add_session(ERROR_ADMIN_DEMO, 'caution'); zen_redirect(zen_href_link(FILENAME_DEFAULT)); } if (isset($_POST['login'])) { zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); } // Slam prevention: if ($_SESSION['login_attempt'] > 9) { header('HTTP/1.1 406 Not Acceptable'); exit(0); } $error = false; $reset_token = ''; if (isset($_POST['submit'])) { if (! $_POST['admin_email']) { $error = true; $email_message = ERROR_WRONG_EMAIL_NULL; } $admin_email = zen_db_prepare_input($_POST['admin_email']); $sql = "select admin_id, admin_name, admin_email, admin_pass from " . TABLE_ADMIN . " where admin_email = :admEmail: LIMIT 1"; $sql = $db->bindVars($sql, ':admEmail:', $admin_email, 'string'); $result = $db->Execute($sql); if (! ($admin_email == $result->fields['admin_email'])) { $error = true; $email_message = MESSAGE_PASSWORD_SENT; } // BEGIN SLAM PREVENTION if ($_POST['admin_email'] != '') { if (! isset($_SESSION['login_attempt'])) $_SESSION['login_attempt'] = 0; $_SESSION['login_attempt'] ++; } // END SLAM PREVENTION if ($error == false) { $new_password = zen_create_PADSS_password((int)ADMIN_PASSWORD_MIN_LENGTH < 7 ? 7 : (int)ADMIN_PASSWORD_MIN_LENGTH); $resetToken = (time() + ADMIN_PWD_TOKEN_DURATION) . '}' . zen_encrypt_password($new_password); $sql = "update " . TABLE_ADMIN . " set reset_token = :token: where admin_id = :admID: "; $sql = $db->bindVars($sql, ':token:', $resetToken, 'string'); $sql = $db->bindVars($sql, ':admID:', $result->fields['admin_id'], 'string'); $db->Execute($sql); $html_msg['EMAIL_CUSTOMERS_NAME'] = $result->fields['admin_name']; $html_msg['EMAIL_MESSAGE_HTML'] = sprintf(TEXT_EMAIL_MESSAGE_PWD_RESET, $_SERVER['REMOTE_ADDR'], $new_password); zen_mail($result->fields['admin_name'], $result->fields['admin_email'], TEXT_EMAIL_SUBJECT_PWD_RESET, sprintf(TEXT_EMAIL_MESSAGE_PWD_RESET, $_SERVER['REMOTE_ADDR'], $new_password), STORE_NAME, EMAIL_FROM, $html_msg, 'password_forgotten_admin'); $email_message = MESSAGE_PASSWORD_SENT; } } ?> >