-
Notifications
You must be signed in to change notification settings - Fork 0
/
passwordreset.php
138 lines (132 loc) · 9.64 KB
/
passwordreset.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
<?PHP
require("import/sessionstart.php");
require_once("import/continuer.php");
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Reset your Assembl password</title>
<base href="https://accounts.assembl.net/" />
<link rel="stylesheet" href="/loginstyles.css" />
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<link rel="icon" type="image/ico" href="/favicon.ico" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="theme-color" content="#193864" />
<script src='https://www.google.com/recaptcha/api.js'></script>
<script>
function getParameterByName(name, url) {
if (!url) url = window.location.href;
name = name.replace(/[\[\]]/g, "\\$&");
var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)", "i"),
results = regex.exec(url);
if (!results) return null;
if (!results[2]) return '';
return decodeURIComponent(results[2].replace(/\+/g, " "));
}
</script>
</head>
<body>
<div class="signin-table">
<div class="signin-table-cell">
<div class="signin-table-cell-content">
<div style="display: none;" id="loading">
<img class="loading-svg" src="import/loading.svg" />
</div>
<script src="/import/loader.js"></script>
<h1>Assembl</h1>
<h2>Reset your password</h2>
<hr />
<?PHP if (isset($_SESSION["reset_errors"]) && isset($_SESSION["reset_errors"]["general"]) && !empty($_SESSION["reset_errors"]["general"])) { echo '<div class="form-error centered">' . $_SESSION["reset_errors"]["general"] . '</div><hr />'; } ?>
<?PHP if (!isset($_GET["step"]) || empty($_GET["step"]) || $_GET["step"] == "sendmail") { ?>
<form action="/callback/pwreset-cb/?step=sendmail&continue=<?PHP echo $encodedContinueUrl; ?>" method="post" autocomplete="off">
<p>Enter your account's e-mail address and we'll send you a password reset link.</p>
<label for="reset-form-email">E-mail address</label>
<div class="form-error"><?PHP if (isset($_SESSION["reset_errors"]) && isset($_SESSION["reset_errors"]["email"]) && !empty($_SESSION["reset_errors"]["email"])) { echo $_SESSION["reset_errors"]["email"]; } ?></div>
<input class="assembl-input" type="email" maxlength="100" id="reset-form-email" name="reset-form-email" value="<?PHP if (isset($_SESSION["reset_details"]) && isset($_SESSION["reset_details"]["email"]) && !empty($_SESSION["reset_details"]["email"])) { echo $_SESSION["reset_details"]["email"]; } else if (isset($_GET["email"]) && !empty($_GET["email"])) { echo $_GET["email"]; } ?>" />
<br />
<div class="form-error centered" style="margin-bottom: 8px;"><?PHP if (isset($_SESSION["reset_errors"]) && isset($_SESSION["reset_errors"]["captcha"]) && !empty($_SESSION["reset_errors"]["captcha"])) { echo $_SESSION["reset_errors"]["captcha"]; } ?></div>
<noscript><div class="form-error centered">Please disable NoScript to complete a captcha and prove you're not a bot.</div></noscript>
<div class="g-recaptcha" data-sitekey="***REMOVED_G_RECAPTCHA_SITEKEY***" data-theme="light" data-size="normal" ></div>
<br />
<input type="submit" class="assembl-btn full-width" id="reset-form-submit" name="reset-form-submit" value="Send password reset e-mail" />
<div class="below-submit">
<?PHP if (strpos($continueUrl, "accounts.assembl.net/settings/") !== false) { ?>
<div style="text-align: center; float: left; width: 100%;"><a href="/settings/">Back to settings</a></div>
