getMessage ()); } session_name ($instance->getSession ()); session_start (); $_SESSION = array (); session_destroy (); session_name ($instance->getSession () .'_PUBLIC_'); session_start (); define ('XOAD_AUTOHANDLE', true); require_once Instance::singleton ()->getCorePath () .'class/AjaxPasswd.php'; require_once Instance::singleton ()->getCorePath () .'xoad/xoad.php'; XOAD_Server::allowClasses ('AjaxPasswd'); if (XOAD_Server::runServer ()) exit (); try { if (!isset ($_GET['login']) || !isset ($_GET['hash'])) throw new Exception ('Houve perda de variáveis!'); $login = urldecode ($_GET['login']); $hash = $_GET['hash']; $validate = array ("'", '"', '\\', '--', '/*', '*/'); $validLogin = str_replace ($validate, '', $login); if ($login !== $validLogin) throw new Exception ('Attention! Probably attack detected. Access Denied!'); $db = Database::singleton (); $sth = $db->prepare ("SELECT _name, _email, _login, _active, _password, _type FROM _user WHERE _login = :login AND _deleted = '0'"); $sth->bindValue (':login', $login, PDO::PARAM_STR); $sth->execute (); $obj = $sth->fetch (PDO::FETCH_OBJ); if (!$obj) throw new Exception ('Login from invalid user.'); if (!((int) $obj->_active)) throw new Exception (__ ('Your user is inactive into the system! If you registered recently, wait for one register avaliation.')); $name = $obj->_name; $email = $obj->_email; $passwd = $obj->_password; if (Security::singleton ()->getUserType ($obj->_type)->useLdap ()) { $ldap = Security::singleton ()->getUserType ($obj->_type)->getLdap (); $fields = array ('userPassword', 'mail', 'cn'); $ldap->connect (FALSE, FALSE, TRUE); $result = $ldap->load ($login, $fields); $name = $result ['cn']; $email = $result ['mail']; $passwd = $result ['userpassword']; $ldap->close (); } $systemHash = Security::singleton ()->getHash (); $vHash = sha1 ($systemHash . $name . $systemHash . $passwd . $systemHash . $email . $systemHash); if ((strlen ($hash) != 10 && $hash != $vHash) || (strlen ($hash) != 40 && $hash != shortlyHash ($vHash))) throw new Exception (__ ('Invalid link! Use the link \'Recovery Password\' at the logon page for receive a valid link.')); $skin = Skin::singleton (); } catch (PDOException $e) { header ('Location: '. $instance->getLoginUrl () . '&error='. urlencode ($e->getMessage ())); exit (); } catch (Exception $e) { header ('Location: '. $instance->getLoginUrl () . '&error='. urlencode ($e->getMessage ())); exit (); } ?>
= __ ('Name') ?>: | = $obj->_name ?> | |
Login: | = $obj->_login ?> | |
E-mail: | = $obj->_email ?> | |
= __ ('New Password') ?>: | ||
= __ ('Confirm Password') ?>: | ||