web/public_php/ams/inc/reset_password.php

   1 <?php
   2
   3 function reset_password(){
   4     $email = filter_var($_GET["email"], FILTER_SANITIZE_EMAIL);
   5     $user = filter_var($_GET["user"], FILTER_SANITIZE_STRING);
   6     $key = filter_var($_GET["key"], FILTER_SANITIZE_STRING);
   7
   8     $target_id = WebUsers::getId($user);
   9     $webUser = new WebUsers($target_id);
  10
  11     if( (WebUsers::getIdFromEmail($email) == $target_id) && (hash('sha512',$webUser->getHashedPass()) == $key) ){
  12         //you are allowed on the page!
  13
  14         $GETString = "";
  15         foreach($_GET as $key => $value){
  16                 $GETString = $GETString . $key . '=' . $value . "&";
  17         }
  18         if($GETString != ""){
  19                 $GETString = '?'.$GETString;
  20         }
  21         $pageElements['getstring'] = $GETString;
  22
  23         return $pageElements;
  24
  25     }else{
  26         global $WEBPATH;
  27         $_SESSION['error_code'] = "403";
  28                 header("Cache-Control: max-age=1");
  29         header("Location: ".$WEBPATH."?page=error");
  30         throw new SystemExit();
  31     }
  32 }