Lexiconga/php/passwordreset.php

<?php
function Set_Password_Reset($email) {
    $date = date("Y-m-d H:i:s");
    $reset_code = random_string(20);
    $query = "UPDATE `users` SET `password_reset_code`='" . $reset_code . "', `password_reset_date`='" . $date . "' WHERE `email`='" . $email . "';";
    $reset = query($query);
    
    if ($reset) {
        $to = $email;
        $subject = "Here's your Lexiconga password reset link";
        $message = "Hello " . Get_Public_Name_By_Email($email) . "\r\n\r\nSomeone has requested a password reset link for your Lexiconga account. If it was you, you can reset your password by going to the link below and entering a new password for yourself:\r\n";
        $message .= "http://lexicon.ga/?passwordreset&account=" . Get_User_Id($email) . "&code=" . $reset_code . "\r\n\r\n";
        $message .= "If it wasn't you who requested the link, you can ignore this email since it was only sent to you, but you might want to consider changing your password when you have a chance.\r\n\r\n";
        $message .= "The password link will only be valid for today until you use it.\r\n\r\n";
        $message .= "Thanks!\r\nThe Lexiconga Admins";
        $header = "From: Lexiconga Password Reset <donotreply@lexicon.ga>\r\n" .
                  "Reply-To: help@lexicon.ga\r\n" .
                  "X-Mailer: PHP/" . phpversion();

        if (mail($to, $subject, $message, $header)) {
            return true;
        } else {
            return "could not send";
        }
    } else {
        return false;
    }
}

function Check_Password_Reset($id, $code) {
    $date = date("Y-m-d");
    $daterange = "'" . $date . " 00:00:00' AND '" . $date . " 23:59:59'";
    $query = "SELECT * FROM `users` WHERE `id`='" . $id . "' AND `password_reset_code`='" . $code . "' AND `password_reset_date` BETWEEN " . $daterange . ";";
    $users = query($query);
    
    if ($users && num_rows($users) === 1) {
        return true;
    } else {
        return false;
    }
}

function Reset_Password($password, $email) {
    $query = "UPDATE `users` SET `password`='" . crypt($password, $email) . "', `password_reset_date`='0000-00-00 00:00:00' WHERE `email`='" . $email . "';";
    $reset = query($query);
    
    if ($reset) {
        return true;
    } else {
        return false;
    }
}
?>
Started on password reset. 2015-12-02 02:01:52 +01:00			`<?php`
			`function Set_Password_Reset($email) {`
			`$date = date("Y-m-d H:i:s");`
Moved random_string() to helpers.php. Renamed password_reset_validation.php to ajax_passwordresetvalidation.php for consistency. 2015-12-02 02:05:38 +01:00			`$reset_code = random_string(20);`
Added Password Reset and Account Settings management. 2015-12-12 02:06:47 +01:00			$query = "UPDATE `users` SET `password_reset_code`='" . $reset_code . "', `password_reset_date`='" . $date . "' WHERE `email`='" . $email . "';";
Started on password reset. 2015-12-02 02:01:52 +01:00			`$reset = query($query);`

			`if ($reset) {`
Untested - email to the password reset email. 2015-12-03 01:25:06 +01:00			`$to = $email;`
			`$subject = "Here's your Lexiconga password reset link";`
Added Password Reset and Account Settings management. 2015-12-12 02:06:47 +01:00			`$message = "Hello " . Get_Public_Name_By_Email($email) . "\r\n\r\nSomeone has requested a password reset link for your Lexiconga account. If it was you, you can reset your password by going to the link below and entering a new password for yourself:\r\n";`
			`$message .= "http://lexicon.ga/?passwordreset&account=" . Get_User_Id($email) . "&code=" . $reset_code . "\r\n\r\n";`
			`$message .= "If it wasn't you who requested the link, you can ignore this email since it was only sent to you, but you might want to consider changing your password when you have a chance.\r\n\r\n";`
			`$message .= "The password link will only be valid for today until you use it.\r\n\r\n";`
			`$message .= "Thanks!\r\nThe Lexiconga Admins";`
			`$header = "From: Lexiconga Password Reset <donotreply@lexicon.ga>\r\n" .`
			`"Reply-To: help@lexicon.ga\r\n" .`
			`"X-Mailer: PHP/" . phpversion();`
Untested - email to the password reset email. 2015-12-03 01:25:06 +01:00
			`if (mail($to, $subject, $message, $header)) {`
			`return true;`
			`} else {`
			`return "could not send";`
			`}`
Started on password reset. 2015-12-02 02:01:52 +01:00			`} else {`
			`return false;`
			`}`
			`}`

Added Password Reset and Account Settings management. 2015-12-12 02:06:47 +01:00			`function Check_Password_Reset($id, $code) {`
Started on password reset. 2015-12-02 02:01:52 +01:00			`$date = date("Y-m-d");`
			`$daterange = "'" . $date . " 00:00:00' AND '" . $date . " 23:59:59'";`
Added Password Reset and Account Settings management. 2015-12-12 02:06:47 +01:00			$query = "SELECT * FROM `users` WHERE `id`='" . $id . "' AND `password_reset_code`='" . $code . "' AND `password_reset_date` BETWEEN " . $daterange . ";";
Started on password reset. 2015-12-02 02:01:52 +01:00			`$users = query($query);`

			`if ($users && num_rows($users) === 1) {`
			`return true;`
			`} else {`
			`return false;`
			`}`
			`}`

			`function Reset_Password($password, $email) {`
Added Password Reset and Account Settings management. 2015-12-12 02:06:47 +01:00			$query = "UPDATE `users` SET `password`='" . crypt($password, $email) . "', `password_reset_date`='0000-00-00 00:00:00' WHERE `email`='" . $email . "';";
Started on password reset. 2015-12-02 02:01:52 +01:00			`$reset = query($query);`

			`if ($reset) {`
			`return true;`
			`} else {`
			`return false;`
			`}`
			`}`
			`?>`