[phpBB Debug] PHP Warning: in file [ROOT]/includes/crs/crs_misc_functions.php on line 37: mime_content_type(): Empty filename or path
[phpBB Debug] PHP Warning: in file [ROOT]/includes/crs/crs_misc_functions.php on line 37: mime_content_type(): Empty filename or path
Zen Cart 源代码 password_forgotten.php

Zen Cart 源代码 password_forgotten.php




下载文件

文件名: password_forgotten.php
文件类型: PHP文件
文件大小: 4.52 KiB
MD5: b84ba285eda699e48c8ed7eb5392290e

password_forgotten.php - 关闭高亮
  1. <?php
  2. /**
  3.  * @package admin
  4.  * @copyright Copyright 2003-2012 Zen Cart Development Team
  5.  * @copyright Portions Copyright 2003 osCommerce
  6.  * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
  7.  * @version GIT: $Id: Author: Ian Wilson  Sun Jul 14 21:04:37 2013 +0100 Modified in v1.5.2 $
  8.  */
  9. // reset-token is good for only 24 hours:
  10. define('ADMIN_PWD_TOKEN_DURATION', (24 * 60 * 60) );
  11.  
  12. /////////
  13. require ('includes/application_top.php');
  14. // demo active test
  15. if (zen_admin_demo())
  16. {
  17.   $_GET['action'] = '';
  18.   $messageStack->add_session(ERROR_ADMIN_DEMO, 'caution');
  19.   zen_redirect(zen_href_link(FILENAME_DEFAULT));
  20. }
  21. if (isset($_POST['login']))
  22. {
  23.   zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
  24. }
  25. // Slam prevention:
  26. if ($_SESSION['login_attempt'] > 9) {
  27.   header('HTTP/1.1 406 Not Acceptable');
  28.   exit(0);
  29. }
  30. $error = false;
  31. $reset_token = '';
  32. $email_message = '';
  33. if (isset($_POST['submit']))
  34. {
  35.   if (! $_POST['admin_email'])
  36.   {
  37.     $error = true;
  38.     $email_message = ERROR_WRONG_EMAIL_NULL;
  39.   }
  40.   $admin_email = zen_db_prepare_input($_POST['admin_email']);
  41.   $sql = "select admin_id, admin_name, admin_email, admin_pass from " . TABLE_ADMIN . " where admin_email = :admEmail: LIMIT 1";
  42.   $sql = $db->bindVars($sql, ':admEmail:', $admin_email, 'string');
  43.   $result = $db->Execute($sql);
  44.   if (! ($admin_email == $result->fields['admin_email']))
  45.   {
  46.     $error = true;
  47.     $email_message = MESSAGE_PASSWORD_SENT;
  48.     $resetToken = 'bad';
  49.   }
  50.   // BEGIN SLAM PREVENTION
  51.   if ($_POST['admin_email'] != '')
  52.   {
  53.     if (! isset($_SESSION['login_attempt'])) $_SESSION['login_attempt'] = 0;
  54.     $_SESSION['login_attempt'] ++;
  55.   } // END SLAM PREVENTION
  56.  
  57.   if ($error == false)
  58.   {
  59.     $new_password = zen_create_PADSS_password((int)ADMIN_PASSWORD_MIN_LENGTH < 7 ? 7 : (int)ADMIN_PASSWORD_MIN_LENGTH);
  60.     $resetToken = (time() + ADMIN_PWD_TOKEN_DURATION) . '}' . zen_encrypt_password($new_password);
  61.     $sql = "update " . TABLE_ADMIN . " set reset_token = :token: where admin_id = :admID: ";
  62.     $sql = $db->bindVars($sql, ':token:', $resetToken, 'string');
  63.     $sql = $db->bindVars($sql, ':admID:', $result->fields['admin_id'], 'string');
  64.     $db->Execute($sql);
  65.     $html_msg['EMAIL_CUSTOMERS_NAME'] = $result->fields['admin_name'];
  66.     $html_msg['EMAIL_MESSAGE_HTML'] = sprintf(TEXT_EMAIL_MESSAGE_PWD_RESET, $_SERVER['REMOTE_ADDR'], $new_password);
  67.     zen_mail($result->fields['admin_name'], $result->fields['admin_email'], TEXT_EMAIL_SUBJECT_PWD_RESET, sprintf(TEXT_EMAIL_MESSAGE_PWD_RESET, $_SERVER['REMOTE_ADDR'], $new_password), STORE_NAME, EMAIL_FROM, $html_msg, 'password_forgotten_admin');
  68.     $email_message = MESSAGE_PASSWORD_SENT;
  69.   }
  70. }
  71. ?>
  72. <!DOCTYPE html >
  73. <html <?php echo HTML_PARAMS; ?>>
  74. <head>
  75. <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
  76. <title><?php echo TITLE; ?></title>
  77. <meta name="robots" content="noindex, nofollow" />
  78. <link href="includes/stylesheet.css" rel="stylesheet" type="text/css">
  79. </head>
  80. <body id="login" onload="document.getElementById('admin_email').focus()">
  81.   <div class="container">
  82.     <div class="row">
  83.     <div class="four columns centered end">
  84.       <form id="loginForm" action="<?php echo zen_href_link(FILENAME_PASSWORD_FORGOTTEN, 'action=update', 'SSL'); ?>" method="post">
  85.       <?php echo zen_draw_hidden_field('securityToken', $_SESSION['securityToken']); ?>
  86.         <fieldset>
  87.           <legend><?php echo HEADING_TITLE; ?></legend>
  88.           <?php if ($resetToken == '') { ?>
  89.           <div class="row">
  90.             <div class="three columns">
  91.               <label for="admin_email"><?php echo TEXT_ADMIN_EMAIL; ?></label>
  92.             </div>
  93.             <div class="six columns end">
  94.               <input class="left inline" type="text" id="admin_email" name="admin_email" value="" autocomplete="off" autofocus="autofocus">
  95.             </div>
  96.           </div>
  97.           <?php } ?>
  98.           <p class="messageStackSuccess"><?php echo $email_message; ?></p>
  99.           <?php if ($resetToken == '') { ?>
  100.           <input type="submit" name="submit" class="button" value="<?php echo TEXT_BUTTON_REQUEST_RESET; ?>">
  101.           <input type="submit" name="login" class="button" value="<?php echo TEXT_BUTTON_CANCEL; ?>">
  102.           <?php } else { ?>
  103.           <input type="submit" name="login" class="button" value="<?php echo TEXT_BUTTON_LOGIN; ?>">
  104.           <?php } ?>
  105.         </fieldset>
  106.       </form>
  107.     </div>
  108.   </div>
  109. </div>
  110. </body>
  111. </html>
  112. <?php require('includes/application_bottom.php'); ?>
  113.  


cron