42 if (isset($_POST[
'xh_email'])) {
44 } elseif (isset($_GET[
'xh_code']) && $this->checkMac($_GET[
'xh_code'])) {
61 private function render()
65 $title = $tx[
'title'][
'password_forgotten'];
66 $o .=
'<h1>' . $title .
'</h1>';
67 switch ($this->status) {
69 $o .=
'<p>' . $tx[
'password_forgotten'][
'email1_sent'] .
'</p>';
72 $o .=
'<p>' . $tx[
'password_forgotten'][
'email2_sent'] .
'</p>';
75 $o .=
'<p>' . $tx[
'password_forgotten'][
'request'] .
'</p>' 76 .
'<form name="xh_forgotten" action="' . $sn .
'?&function=forgotten"' 78 .
'<input type="text" name="xh_email">' 79 .
'<input type="submit" class="submit" value="Send Reminder">' 81 $onload .=
'document.forms[\'xh_forgotten\'].elements[\'xh_email\']' 95 public function mac($previous =
false)
99 $email = $cf[
'security'][
'email'];
100 $date = date(
'Y-m-d h:00:00') . ($previous ?
' -1hour' :
'');
101 $timestamp = strtotime($date);
102 $secret = $cf[
'security'][
'secret'];
103 $mac = md5($email . $timestamp . $secret);
116 return $mac == $this->mac() || $mac == $this->mac(
true);
129 private function submit()
133 if ($_POST[
'xh_email'] == $cf[
'security'][
'email']) {
134 $to = $cf[
'security'][
'email'];
135 $message = $tx[
'password_forgotten'][
'email1_text'] .
"\r\n" 137 . $this->mac() .
'>';
140 $mail->setSubject($tx[
'title'][
'password_forgotten']);
141 $mail->setMessage($message);
142 $mail->addHeader(
'From', $to);
145 $this->status =
'sent';
148 $e .=
'<li>' . $tx[
'mailform'][
'notsend'] .
'</li>';
165 private function reset()
169 $password = bin2hex(random_bytes(8));
170 $hash = password_hash($password, PASSWORD_BCRYPT);
171 $to = $cf[
'security'][
'email'];
172 $message = $tx[
'password_forgotten'][
'email2_text'] .
' ' . $password;
175 $mail->setSubject($tx[
'title'][
'password_forgotten']);
176 $mail->setMessage($message);
177 $mail->addHeader(
'From', $to);
178 $sent = $mail->send();
180 if (!$this->saveNewPassword($hash)) {
181 e(
'cntsave',
'config', $pth[
'file'][
'config']);
183 $this->status =
'reset';
199 private function saveNewPassword($hash)
204 $cf[
'security'][
'password'] = $hash;
205 $o =
'<?php' . PHP_EOL . PHP_EOL;
206 foreach (
$cf as $cat => $opts) {
207 foreach ($opts as $name => $opt) {
208 $opt = addcslashes($opt,
"\0..\37\"\$\\");
209 $o .=
"\$cf['$cat']['$name']=\"$opt\";" . PHP_EOL;
212 $o .= PHP_EOL .
'?>' . PHP_EOL;
XH_includeVar($_filename, $_varname)
XH_writeFile($filename, $contents)