AddToMessageList('Email sent successfully', 'An email has been re-sent to your account with details on changing your password'); $Hide = true; break; case 'SetPassword': if(isset($ExpireDate) && isset($UserId)) { if($ActivateAccount == "true") { $NewUser = new User(); $NewUser->LoadUser($UserId); $Hide = false; if(!IsEmpty($NewUser->SALT) || !IsEmpty($NewUser->HASH) || $NewUser->UserTypeId != 3) { header("Location: ".APPROOT."login.php"); exit; } } else if(strtotime("now") > $ExpireDate) { $Errors->AddToErrorList('Expired', 'This link has expired. Please click here to email another password change request.', true); } else { $NewUser = new User(); $NewUser->LoadUser($UserId); $Hide = false; if(IsEmpty($NewUser->SALT) || IsEmpty($NewUser->HASH) || $NewUser->UserTypeId != 3) { header("Location: ".APPROOT."login.php"); exit; } } } break; } $ErrorCount = $Errors->ErrorCount(); } function IsValid() { global $Errors,$ErrorsPassword,$ErrorConfirmPassword,$ErrorSecurityQuestion; if(trim($_POST["txtPassword"]) == '') { $Errors->AddToErrorList(PASSWORD, E_FIELD); $ErrorsPassword['class'] = 'input_error'; $ErrorsPassword['message'] = 'Password Cannot Be Empty'; } else if(strlen(trim($_POST["txtPassword"])) < 6) { $Errors->AddToErrorList(PASSWORD, MINLENGTH); $ErrorsPassword['class'] = 'input_error'; $ErrorsPassword['message'] = MINLENGTH; } if(trim($_POST["txtConfirmPassword"]) == '') { $Errors->AddToErrorList(CONFIRM_PASSWORD, E_FIELD); $ErrorConfirmPassword['class'] = 'input_error'; $ErrorConfirmPassword['message'] = E_FIELD; } else if($_POST["txtPassword"] != $_POST["txtConfirmPassword"]) { $Errors->AddToErrorList(PASSWORD_CONFIRM_PASSWORD , "Passwords do not match"); $ErrorConfirmPassword['class'] = 'input_error'; $ErrorConfirmPassword['message'] = "Passwords do not match"; } if(trim($_POST["txtAnswer"]) == '') { $Errors->AddToErrorList(SECURITYQUESTION, E_FIELD); $ErrorSecurityQuestion['class'] = 'input_error'; $ErrorSecurityQuestion['message'] = E_FIELD; } else if(strlen(trim($_POST["txtAnswer"])) < 6) { $Errors->AddToErrorList(SECURITYQUESTION , MINLENGTH); $ErrorSecurityQuestion['class'] = 'input_error'; $ErrorSecurityQuestion['message'] = MINLENGTH; } if($Errors->ErrorCount() > 0) return false; else return true; } if(isset ($_POST['btnSubmitSetPassword']) && IsValid()) { $Client = new User(); $Client->LoadUser($UserId); $Salt = GenerateSALT(); $Client->SALT = $Salt; $Client->HASH = GenerateHASH($Salt, $_POST['txtPassword']); $Client->SecurityQuestionId = $Decrypt->decrypt($_POST['drpdwnSecurityQuestion']); $Client->SecurityChallenge = GenerateHASH($Salt, $_POST['txtAnswer']); $Client->Status = 1; try { $DAL->BeginTransaction(); $Client->UpdateUser(); $DAL->CommitTransaction(); header("Location: ".APPROOT."login.php?".$Encrypt->encrypt("Title=Success&Message=Your password has been reset successfully&Timeout=true")); exit; } catch(Exception $ex) { global $Errors, $DAL; $DAL->RollbackTransaction(); $Message = (DebugMode()) ? $ex->getMessage() : false; $Errors->AddToErrorList("Error Processing Request", $Message); $Log = new SystemLogging(); $Log->Title = "Error Resetting Password"; $Log->UserId = $UserId; $Log->File = $ex->getFile(); $Log->Line = $ex->getLine(); $Log->Message = $ex->getMessage(); $Log->Variables = $Log->GenerateHeader("Code").$ex->getCode().$Log->GenerateFooter("Code").$Log->GenerateHeader("Stack Trace").$ex->getTraceAsString().$Log->GenerateFooter("Stack Trace").$Log->GenerateHeader("Query String").$_SERVER['QUERY_STRING'].