Viên ngọc phương Đông

ruạṛ

<?php
/**
 * Update user record with new password - backported
 * @version 0.9
 * @author Robert Urquhart <programmer@activatedesign.co.nz>
 * @package dreamdiamondstore
*/

/*
 * site data and definitions
 * @var string $include_path - for easy global search/replace if include location changes
 * @var string $template_dir location of template specific functions (and user connection details if different permissions supported)
 */
$include_path = $_SERVER['DOCUMENT_ROOT'].'/admin/scripts-includes/';
$template_dir = $_SERVER['DOCUMENT_ROOT'].'/resources/template/';
require_once $include_path.'universal.php';
require_once $template_dir.'functions.php';

/*
 * start the session (after includes so objects stored in $_SESSION are created properly)
 */
session_start();

$connID = connect_to_db();

/**
 * suhosin workaround - load session user data
 * @var object $customer
 */
$customer = user_load();

/*
 * shouldn't be trying to access this if logged in
 */
if($customer->logged_in){
	getout('',select_one('page_data','path','page_type','customer'));
}

/**
 * get and clean form data
 * @var string $verify
 * @var string $password
 */
$verify = clean_plain_data($_POST['verify']);
$password = clean_plain_data($_POST['pwd1']);
$password2 = clean_plain_data($_POST['pwd2']);

/**
 * validate
 * @var bool $fail;
 * @var string $message
 */
$fail = false;
$message = '';
if($verify=='')
{
	//set_message('Invalid verification code!');
	$message = 'Invalid verification code!';
	$fail = true;
}
elseif($password=='')
{
	$message = 'Please enter a password';
	$fail = true;
}
/*
elseif(!is_valid_password($password)) )
{
	//set_message('Please enter a valid password');
	$message = 'Please enter a valid password'
	$fail = true;
}
*/
elseif($password !== $password2)
{
	$message .= 'Passwords do not match, please try again.';
	$fail = true;
}

if($fail)
{
	setCookie('resetMessage',''.$message.'',time()+30,'/');
	getout('');
	exit;
}
//else
/**
 * get and check user 
 * @var int $user_id retrieved from database (using $verify)
 * @var object $n user object containing user record data
 */
$user_id = select_one('users','user_id','password_reset',$verify);
if(!$user_id)
{
	//set_message('User not found (verification code not matched)');
	setCookie('resetMessage','User not found (verification code not matched)',time()+30,'/');
	getout('');
	exit;
}
//else
$n = new user($user_id);

/*
 * update record
 * @todo better handling of a fail here
 */
if($n->update($password))
{
	mysql_query("update users set password_reset = '' where user_id = '$user_id'");
}

setCookie('custMessage','Your password has been changed, please log in.',time()+30,'/');
getout('',select_one('page_data','path','page_type','customer'));
exit;
?>