* * @author Double Bastion LLC * * @license GNU AGPL version 3 or any later version * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE * License as published by the Free Software Foundation; either * version 3 of the License, or any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Affero General Public * License along with this program. If not, see . * */ session_start(); if (isset($_POST['verifyToken']) && ($_POST['verifyToken'] == $_SESSION['forgotpass_access'])) { define('ACCESSCONST', TRUE); require('db-connect.php'); $currentSentEmail = $_POST['emailforgot']; $currentMessage = $_POST['messageToUser']; if (($currentSentEmail != '') && ($currentMessage == '')) { // Search the database for the specified email try { $query0 = $mysqli->prepare("SELECT id, username, emailaddress FROM panelusers WHERE emailaddress=?"); $query0->bind_param("s", $currentSentEmail); $query0->execute(); $fetchres = $query0->get_result(); $fetchData = $fetchres->fetch_row(); $query0->close(); if (empty($fetchData)) { $result = 'failure'; $messageonrequest = "Your email address hasn't been found !"; } else { /** * Send the verification email */ // Generate a random string to be used as the termination of the verification link function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') { $pieces = []; $max = mb_strlen($keyspace, '8bit') - 1; for ($i = 0; $i < $length; ++$i) { $pieces []= $keyspace[random_int(0, $max)]; } return implode('', $pieces); } $token = random_str(55); // Update the appropriate fields for the user having the given email address $initPassword = random_str(14); $newPassword = password_hash($initPassword, PASSWORD_DEFAULT); $userID = $fetchData[0]; $query1 = $mysqli->query("UPDATE panelusers SET password = '$newPassword', registered = '0', token = '$token', temporary = '$initPassword' WHERE id = '$userID'"); // Create the verification email $verificationLink = $_SERVER['REQUEST_SCHEME'] . "://" . $_SERVER['HTTP_HOST'] . "/forgotpass-verification.php?token=" . $token; $domaininit = explode(".", $_SERVER['HTTP_HOST']); array_shift($domaininit); $domain = implode(".", $domaininit); $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n"; $headers .= "From: " . "no-reply@" . $domain . "\r\n"; $subject = "RED SCARF Suite Panel email address verification"; $message = "Hello,

We have received your request related to regaining access to your account. Please verify your email address by clicking on the link below:

".$verificationLink."

Alternatively, you can copy the link and paste it in the address bar of your browser.

After email address verification you will receive a new email with further instructions.

Thank you,
RED SCARF Suite Panel
Host: '" . $_SERVER['HTTP_HOST'] . "'"; // Send the email mail($currentSentEmail, $subject, $message, $headers); $result = 'success'; $messageonrequest = "An email has been sent to your email address. Please follow the instructions in the received email to regain access to your panel account."; } } catch (mysqli_sql_exception $e) { $result = 'failure'; $messageonrequest = "An error occurred while processing your request. You can try sending your request again after a few moments !"; } $reqresponse = array('result' => $result, 'messageonrequest' => $messageonrequest); echo json_encode($reqresponse); } } else { header("Location: panel-login.php"); } ?>