Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * ../../ext/pok4/forgot_pw/ext.php
- *
- * @package default
- */
- namespace ext\pok4;
- use \PDO;
- use App\Entity\CSRF;
- use App\Entity\FormValidator;
- if (count(get_included_files()) == 1) exit("Direct access not permitted."); //Don't edit
- //Your Extension Script
- class forgot_pw extends \App\Controllers\BaseController {
- /**
- *
- */
- public function __construct() {
- parent::__construct();
- }
- /**
- *
- * @return unknown
- */
- public function custom_page() {
- if (strpos($_SERVER['REQUEST_URI'], '/pages/forgot_pw') !== false) {
- if (isset($_GET["key"]) && isset($_GET["email"])) {
- $csrf = new CSRF();
- $submit = "";//globalize
- if(isset($_POST['forgot_pw'])) {
- $validations = [
- 'new_pass'=>'password',
- 'new_r_pass'=>'password',
- 'captcha_code'=>'not_empty',
- ];
- $required = ['new_pass','new_r_pass','captcha_code'];
- $validator = new FormValidator($validations, $required);
- if ($csrf->validate('forgot_pw',$_POST['key-awesome'])) {
- if($validator->validate($_POST))
- {
- $_POST = $validator->sanatize($_POST);
- $captchaCode = $_SESSION['captchaCode'];
- $enteredcaptchaCode = $_POST['captcha_code'];
- if($enteredcaptchaCode === $captchaCode){
- if($_POST['new_pass']==$_POST['new_r_pass']) {
- $new_pass = phpbb_hash($_POST['new_pass']);
- $email = $_POST['email'];
- $email = filter_var($email, FILTER_SANITIZE_EMAIL);
- $email = filter_var($email, FILTER_VALIDATE_EMAIL);
- $query = $this->db->prepare("UPDATE `".$this->forum_db."`.".$this->forum_db_prefix."_users SET user_password=? WHERE user_email=?");
- $query->bindParam(1, $new_pass, PDO::PARAM_STR);
- $query->bindParam(2, $email, PDO::PARAM_STR);
- $query->execute();
- $submit .= '<div class="alert alert-success">'.$this->lang['ext_forgot_pw_lang_success'].'</div>';
- //your custom code
- //end your custom code
- } else {
- $submit .= '<div class="alert alert-danger">'.$this->lang['ext_forgot_pw_lang_pass_not_match'].'</div>';
- }
- } else {
- $submit .= '<div class="alert alert-danger">'.$this->lang['ext_forgot_pw_antibot_not_ok'].'</div>';
- }
- } else {
- foreach(array_keys($validator->getErrors()['errors']) as $v => $k) {
- switch($k) {
- case 'new_pass': {
- $submit .= "<div class='alert alert-danger'>".$this->lang['ext_forgot_pw_pass_req']."</div>";
- break;
- }
- case 'new_r_pass': {
- $submit .= "<div class='alert alert-danger'>".$this->lang['ext_forgot_pw_repeat_pw']."</div>";
- break;
- }
- case 'captcha_code': {
- $submit .= "<div class='alert alert-danger'>".$this->lang['ext_forgot_pw_antibot_req']."</div>";
- break;
- }
- }
- }
- }
- } else {
- $submit .= '<div class="alert alert-danger">CSRF Token is not valid.</div>';
- }
- }
- $key = $_GET["key"];
- $email = $_GET["email"];
- $curDate = date("Y-m-d H:i:s");
- $query = $this->db->prepare("SELECT * FROM `".$this->argos_db_prefix."password_reset_temp` WHERE `key`=? and `email`=? order by expDate DESC LIMIT 1;");
- $query->bindParam(1, $key, PDO::PARAM_STR);
- $query->bindParam(2, $email, PDO::PARAM_STR);
- $query->execute();
- if($query->rowCount() > 0) {
- $row = $query->fetch(PDO::FETCH_ASSOC);
- $expDate = $row['expDate'];
- if ($expDate >= $curDate){
- return $this->m->render(file_get_contents("ext/pok4/forgot_pw/template/forgot_pw.html"),
- [
- 'csrf_token_form'=>$csrf->input('forgot_pw',50,1),
- 'submit_forgot_pw'=>$submit,
- 'ext_forgot_pw_submit_button'=>$this->lang['ext_forgot_pw_submit_button'],