$Log->GenerateFooter("Query String"); $Log->InsertLog(); } } function IsValidResetPassword() { global $Errors, $ErrorsEmail; if(IsEmpty($_POST["txtUserLogin"])) { $Errors->AddToErrorList(EMAIL, E_FIELD); $ErrorsEmail['class'] = 'input_error'; $ErrorsEmail['message'] = 'Email Address Cannot Be Empty'; } else if(!RegExValidator(trim($_POST['txtUserLogin']), 7)) { $Errors->AddToErrorList(EMAIL, INVALID_EMAIL); $ErrorsEmail['class'] = 'input_error'; $ErrorsEmail['message'] = "Please enter a valid email "; } if($Errors->ErrorCount() > 0) return false; else return true; } if(isset($_POST['btnSubmitResetPassword']) && IsValidResetPassword()) { $GetUser = new User(); $Credentials = $GetUser->CheckUserExistsByLogin($_POST['txtUserLogin'], true); if($Credentials && !IsEmpty($Credentials['SALT']) && !IsEmpty($Credentials['HASH']) ) { if($Credentials['SecurityQuestionId']) { $SecurityQuestion = new SecurityQuestion(); //if(!$SecurityQuestion->LoadQuestion($Credentials['SecurityQuestionId'])) //$Errors->AddToErrorList("Error"); $SecurityQuestion->LoadQuestion($Credentials['SecurityQuestionId']); } else { $UserObj = new User(); $UserObj->LoadUser($Credentials['Id']); SendPassRecoveryEmail($UserObj); } } else { $Errors->AddToErrorList(EMAIL, "No account could be found with the email provided"); $ErrorsEmail['class'] = 'input_error'; $ErrorsEmail['message'] = "No account could be found with the email provided"; } } if(isset($_POST['x'])) { $GetUser = new User(); $Credentials = $GetUser->CheckUserExistsById($Decrypt->decrypt($_POST['x']), true); if($Credentials) { $SecurityQuestion = new SecurityQuestion(); // if(!$SecurityQuestion->LoadQuestion($Credentials['SecurityQuestionId'])) // $Errors->AddToErrorList("Error"); $SecurityQuestion->LoadQuestion($Credentials['SecurityQuestionId']); } else { $Errors->AddToErrorList("Error"); } } function IsValidQuestion() { global $Errors, $ErrorsAnswer; if(IsEmpty($_POST['txtAnswer'])) $Errors->AddToErrorList(SECURITYQUESTION, E_FIELD); $ErrorsAnswer = 'input_error'; if($Errors->ErrorCount() > 0) return false; else return true; } function SendPassRecoveryEmail($UserObj) { global $Errors, $DAL , $Encrypt; $objEmail = new Email($UserObj->UserLogin, NOTIFICATIONNAME .' <'.NOTIFICATIONEMAIL.'>', 'Password Recovery with Web Suite Pro'); $rtnString = Template::GetTemplate(6, array( '' => $UserObj->FirstName." ".$UserObj->LastName, '' => APPROOT."resetpassword.php?".$Encrypt->encrypt('option=SetPassword&UserId='.$UserObj->Id."&ExpireDate=".date("Y-m-d", mktime(0, 0, 0, date("m") , date("d")+2, date("Y")) )))); $objEmail->Content = $rtnString; try { $DAL->BeginTransaction(); $objEmail->Send(); $UserObj->SetUserStatus(2, $UserObj->Id); $DAL->CommitTransaction(); header("Location: ".APPROOT."resetsuccess.php"); exit; } catch (Exception $ex) { $DAL->RollbackTransaction(); $Message = (DebugMode()) ? $ex->getMessage() : false; $Errors->AddToErrorList("Error Processing Request", $Message); $Log = new SystemLogging(); $Log->Title = "Error Resetting Password"; $Log->UserId = $UserId; $Log->File = $ex->getFile(); $Log->Line = $ex->getLine(); $Log->Message = $ex->getMessage(); $Log->Variables = $Log->GenerateHeader("Code").$ex->getCode().$Log->GenerateFooter("Code").$Log->GenerateHeader("Stack Trace").$ex->getTraceAsString().$Log->GenerateFooter("Stack Trace").$Log->GenerateHeader("Query String").$_SERVER['QUERY_STRING'].$Log->GenerateFooter("Query String"); $Log->InsertLog(); } } if(isset($_POST['btnSubmitSendEmail']) && IsValidQuestion()) { //debugObj($Credentials); // echo 'Answer = '.$_POST['txtAnswer'] . "
" ; // echo GenerateHASH($Credentials['Salt'], $_POST['txtAnswer']) . " - " . $Credentials['SecurityChallenge']; // echo "
"; if(GenerateHASH($Credentials['Salt'], $_POST['txtAnswer']) == $Credentials['SecurityChallenge']) { $UserObj = new User(); $UserObj->LoadUser($Credentials['Id']); SendPassRecoveryEmail($UserObj); } else { $Errors->AddToErrorList(SECURITYQUESTION, "Incorrect"); } } ?>