<?PHP } else { ?>
<div style="text-align: center; float: left; width: 100%;"><a href="/signin/?continue=<?PHP echo $encodedContinueUrl; ?>">Back to sign in</a></div>
<?PHP } ?>
</div>
</form>
<?PHP } else if ($_GET["step"] == "mailsent" && isset($_SESSION["pw_reset_mail_sent"]) && $_SESSION["pw_reset_mail_sent"] === true) { ?>
<p><b>We've sent you a link to reset your password via your e-mail address.</b></p>
<p><small>You can now close this window.</small></p>
<?PHP
} else if ($_GET["step"] == "code" && ((isset($_GET["code"]) && !empty($_GET["code"])) || (isset($_SESSION["pw_reset_uid"]) && !empty($_SESSION["pw_reset_uid"])))) {
require_once("import/assembldb.php");
$connection = AssemblDB::getAccountsConnection();
$sql = "SELECT uid, reset_code, reset_code_expires FROM `users`.`accounts` WHERE reset_code='".AssemblDB::makeSafe($_GET["code"], $connection)."' LIMIT 1";
$result = mysqli_query($connection, $sql);
if (mysqli_num_rows($result) > 0 || (isset($_SESSION["pw_reset_uid"]) && !empty($_SESSION["pw_reset_uid"]))) {
$accountData = mysqli_fetch_assoc($result);
if (!isset($_SESSION["pw_reset_uid"])) {
$resetCodeExpires = strtotime($accountData["reset_code_expires"]);
}
else {
$resetCodeExpires = 0;
}
if ($resetCodeExpires < time() || (isset($_SESSION["pw_reset_uid"]) && !empty($_SESSION["pw_reset_uid"]))) {
if (!isset($_SESSION["pw_reset_uid"])) {
$_SESSION["pw_reset_uid"] = $accountData["uid"];
$sql = "UPDATE `users`.`accounts` SET `reset_code`=NULL, `reset_code_expires`=NULL WHERE uid='".AssemblDB::makeSafe($accountData["uid"], $connection)."' LIMIT 1";
$result = mysqli_query($connection, $sql);
}
?>
<form action="/callback/pwreset-cb/?step=pwchangecode&continue=<?PHP echo $encodedContinueUrl; ?>" method="post" autocomplete="off">
<label for="reset-form-password">New password</label>
<input class="assembl-input" type="password" maxlength="72" id="reset-form-password" name="reset-form-password" />
<label for="reset-form-password-check">Confirm new password</label>
<input class="assembl-input" type="password" maxlength="72" id="reset-form-password-check" name="reset-form-password-check" />
<br />
<input type="submit" class="assembl-btn full-width" id="reset-form-submit" name="reset-form-submit" value="Reset password" />
</form>
<?PHP
}
else {
?>
<p><b>This link has expired.</b></p>
<?PHP echo $resetCodeExpires; ?>
<br />
<?PHP echo time(); ?>
<p><small>Click <a href="/passwordreset/?step=sendmail&continue=<?PHP echo $encodedContinueUrl; ?>">here</a> if you still wish to reset your password.</small></p>
<?PHP
}
}
else {
?>
<p><b>This link is invalid or has already been used.</b></p>
<p><small>Click <a href="/passwordreset/?step=sendmail&continue=<?PHP echo $encodedContinueUrl; ?>">here</a> if you still wish to reset your password.</small></p>
<?PHP
}
} else if ($_GET["step"] == "confirm" && $_SESSION["pw_reset_success"] === true) { ?>
<p><b>Your password has been reset.</b></p>
<p><small>You can now sign in using your new password.</small></p>
<a class="assembl-btn full-width" href="/signin/?continue=<?PHP echo $encodedContinueUrl; ?>">Sign in now</a>
<?PHP
unset($_SESSION["pw_reset_success"]);
} else {
$_SESSION["reset_details"] = array();
$_SESSION["reset_errors"] = array();
$_SESSION["reset_errors"]["general"] = "Something went oddly wrong. Please try again.";
header("Location: /passwordreset/");
die();
}
?>
</div>
</div>
</div>
</body>
</html>
<?PHP
$_SESSION["reset_errors"] = array();
?>