close();
header("Location: .");
exit();
}
$requestMode = true;
$resetMode = false;
$theme = "light";
if (isset($_COOKIE['theme'])) {
$theme = $_COOKIE['theme'];
}
$colorTheme = "blue";
if (isset($_COOKIE['colorTheme'])) {
$colorTheme = $_COOKIE['colorTheme'];
}
$settings = $db->querySingle("SELECT * FROM admin", true);
if ($settings['smtp_address'] == "" || $settings['server_url'] == "") {
header("Location: .");
} else {
$resetPasswordEnabled = true;
}
$hasSuccessMessage = false;
$hasErrorMessage = false;
$passwordsMismatch = false;
$hideForm = false;
if (isset($_POST['email']) && $_POST['email'] != "" && isset($_GET['submit']) && $_GET['submit'] && !(isset($_GET['token'])) && !(isset($_POST['token']))) {
$requestMode = true;
$resetMode = false;
$email = $_POST['email'];
$user = $db->querySingle("SELECT * FROM user WHERE email = '$email'", true);
if ($user) {
$db->exec("DELETE FROM password_resets WHERE email = '$email'");
$token = bin2hex(random_bytes(32));
$db->exec("INSERT INTO password_resets (user_id, email, token) VALUES (" . $user['id'] . ", '$email', '$token')");
}
$hasSuccessMessage = true;
}
if (isset($_GET['token']) && $_GET['token'] != "" && isset($_GET['email']) && $_GET['email'] != "") {
$requestMode = false;
$resetMode = true;
$token = $_GET['token'];
$email = $_GET['email'];
$matchCount = "SELECT COUNT(*) FROM password_resets WHERE token = :token and email = :email";
$stmt = $db->prepare($matchCount);
$stmt->bindValue(':token', $token, SQLITE3_TEXT);
$stmt->bindValue(':email', $email, SQLITE3_TEXT);
$count = $stmt->execute()->fetchArray(SQLITE3_NUM);
if ($count[0] == 0) {
$hasErrorMessage = true;
$hideForm = true;
}
}
if (isset($_POST['password']) && $_POST['password'] != "" && isset($_POST['confirm_password']) && $_POST['confirm_password'] != "" && isset($_GET['submit']) && $_GET['submit']) {
$requestMode = false;
$resetMode = true;
$password = $_POST['password'];
$confirmPassword = $_POST['confirm_password'];
$token = $_POST['token'];
$email = $_POST['email'];
$resetQuery = "SELECT * FROM password_resets WHERE token = :token AND email = :email";
$stmt = $db->prepare($resetQuery);
$stmt->bindValue(':token', $token, SQLITE3_TEXT);
$stmt->bindValue(':email', $email, SQLITE3_TEXT);
$reset = $stmt->execute()->fetchArray(SQLITE3_ASSOC);
if ($reset) {
$user = $db->querySingle("SELECT * FROM user WHERE email = '" . $reset['email'] . "'", true);
if ($password == $confirmPassword) {
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$db->exec("UPDATE user SET password = '$passwordHash' WHERE id = " . $user['id']);
$db->exec("DELETE FROM password_resets WHERE token = '$token'");
$hasSuccessMessage = true;
$hideForm = true;
} else {
$hasErrorMessage = true;
$passwordsMismatch = true;
}
} else {
$hasSuccessMessage = false;
$hasErrorMessage = true;
}
}
?>
"/>
Wallos - Subscription Tracker
>
>
>
>
?>
