API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 25th, 2022
57
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.75 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3. * ../../ext/pok4/forgot_pw/ext.php
  4. *
  5. * @package default
  6. */
  7. namespace ext\pok4;
  8. use \PDO;
  9. use App\Entity\CSRF;
  10. use App\Entity\FormValidator;
  11. if (count(get_included_files()) == 1) exit("Direct access not permitted."); //Don't edit
  12. //Your Extension Script
  13. class forgot_pw extends \App\Controllers\BaseController {
  14.  
  15.  
  16.  
  17. /**
  18. *
  19. */
  20. public function __construct() {
  21. parent::__construct();
  22. }
  23.  
  24.  
  25.  
  26.  
  27.  
  28. /**
  29. *
  30. * @return unknown
  31. */
  32. public function custom_page() {
  33.  
  34. if (strpos($_SERVER['REQUEST_URI'], '/pages/forgot_pw') !== false) {
  35.  
  36. if (isset($_GET["key"]) && isset($_GET["email"])) {
  37.  
  38. $csrf = new CSRF();
  39.  
  40. $submit = "";//globalize
  41. if(isset($_POST['forgot_pw'])) {
  42.  
  43. $validations = [
  44. 'new_pass'=>'password',
  45. 'new_r_pass'=>'password',
  46. 'captcha_code'=>'not_empty',
  47. ];
  48. $required = ['new_pass','new_r_pass','captcha_code'];
  49. $validator = new FormValidator($validations, $required);
  50.  
  51. if ($csrf->validate('forgot_pw',$_POST['key-awesome'])) {
  52. if($validator->validate($_POST))
  53. {
  54. $_POST = $validator->sanatize($_POST);
  55.  
  56. $captchaCode = $_SESSION['captchaCode'];
  57. $enteredcaptchaCode = $_POST['captcha_code'];
  58. if($enteredcaptchaCode === $captchaCode){
  59. if($_POST['new_pass']==$_POST['new_r_pass']) {
  60.  
  61.  
  62. $new_pass = phpbb_hash($_POST['new_pass']);
  63. $email = $_POST['email'];
  64. $email = filter_var($email, FILTER_SANITIZE_EMAIL);
  65. $email = filter_var($email, FILTER_VALIDATE_EMAIL);
  66. $query = $this->db->prepare("UPDATE `".$this->forum_db."`.".$this->forum_db_prefix."_users SET user_password=? WHERE user_email=?");
  67. $query->bindParam(1, $new_pass, PDO::PARAM_STR);
  68. $query->bindParam(2, $email, PDO::PARAM_STR);
  69. $query->execute();
  70. $submit .= '<div class="alert alert-success">'.$this->lang['ext_forgot_pw_lang_success'].'</div>';
  71.  
  72. //your custom code
  73.  
  74. //end your custom code
  75.  
  76.  
  77. } else {
  78. $submit .= '<div class="alert alert-danger">'.$this->lang['ext_forgot_pw_lang_pass_not_match'].'</div>';
  79. }
  80. } else {
  81. $submit .= '<div class="alert alert-danger">'.$this->lang['ext_forgot_pw_antibot_not_ok'].'</div>';
  82. }
  83. } else {
  84. foreach(array_keys($validator->getErrors()['errors']) as $v => $k) {
  85. switch($k) {
  86. case 'new_pass': {
  87. $submit .= "<div class='alert alert-danger'>".$this->lang['ext_forgot_pw_pass_req']."</div>";
  88. break;
  89. }
  90. case 'new_r_pass': {
  91. $submit .= "<div class='alert alert-danger'>".$this->lang['ext_forgot_pw_repeat_pw']."</div>";
  92. break;
  93. }
  94. case 'captcha_code': {
  95. $submit .= "<div class='alert alert-danger'>".$this->lang['ext_forgot_pw_antibot_req']."</div>";
  96. break;
  97. }
  98. }
  99. }
  100. }
  101. } else {
  102. $submit .= '<div class="alert alert-danger">CSRF Token is not valid.</div>';
  103. }
  104.  
  105. }
  106.  
  107. $key = $_GET["key"];
  108. $email = $_GET["email"];
  109. $curDate = date("Y-m-d H:i:s");
  110. $query = $this->db->prepare("SELECT * FROM `".$this->argos_db_prefix."password_reset_temp` WHERE `key`=? and `email`=? order by expDate DESC LIMIT 1;");
  111. $query->bindParam(1, $key, PDO::PARAM_STR);
  112. $query->bindParam(2, $email, PDO::PARAM_STR);
  113. $query->execute();
  114. if($query->rowCount() > 0) {
  115. $row = $query->fetch(PDO::FETCH_ASSOC);
  116. $expDate = $row['expDate'];
  117.  
  118. if ($expDate >= $curDate){
  119. return $this->m->render(file_get_contents("ext/pok4/forgot_pw/template/forgot_pw.html"),
  120. [
  121. 'csrf_token_form'=>$csrf->input('forgot_pw',50,1),
  122. 'submit_forgot_pw'=>$submit,
  123. 'ext_forgot_pw_submit_button'=>$this->lang['ext_forgot_pw_submit_button'],
  124. 'ext_forgot_pw_lang_antibot'=>$this->lang['ext_forgot_pw_lang_antibot'],
  125. 'ext_forgot_pw_pass'=>$this->lang['ext_forgot_pw_pass'],
  126. 'ext_forgot_pw_r_pass'=>$this->lang['ext_forgot_pw_r_pass'],
  127. 'ext_forgot_pw_allowed_password'=>$this->lang['ext_forgot_pw_allowed_password'],
  128. 'ext_forgow_pw_user_email'=>$email,
  129. ]);
  130. }
  131. }
  132. } else {
  133. $submit = "";//globaloize
  134.  
  135. if(isset($_POST['submit_email_'])) {
  136. $captchaCode = $_SESSION['captchaCode'];
  137. $enteredcaptchaCode = $_POST['captcha_code'];
  138. if($enteredcaptchaCode === $captchaCode){
  139.  
  140. $email = $_POST["email"];
  141. $email = filter_var($email, FILTER_SANITIZE_EMAIL);
  142. $email = filter_var($email, FILTER_VALIDATE_EMAIL);
  143. if (!$email) {
  144. $submit .="<div class='alert alert-danger'>".$this->lang['ext_forgot_pw_invalid_mail']."</div>";
  145. }else{
  146. $results = $this->db->query("SELECT user_email FROM `".$this->forum_db."`.".$this->forum_db_prefix."_users WHERE user_email='".$email."'");
  147.  
  148. if ($results->rowCount() < 1){
  149. $submit .= "<div class='alert alert-danger'>".$this->lang['ext_forgot_pw_no_email_found']."</div>";
  150. }
  151. }
  152. if($submit==""){
  153. $expFormat = mktime(
  154. date("H"), date("i"), date("s"), date("m") ,date("d")+1, date("Y")
  155. );
  156. $expDate = date("Y-m-d H:i:s",$expFormat);
  157. $key = bin2hex(random_bytes(16));
  158.  
  159. $subject = $this->lang['ext_forgot_pw_email_subject']." - ".get_from_db_config('site_name');
  160. $output='<p>'.$this->lang['ext_forgot_pw_email_content1'].'</p>';
  161. $output.='<p>'.$this->lang['ext_forgot_pw_email_content2'].'</p>';
  162. $output.='<p>-------------------------------------------------------------</p>';
  163. $output.='<p><a href="'.url().'/pages/forgot_pw?
  164. key='.$key.'&email='.$email.'" target="_blank">
  165. '.url().'/pages/forgot_pw
  166. ?key='.$key.'&email='.$email.'</a></p>';
  167. $output.='<p>-------------------------------------------------------------</p>';
  168. $output.='<p>'.$this->lang['ext_forgot_pw_email_content3'].'</p>
  169. <p>'.$this->lang['ext_forgot_pw_email_content4'].'</p>';
  170. $output.='<p>'.get_from_db_config('site_name').' Team</p>';
  171. $body = $output;
  172.  
  173.  
  174. $this->mail->setFrom(get_from_db_config('admin_email'))
  175. ->addTo($email)
  176. ->setSubject($subject)
  177. ->setHtmlBody($body);
  178. $this->mailer->send($this->mail);
  179.  
  180. $this->db->query("INSERT INTO `".$this->argos_db_prefix."password_reset_temp` (`email`, `key`, `expDate`) VALUES ('".$email."', '".$key."', '".$expDate."');");
  181.  
  182. $submit .= '<div class="alert alert-success">'.$this->lang['ext_forgot_pw_send_success'].'</div>';
  183. }
  184. } else {
  185. $submit .= '<div class="alert alert-danger">'.$this->lang['ext_forgot_pw_antibot_not_ok'].'</div>';
  186. }
  187. }
  188. return $this->m->render(file_get_contents("ext/pok4/forgot_pw/template/forgot_pw_email_form.html"),
  189. [
  190. 'submit'=>$submit,
  191. 'ext_forgot_pw_email'=>$this->lang['ext_forgot_pw_email'],
  192. 'ext_forgot_pw_submit_button'=>$this->lang['ext_forgot_pw_submit_button'],
  193. 'ext_forgot_pw_lang_antibot'=>$this->lang['ext_forgot_pw_lang_antibot'],
  194. ]);
  195. }
  196. }
  197.  
  198. }
  199.  
  200.  
  201.  
  202.  
  203. /**
  204. *
  205. */
  206. public function load() {
  207.  
  208.  
  209.  
  210. if (strpos($_SERVER['REQUEST_URI'], '/pages/forgot_pw') !== false) {
  211. $this->dispatcher->emit('core_event_inside_head_ready_front', [
  212. $this->m->render(file_get_contents("ext/pok4/forgot_pw/template/check_pass.js"),[
  213. 'ext_forgot_pw_forbidden_pass'=>$this->lang['ext_forgot_pw_forbidden_pass'],
  214. ])
  215. ]);
  216. }
  217. $this->dispatcher->emit('core_event_inside_custom_menu', [$this->custom_page()]);
  218.  
  219. }
  220.  
  221.  
  222. };
  223.  
  224. $load_ext = new forgot_pw;
  225. $load_ext->load();
  226.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!