svrjs/svrjs-mods-directory
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
svrjs-mods-directory/includes/page_forgotpassword.php

162 lines
6.8 KiB
PHP
Raw Permalink Normal View History

chore: init
2024-12-27 15:05:54 +01:00
<?php
if (!defined('SVRJS_MOD_DIRECTORY')) die;
$errorMessage = null;
$emailExists = false;
$passwordChanged = false;
$passwordRequestID = null;
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!isset($_POST['_csrf']) || $_POST['_csrf'] != $_SESSION['csrf']) {
$errorMessage = "Potential CSRF attack detected.";
} else {
if (!isset($_POST['email']) || !$_POST['email']) {
$errorMessage = "You need to input fields.";
} elseif (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$errorMessage = "Invalid email address.";
} else {
$statement = $connection->prepare('SELECT id, username, email, is_suspended, is_verified FROM users WHERE email = ?;');
if (!$statement) {
$errorMessage = "An unexpected error occurred while changing the email address.";
} else {
$statement->bind_param('s', $_POST['email']);
$statement->execute();
$result = $statement->get_result();
if (!$result) {
$errorMessage = "An unexpected error occurred while changing the email address.";
$statement->close();
} else {
$userData = $result->fetch_assoc();
$statement->close();
$emailExists = boolval($userData);
if ($emailExists) {
if ($userData['is_suspended']) {
$errorMessage = "Your account is suspended.";
} elseif (!$userData['is_verified']) {
$errorMessage = "Your account is not activated yet.";
} else {
$passwordRequestIDError = false;
while (!$passwordRequestID) {
$tempPasswordRequestID = "";
if (function_exists('random_bytes')) {
$tempPasswordRequestID = bin2hex(random_bytes(32));
} else {
$tempPasswordRequestID = '';
for ($i = 0; $i < 32; $i++) {
$tempPasswordRequestID = $tempPasswordRequestID . bin2hex(rand(0, 255));
}
}
$statement = $connection->prepare("SELECT id FROM requests_password WHERE id = ?");
if (!$statement) {
$passwordRequestIDError = true;
$errorMessage = "An unexpected error occurred while changing the email address.";
break;
} else {
$statement->bind_param('s', $tempPasswordRequestID);
$statement->execute();
$passwordRequestIDExistsResult = $statement->get_result();
if (!$passwordRequestIDExistsResult) {
$passwordRequestIDError = true;
$errorMessage = "An unexpected error occurred while changing the email address.";
$statement->close();
break;
} else {
$passwordRequestIDExists = boolval($passwordRequestIDExistsResult->fetch_assoc());
$statement->close();
if (!$passwordRequestIDExists) {
$passwordRequestID = $tempPasswordRequestID;
}
}
}
}
if (!$passwordRequestIDError) {
$statement = $connection->prepare("REPLACE INTO requests_password (
id,
user,
request_date
) VALUES (
?,
?,
NOW()
)");
if (!$statement) {
$errorMessage = "An unexpected error occurred while changing the email address.";
} else {
$statement->bind_param('si', $passwordRequestID, $userData['id']);
if (!$statement->execute()) {
$errorMessage = "An unexpected error occurred while changing the email address.";
} else {
$passwordRequestToSend = true;
}
$statement->close();
}
}
}
} else {
$passwordRequestToSend = true;
}
if ($passwordRequestToSend) {
$sent = false;
if ($emailExists) {
$sent = sendEmail(
[[
"name" => $userData['username'],
"address" => $_POST['email']
]],
'Password change request',
"You have requested the change of your password on SVR.JS Mods directory. Copy and paste the link below to change the password. The link will expire after one day.\n\n" . str_replace(["\r\n", "\n", "\r"], "", (isset($_SERVER['HTTPS']) ? 'https://' : 'http://') . (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : (isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : 'localhost')) . (URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') . 'confirm-password?id=' . urlencode($passwordRequestID))
);
} else {
$sent = sendEmail(
[[
"address" => $_POST['email']
]],
'Email address not associated with an account - password change request failed',
"Someone attempted to change the password of an account which is not associated with your email address. No action is required."
);
}
if (!$sent) {
$errorMessage = "Can't send password change request email message.";
}
}
}
}
}
}
}
if ($passwordRequestToSend) {
$pageTitle = "Password change request sent";
$pageDescription = "Check your inbox for the request.";
} else {
$pageTitle = "Forgot password?";
$pageDescription = "Change your user data in SVR.JS Mods directory.";
}
include 'header.php';
?>
<main class="content">
<?php if ($passwordRequestToSend) { ?>
<h1>Password change request sent</h1>
<p>Check your inbox for the request.</p>
<?php } else { ?>
<h1>Forgot password?</h1>
<p>If you forgot your password, you can change it - just input your email address associated with your account.</p>
<form action="<?php echo htmlspecialchars((URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') . 'forgot-password') ?>" method="post" class="form" enctype="multipart/form-data">
<div class="form-block">
<label for="email">Email address:</label>
<input type="email" name="email" id="email" maxlength="255" placeholder="<?php echo htmlspecialchars($userData['email']) ?>" required>
</div>
<?php if ($errorMessage) echo '<p class="form-error">' . htmlspecialchars($errorMessage) . '</p>'; ?>
<div class="form-block">
<input type="submit" value="Send password change request">
</div>
<input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['csrf']) ?>">
</form>
<?php } ?>
</main>
<?php
include 'footer.php';
?>
Reference in a new issue Copy permalink