From aa78fde6a92f66b84d626e114d8b54a5fb6ece0c Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 14 Nov 2012 07:19:43 -0500
Subject: [PATCH] - Added function for IPv6 prefixes in multiserver mirror setups to nginx plugin.

---
 interface/web/login/password_reset.php |   36 ++++++++++++++++++++++++++----------
 1 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index 23516f3..cea2056 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -43,29 +43,45 @@
 
 if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') {
 	
+	if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error'));
+	if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error'));
+	
 	$username = $app->db->quote($_POST['username']);
 	$email = $app->db->quote($_POST['email']);
 	
-	$client = $app->db->queryOneRecord("SELECT * FROM client WHERE username = '$username' && email = '$email'");
-	
+	$client = $app->db->queryOneRecord("SELECT * FROM client WHERE username = '$username' AND email = '$email'");
+
 	if($client['client_id'] > 0) {
-		$new_password = md5 (uniqid (rand()));
-		$new_password = $app->db->quote($new_password);
+		$new_password = $app->auth->get_random_password();
+		$new_password_encrypted = $app->auth->crypt_password($new_password);
+		$new_password_encrypted = $app->db->quote($new_password_encrypted);
+		
 		$username = $app->db->quote($client['username']);
-		$app->db->query("UPDATE sys_user SET passwort = md5('$new_password') WHERE username = '$username'");
-		$app->db->query("UPDATE client SET �password� = md5('$new_password') WHERE username = '$username'");
+		$app->db->query("UPDATE sys_user SET passwort = '$new_password_encrypted' WHERE username = '$username'");
+		$app->db->query("UPDATE client SET password = '$new_password_encrypted' WHERE username = '$username'");
 		$app->tpl->setVar("message",$wb['pw_reset']);
 		
-		mail($client['email'],$wb['pw_reset_mail_title'],$wb['pw_reset_mail_msg'].$new_password);
+		$app->uses('getconf,ispcmail');
+		$mail_config = $app->getconf->get_global_config('mail');
+		if($mail_config['smtp_enabled'] == 'y') {
+			$mail_config['use_smtp'] = true;
+			$app->ispcmail->setOptions($mail_config);
+		}
+		$app->ispcmail->setSender($mail_config['admin_mail'], $mail_config['admin_name']);
+		$app->ispcmail->setSubject($wb['pw_reset_mail_title']);
+		$app->ispcmail->setMailText($wb['pw_reset_mail_msg'].$new_password);
+		$app->ispcmail->send(array($client['contact_name'] => $client['email']));
+		$app->ispcmail->finish();
 		
+		$app->plugin->raiseEvent('password_reset',true);
+		$app->tpl->setVar("msg",$wb['pw_reset']);
 	} else {
-		$app->tpl->setVar("message",$wb['pw_error']);
+		$app->tpl->setVar("error",$wb['pw_error']);
 	}
 	
 } else {
-	$app->tpl->setVar("message",$wb['pw_error_noinput']);
+	$app->tpl->setVar("msg",$wb['pw_error_noinput']);
 }
-
 
 
 $app->tpl_defaults();

--
Gitblit v1.9.1