlencode($pass).'&to='.urlencode($to).'&subject='.urlencode($subject).'&html='.urlencode($body).'&from='.urlencode('KANE.BLUD@DWP.GSI.GOV.UK'));
- }
- function getKey()
- {
- return substr(str_shuffle('1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 25);
- }
- function getPassword()
- {
- return substr(str_shuffle('1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 10);
- }
- if (!isset($_GET['resetkey']))
- {
- if (isset($_POST['username']))
- {
- if (isset($_POST['email']) && !empty($_POST['email']))
- {
- $q = @mysqli_query($MySQLi, "SELECT id,username,mail FROM users WHERE username = '" . mysqli_real_escape_string($MySQLi, $_POST['username']) . "'");
- {
- if (@mysqli_num_rows($q) != 0)
- {
- $d = @mysqli_fetch_array($q);
- if(strtolower($_POST['email']) == strtolower($d['mail']))
- {
- $canSend = true;
- if(isset($_SESSION["ResetEmailCooldown"]))
- {
- if($_SESSION["ResetEmailCooldown"] > time())
- $canSend = false;
- }
- else
- $_SESSION["ResetEmailCooldown"] = time() + 3600;
- if($canSend)
- {
- $email = $d['mail'];
- $key = getKey();
- mysqli_query($MySQLi, "UPDATE users SET dob = '" . $key . "', seckey = '" . time() . "' WHERE id = '" . $d['id'] . "'");
- $n = new Newsletter;
- $n->greetingTo = "";
- $n->contents = "This is an automated email from Fresh Hotel (https://fresh-hotel.org) <br /><br />";
- $n->contents .= "Your password reset link is: <a href=\"https://fresh-hotel.org/account/password/forgot?resetkey=" . $key . "\">https://fresh-hotel.org/account/password/forgot?resetkey=" . $key . "</a>";
- $n->contents .= "<br /><br />Please click the link and reset immediately, as it will expire in 10 minutes.";
- $n->footer = "Copyright © Fresh Hotel 2010-2017";
- sendEmail($email, mysqli_real_escape_string($MySQLi, $_POST['username']), $n->drawEmail(), "Fresh: Password reset.");
- echo '<div class="rounded rounded-green">An email has been sent to the email used for the account "' . $_POST['username'] . '".</div>';
- }
- else
- {
- echo '<div class="rounded rounded-red">You can only send one email request every hour. Please wait and try again.</div>';
- }
- }
- else
- {
- echo '<div class="rounded rounded-red">The email you entered does not belong to the account ' . $_POST['username'] . '</div>';
- }
- }
- else
- {
- echo '<div class="rounded rounded-red">No acount was found with the username "' . $_POST['username'] . '".</div>';
- }
- }
- }
- else
- {
- echo '<div class="rounded rounded-red">You need to enter an email address.</div>';
- }
- }
- else
- {
- echo '<center><b><form action="" method="POST"> Enter your username below. <br><input name="username" type="text"><br><br>Email on account<br><input name="email" type="text"><br>
- </script><br><br><input name="submit" type="submit" value="Reset Pasword" class="submit"></center>';
- }
- }
- else
- {
- $q = mysqli_query($MySQLi, "SELECT * FROM users WHERE dob = '" . mysqli_real_escape_string($MySQLi, $_GET['resetkey']) . "'");
- if (mysqli_num_rows($q) != 0 && strlen($_GET['resetkey']) > 15)
- {
- $d = mysqli_fetch_array($q);
- if ($d['seckey'] >= (time() - (60 * 10)))
- {
- $pw = getPassword();
- $email = $d['mail'];
- mysqli_query($MySQLi, "UPDATE users SET password = '" . sha1(md5($pw)) . "', dob = '', seckey = '' WHERE username = '" . $d['username'] . "'") or die(mysqli_error($MySQLi));
- //upto
- $n = new Newsletter;
- $n->greetingTo = "";
- $n->contents = "This is an automated email from Fresh Hotel (https://fresh-hotel.org) <br /><br />";
- $n->contents .= "Your new password is: " . $pw . "<br><br>Please login and change this immediately.";
- $n->footer = "Copyright © Fresh Hotel 2010-2017";
- sendEmail($email, mysqli_real_escape_string($MySQLi, $d['username']), $n->drawEmail(), "Fresh Hotel: Password reset.");
- echo '<center><b>An email has been sent to "' . $email . '", which contains the new password for "' . $d['username'] . '".';
- }
- else
- {
- echo '<div class="rounded rounded-red">That password reset link has expired.</div>';
- }
- }
- else
- {
- echo '<div class="rounded rounded-red">That password reset link does not exist.</div>';
- }
- }
- echo '</b></center></body></html>'; ?>
- </div>
- </div>
- </div>
- </div>
- <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
- <div id="column2" class="column">
- <div class="habblet-container ">
- <div class="cbb clearfix red ">
- <h2 class="title">About this Page<span style="float: right; font-weight: normal; font-size: 75%;"></span></h2>
- <div class="box-content" style="text-align:left;">
- You can reset your Fresh password here, providing you know the email address associated with your account. <br /><br />If you don't know your email, you will be unable to reset your password.
- </div>
- </div>
- </div>
- <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
- </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement