real_escape_string($_POST['crkey']);
$rnpass = $mysqli->real_escape_string($_POST['rnpass']);
$cuser = $mysqli->real_escape_string($_POST['cuser']);
$npass = $mysqli->real_escape_string($_POST['npass']);
$userinfoc = $polrauth->getinfomu($cuser); // fetch info
if ($userinfoc == false) {
echo "
That username is not associated with any account. Please try again.
"
. "
"
. "Back";
require_once 'footer.php';
die();
}
if ($userinfoc == false) {
// if user does not exist
require_once 'header.php';
echo "User or key invalid or already used.
";
require_once 'footer.php';
die();
}
if ($userinfoc['rkey'] == $_POST['crkey']) { // if rkey & user check out
if ($npass != $rnpass) {
// if new pass & repeat don't match
require_once 'header.php';
echo "Passwords don't match. Try again. (click the link in the email again)
";
require_once 'footer.php';
die();
} else { // all checks out
$fpass->changepass($npass, $cuser); // change pass
$polrauth->crkey($cuser); //change rkey
require_once 'header.php';
echo "Password changed.
";
require_once 'footer.php';
die();
}
}
}
$fpass = new fpass();
if (isset($_GET['key']) && isset($_GET['username'])) {
$username = $mysqli->real_escape_string($_GET['username']);
$userinfoc = $polrauth->getinfomu($username); // fetch info
if ($userinfoc == false) {
echo "That username is not associated with any account. Please try again.
"
. "
"
. "Back";
require_once 'footer.php';
die();
}
if ($userinfoc == false) {
// if user does not exist
require_once 'header.php';
echo "User or key invalid or already used.
";
require_once 'footer.php';
die();
}
//var_dump($userinfoc);
if ($userinfoc['rkey'] == $_GET['key']) {
require_once 'header.php';
echo "Change Password for {$_GET['username']}
";
echo "";
echo "";
require_once 'footer.php';
die();
}
}
/*
if (isset($_POST['username']) == true && isset($_POST['key']) == true) {
}
*/
@$email = $_POST['email'];
if (!$email) {
// if requesting form
echo "Forgot your password?
"
. "
"
. "";
require_once 'footer.php';
die();
}
if (strlen($email) < 5) {
echo "Forgot your password?
"
. "
"
. "";
require_once 'footer.php';
die();
}
$email = $mysqli->real_escape_string($_POST['email']);
$userinfo = $polrauth->getinfome($email);
if ($userinfo == false) {
echo "That email is not associated with any account. Please try again.
"
. "
"
. "Back";
require_once 'footer.php';
die();
}
$rkey = $userinfo['rkey'];
$username = $userinfo['username'];
$fpass->sendfmail($email, $username, $rkey); // send the email
echo "Email successfully sent. Check your inbox for more info.";
require_once 'footer.php';