- 'ext_forgot_pw_lang_antibot'=>$this->lang['ext_forgot_pw_lang_antibot'],
- 'ext_forgot_pw_pass'=>$this->lang['ext_forgot_pw_pass'],
- 'ext_forgot_pw_r_pass'=>$this->lang['ext_forgot_pw_r_pass'],
- 'ext_forgot_pw_allowed_password'=>$this->lang['ext_forgot_pw_allowed_password'],
- 'ext_forgow_pw_user_email'=>$email,
- ]);
- }
- }
- } else {
- $submit = "";//globaloize
- if(isset($_POST['submit_email_'])) {
- $captchaCode = $_SESSION['captchaCode'];
- $enteredcaptchaCode = $_POST['captcha_code'];
- if($enteredcaptchaCode === $captchaCode){
- $email = $_POST["email"];
- $email = filter_var($email, FILTER_SANITIZE_EMAIL);
- $email = filter_var($email, FILTER_VALIDATE_EMAIL);
- if (!$email) {
- $submit .="<div class='alert alert-danger'>".$this->lang['ext_forgot_pw_invalid_mail']."</div>";
- }else{
- $results = $this->db->query("SELECT user_email FROM `".$this->forum_db."`.".$this->forum_db_prefix."_users WHERE user_email='".$email."'");
- if ($results->rowCount() < 1){
- $submit .= "<div class='alert alert-danger'>".$this->lang['ext_forgot_pw_no_email_found']."</div>";
- }
- }
- if($submit==""){
- $expFormat = mktime(
- date("H"), date("i"), date("s"), date("m") ,date("d")+1, date("Y")
- );
- $expDate = date("Y-m-d H:i:s",$expFormat);
- $key = bin2hex(random_bytes(16));
- $subject = $this->lang['ext_forgot_pw_email_subject']." - ".get_from_db_config('site_name');
- $output='<p>'.$this->lang['ext_forgot_pw_email_content1'].'</p>';
- $output.='<p>'.$this->lang['ext_forgot_pw_email_content2'].'</p>';
- $output.='<p>-------------------------------------------------------------</p>';
- $output.='<p><a href="'.url().'/pages/forgot_pw?
- key='.$key.'&email='.$email.'" target="_blank">
- '.url().'/pages/forgot_pw
- ?key='.$key.'&email='.$email.'</a></p>';
- $output.='<p>-------------------------------------------------------------</p>';
- $output.='<p>'.$this->lang['ext_forgot_pw_email_content3'].'</p>
- <p>'.$this->lang['ext_forgot_pw_email_content4'].'</p>';
- $output.='<p>'.get_from_db_config('site_name').' Team</p>';
- $body = $output;
- $this->mail->setFrom(get_from_db_config('admin_email'))
- ->addTo($email)
- ->setSubject($subject)
- ->setHtmlBody($body);
- $this->mailer->send($this->mail);
- $this->db->query("INSERT INTO `".$this->argos_db_prefix."password_reset_temp` (`email`, `key`, `expDate`) VALUES ('".$email."', '".$key."', '".$expDate."');");
- $submit .= '<div class="alert alert-success">'.$this->lang['ext_forgot_pw_send_success'].'</div>';
- }
- } else {
- $submit .= '<div class="alert alert-danger">'.$this->lang['ext_forgot_pw_antibot_not_ok'].'</div>';
- }
- }
- return $this->m->render(file_get_contents("ext/pok4/forgot_pw/template/forgot_pw_email_form.html"),
- [
- 'submit'=>$submit,
- 'ext_forgot_pw_email'=>$this->lang['ext_forgot_pw_email'],
- 'ext_forgot_pw_submit_button'=>$this->lang['ext_forgot_pw_submit_button'],
- 'ext_forgot_pw_lang_antibot'=>$this->lang['ext_forgot_pw_lang_antibot'],
- ]);
- }
- }
- }
- /**
- *
- */
- public function load() {
- if (strpos($_SERVER['REQUEST_URI'], '/pages/forgot_pw') !== false) {
- $this->dispatcher->emit('core_event_inside_head_ready_front', [
- $this->m->render(file_get_contents("ext/pok4/forgot_pw/template/check_pass.js"),[
- 'ext_forgot_pw_forbidden_pass'=>$this->lang['ext_forgot_pw_forbidden_pass'],
- ])
- ]);
- }
- $this->dispatcher->emit('core_event_inside_custom_menu', [$this->custom_page()]);
- }
- };
- $load_ext = new forgot_pw;
- $load_ext->load();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement