Hệ thống quản lý phòng khám trực tuyến bằng PHP
- membership_passwordReset.php
- project /
1 <?php
2 $currDir=dirname(__FILE__);
3 include("$currDir/defaultLang.php");
4 include("$currDir/language.php");
5 include("$currDir/lib.php");
6 include_once("$currDir/header.php");
7
8 $adminConfig = config('adminConfig');
9
10 $reset_expiry = 86400; // time validity of reset key in seconds
11
12 #_______________________________________________________________________________
13 # Step 4: Final step; change the password
14 #_______________________________________________________________________________
15 if($_POST['changePassword'] && $_POST['key']){
16 $expiry_limit = time() - $reset_expiry - 900; // give an extra tolerence of 15 minutes
17 $res = sql("select * from membership_users where pass_reset_key='" . makeSafe($_POST['key']) . "' and pass_reset_expiry>$expiry_limit limit 1", $eo);
18
19 if($row = db_fetch_assoc($res)){
20 if($_POST['newPassword'] != $_POST['confirmPassword'] || !$_POST['newPassword']){
21 ?>
22 <div class="alert alert-danger">
23 <?php echo $Translation['password no match']; ?>
24 </div>
25 <?php
26
27 include_once("$currDir/footer.php");
28 exit;
29 }
30
31 sql("update membership_users set passMD5='" . md5($_POST['newPassword']) . "', pass_reset_expiry=NULL, pass_reset_key=NULL where lcase(memberID)='" . addslashes($row['memberID']) . "'", $eo);
32 ?>
33 <div class="row">
34 <div class="col-md-6 col-md-offset-3">
35 <div class="alert alert-info">
36 <i class="glyphicon glyphicon-info-sign"></i>
37 <?php echo $Translation['password reset done']; ?>
38 </div>
39 </div>
40 </div>
41 <?php
42 }else{
43 ?>
44 <div class="alert alert-danger">
45 <?php echo $Translation['password reset invalid']; ?>
46 </div>
47 <?php
48 }
49
50 include_once("$currDir/footer.php");
51 exit;
52 }
53 #_______________________________________________________________________________
54 # Step 3: This is the special link that came to the member by email. This is
55 # where the member enters his new password.
56 #_______________________________________________________________________________
57 if($_GET['key'] != ''){
58 $expiry_limit = time() - $reset_expiry;
59 $res = sql("select * from membership_users where pass_reset_key='" . makeSafe($_GET['key']) . "' and pass_reset_expiry>$expiry_limit limit 1", $eo);
60
61 if($row = db_fetch_assoc($res)){
62 ?>
63 <div class="page-header"><h1><?php echo $Translation['password change']; ?></h1></div>
64
65 <div class="row">
66 <div class="col-sm-8 col-sm-offset-2 col-md-6 col-md-offset-3 col-lg-4 col-lg-offset-4">
67 <form method="post" action="membership_passwordReset.php">
68 <div class="form-group">
69 <label for="name" class="control-label"><?php echo $Translation['username']; ?></label>
70 <p class="lead"><?php echo $row['memberID']; ?></p>
71 </div>
72 <div class="form-group">
73 <label for="newPassword" class="control-label"><?php echo $Translation['new password']; ?></label>
74 <input type="password" class="form-control" id="newPassword" name="newPassword" placeholder="<?php echo html_attr($Translation['new password']); ?>">
75 </div>
76 <div class="form-group">
77 <label for="confirmPassword" class="control-label"><?php echo $Translation['confirm password']; ?></label>
78 <input type="password" class="form-control" id="confirmPassword" name="confirmPassword" placeholder="<?php echo html_attr($Translation['confirm password']); ?>">
79 </div>
80
81 <div class="row">
82 <div class="col-sm-offset-3 col-sm-6">
83 <button class="btn btn-primary btn-lg btn-block" value="changePassword" id="changePassword" type="submit" name="changePassword" value="1"><?php echo $Translation['ok']; ?></button>
84 </div>
85 </div>
86
87 <input type="hidden" name="key" value="<?php echo $_GET['key']; ?>">
88 </form>
89 </div>
90 </div>
91 <?php
92 }else{
93 ?>
94 <div class="alert alert-danger">
95 <?php echo $Translation['password reset invalid']; ?>
96 </div>
97 <?php
98 }
99
100 include_once("$currDir/footer.php");
101 exit;
102 }
103 #_______________________________________________________________________________
104 # Step 2: Send email to member containing the reset link
105 #_______________________________________________________________________________
106 if($_POST['reset']){
107 $username = makeSafe(strtolower(trim($_POST['username'])));
108 $email = isEmail(trim($_POST['email']));
109
110 if((!$username && !$email) || ($username==$adminConfig['adminUsername'])){
111 redirect("membership_passwordReset.php?emptyData=1");
112 exit;
113 }
114
115 ?><div class="page-header"><h1><?php echo $Translation['password reset']; ?></h1></div><?php
116
117 $where = '';
118 if($username){
119 $where = "lcase(memberID)='{$username}'";
120 }elseif($email){
121 $where = "email='{$email}'";
122 }
123 $res = sql("select * from membership_users where {$where} limit 1", $eo);
124 if(!$row=db_fetch_assoc($res)){
125 ?>
126 <div class="alert alert-danger">
127 <?php echo $Translation['password reset invalid']; ?>
128 </div>
129 <?php
130 }else{
131 // avoid admin password change
132 if($row['memberID']==$adminConfig['adminUsername']){
133 ?>
134 <div class="alert alert-danger">
135 <?php echo $Translation['password reset invalid']; ?>
136 </div>
137 <?php
138
139 include_once("$currDir/footer.php");
140 exit;
141 }
142
143 // generate and store password reset key, if no valid key already exists
144 $no_valid_key = ($row['pass_reset_key'] == '' || ($row['pass_reset_key'] != '' && $row['pass_reset_expiry'] < (time() - $reset_expiry)));
145 $key = ($no_valid_key ? md5(microtime()) : $row['pass_reset_key']);
146 $expiry = ($no_valid_key ? time() + $reset_expiry : $row['pass_reset_expiry']);
147 @db_query("update membership_users set pass_reset_key='$key', pass_reset_expiry='$expiry' where memberID='" . addslashes($row['memberID']) . "'");
148
149 // determine password reset URL
150 $ResetLink = application_url("membership_passwordReset.php?key=$key");
151
152 // send reset instructions
153 sendmail(array(
154 'to' => $row['email'],
155 'subject' => $Translation['password reset subject'],
156 'message' => nl2br(str_replace('<ResetLink>', $ResetLink, $Translation['password reset message']))
157 ));
158
159 // display confirmation
160 ?>
161 <div class="row">
162 <div class="col-md-6 col-md-offset-3">
163 <div class="alert alert-info">
164 <i class="glyphicon glyphicon-info-sign" style="font-size: xx-large; float: left; margin: 0 10px;"></i>
165 <?php echo $Translation['password reset ready']; ?>
166 </div>
167 </div>
168 </div>
169 <?php
170 }
171
172 include_once("$currDir/footer.php");
173 exit;
174 }
175
176 #_______________________________________________________________________________
177 # Step 1: get the username or email of the member who wants to reset his password
178 #_______________________________________________________________________________
179
180 ?>
181 <div class="page-header"><h1><?php echo $Translation['password reset']; ?></h1></div>
182
183 <div class="row">
184 <div class="col-sm-8 col-sm-offset-2 col-md-6 col-md-offset-3 col-lg-4 col-lg-offset-4">
185 <form method="post" action="membership_passwordReset.php">
186 <div class="alert alert-info"><?php echo $Translation['password reset details']; ?></div>
187
188 <div class="form-group">
189 <label for="username" class="control-label"><?php echo $Translation['username']; ?></label>
190 <input type="text" class="form-control" id="username" name="username" placeholder="<?php echo html_attr($Translation['username']); ?>">
191 </div>
192
193 <div class="form-group">
194 <label for="email" class="control-label"><?php echo '<i>'.$Translation['or'].':</i> '.$Translation['email']; ?></label>
195 <input type="email" class="form-control" id="email" name="email" placeholder="<?php echo html_attr($Translation['email']); ?>">
196 </div>
197
198 <div class="row">
199 <div class="col-sm-offset-3 col-sm-6">
200 <button class="btn btn-primary btn-lg btn-block" value="<?php echo html_attr($Translation['ok']); ?>" id="reset" type="submit" name="reset"><?php echo $Translation['ok']; ?></button>
201 </div>
202 </div>
203
204 <?php if(is_array(getTableList()) && count(getTableList())){ /* if anon. users can see any tables ... */ ?>
205 <p style="margin-top: 1.5em;"><?php echo $Translation['browse as guest']; ?></p>
206 <?php } ?>
207 </form>
208 </div>
209 </div>
210
211 <script>
212 jQuery(function(){
213 jQuery('#username').focus();
214 <?php if($_GET['emptyData']){ ?>
215 jQuery('#username, #email').parent().addClass('has-error');
216 <?php } ?>
217 });
218 </script>
219
220 <?php include_once("$currDir/footer.php"); ?>