'; $pg .= '

Password Reset

'; if ($error !== null) $pg .= "
$error - please try again

"; $pg .= makeForm('reset'); $pg .= "

Enter a new password twice. " . passrequires() . "
Password:
Retype Password:
*2nd Authentication:
* Leave blank if you haven't enabled it

"; $pg .= '

'; return $pg; } # function yok() { $pg = '

Password Reset

'; $pg .= '
Your password has been reset,'; $pg .= '
login with it on the Home page.'; return $pg; } # function resetfail() { if (isset($_SESSION['reset_user'])) unset($_SESSION['reset_user']); if (isset($_SESSION['reset_hash'])) unset($_SESSION['reset_hash']); if (isset($_SESSION['reset_email'])) unset($_SESSION['reset_email']); $pg = '

Reset Failed

'; $pg .= '
Try again from the Home page Register/Reset button later'; return $pg; } # function dbreset() { $user = $_SESSION['reset_user']; $hash = $_SESSION['reset_hash']; $email = $_SESSION['reset_email']; $pass = getparam('pass', true); $pass2 = getparam('pass2', true); $twofa = getparam('2fa', true); if (nuem($pass) || nuem($pass2)) return allow_reset('Enter both passwords'); if ($pass2 != $pass) return allow_reset("Passwords don't match"); if (safepass($pass) !== true) return allow_reset('Password is unsafe'); $ans = getAtts($user, 'KReset.str,KReset.dateexp'); if ($ans['STATUS'] != 'ok') return resetfail(); if (!isset($ans['KReset.dateexp']) || $ans['KReset.dateexp'] == 'Y') return resetfail(); if (!isset($ans['KReset.str']) || $ans['KReset.str'] != $hash) return resetfail(); $emailinfo = getOpts($user, emailOptList()); if ($emailinfo['STATUS'] != 'ok') syserror(); $ans = resetPass($user, $pass, $twofa); if ($ans['STATUS'] != 'ok') return resetfail(); unset($_SESSION['reset_user']); unset($_SESSION['reset_hash']); unset($_SESSION['reset_email']); $ans = expAtts($user, 'KReset'); $ok = passWasReset($email, zeip(), $emailinfo); return yok(); } # function doreset($data, $u) { // Slow this right down usleep(500000); if (isset($_SESSION['reset_user']) && isset($_SESSION['reset_hash']) && isset($_SESSION['reset_email'])) return dbreset(); $code = getparam('code', true); if (nuem($code)) return resetfail(); $codes = explode('_', $code, 2); if (sizeof($codes) != 2) return resetfail(); $userhex = $codes[0]; if (strlen($userhex) == 0 || strlen($userhex) % 2) return resetfail(); $user = loginStr(pack("H*" , $userhex)); $hash = preg_replace('/[^A-Fa-f0-9]/', '', $codes[1]); if (!nuem($user) && !nuem($hash)) { $ans = getAtts($user, 'KReset.str,KReset.dateexp'); if ($ans['STATUS'] != 'ok') return resetfail(); if (!isset($ans['KReset.dateexp']) || $ans['KReset.dateexp'] == 'Y') return resetfail(); if (!isset($ans['KReset.str']) || $ans['KReset.str'] != $hash) return resetfail(); $ans = userSettings($user); if ($ans['STATUS'] != 'ok') return resetfail(); if (!isset($ans['email'])) return resetfail(); $email = $ans['email']; $_SESSION['reset_user'] = $user; $_SESSION['reset_hash'] = $hash; $_SESSION['reset_email'] = $email; return allow_reset(null); } return resetfail(); } # function show_reset($info, $page, $menu, $name, $u) { gopage($info, array(), 'doreset', $page, $menu, $name, $u, true, true, false); } # ?>