<?php
/*
  ****************************************************************************
  ***                                                                      ***
  ***      ViArt Shop Enterprise 2.7.1                                     ***
  ***      File:  forgot_password.php                                      ***
  ***      Built: Mon Sep 18 16:58:15 2006                                 ***
  ***      http://www.viart.com                                            ***
  ***                                                                      ***
  ****************************************************************************
*/


	include("./includes/common.php");
	include("./includes/navigator.php");
	include("./includes/tree.php");
	include("./includes/record.php");
	include("./includes/date_functions.php");

  $t = new VA_Template($settings["templates_dir"]);
  $t->set_file("main","forgot_password.html");
	$t->set_var("site_url", $settings["site_url"]);
	$t->set_var("forgot_password_href", "forgot_password.php");
	$t->set_var("FORGOT_PASSWORD_MSG", FORGOT_PASSWORD_MSG);
	$t->set_var("FORGOT_PASSWORD_DESC",FORGOT_PASSWORD_DESC);
	$t->set_var("SUBMIT_BUTTON",       SUBMIT_BUTTON);

	$message_desc = "";
	$error_desc = "";
	$email = get_param("email");

	if (strlen($email)) {
		if(preg_match(EMAIL_REGEXP, $email)) {
			$sql  = " SELECT * FROM " . $table_prefix . "users ";
			$sql .= " WHERE email=" . $db->tosql($email, TEXT);
			$db->query($sql);
			if($db->next_record()) {
				$user_id = $db->f("user_id");
				$t->set_vars($db->Record);

				// prepare settings to send email
				$forgotten_password = array();
				$sql = "SELECT setting_name,setting_value FROM " . $table_prefix . "global_settings WHERE setting_type='forgotten_password'";
				$db->query($sql);
				while($db->next_record()) {
					$forgotten_password[$db->f("setting_name")] = $db->f("setting_value");
				}

				$password_encrypt = get_setting_value($settings, "password_encrypt", 0);
				// parse subject and body message
				if ($password_encrypt == 1) {
					$reset_time_limit = get_setting_value($forgotten_password, "md5_time_limit", 1440); // 1440 - 1 day
					$user_subject = get_setting_value($forgotten_password, "md5_subject", FORGOT_PASSWORD_MSG);
					$user_message = get_setting_value($forgotten_password, "md5_message", "{reset_password_url}");

					$reset_password_ts = time() + ($reset_time_limit * 60); // max date when password can be reset
					srand ((double) microtime() * 1000000);
					$random_value = rand();
					$reset_password_code = substr(md5($reset_password_ts . $random_value), 0, 16);
					$reset_password_url = $settings["site_url"] . "reset_password.php?em=" . urlencode($email) . "&rc=" . $reset_password_code;
					$t->set_var("reset_password_code", $reset_password_code);
					$t->set_var("reset_password_date", va_date($datetime_show_format, $reset_password_ts));
					$t->set_var("reset_password_url", $reset_password_url);

					$sql  = " UPDATE " . $table_prefix . "users SET ";
					$sql .= " reset_password_code=" . $db->tosql($reset_password_code, TEXT) . ", ";
					$sql .= " reset_password_date=" . $db->tosql($reset_password_ts, DATETIME);
					$sql .= " WHERE user_id=" . $db->tosql($user_id, INTEGER);
					$db->query($sql);
				} else {
					$user_subject = get_setting_value($forgotten_password, "user_subject", FORGOT_PASSWORD_MSG);
					$user_message = get_setting_value($forgotten_password, "user_message", "{password}");
				}

				$t->set_block("user_subject", $user_subject);
				$t->set_block("user_message", $user_message);
				$t->parse("user_subject", false);
				$t->parse("user_message", false);

				// prepare email fields
				$mail_from = get_setting_value($forgotten_password, "user_mail_from", $settings["admin_email"]);
				$mail_cc = get_setting_value($forgotten_password, "user_mail_cc");
				$mail_bcc = get_setting_value($forgotten_password, "user_mail_bcc");
				$mail_reply_to = get_setting_value($forgotten_password, "user_mail_reply_to");
				$mail_return_path = get_setting_value($forgotten_password, "user_mail_return_path");
				$mail_type = get_setting_value($forgotten_password, "user_message_type");
				$email_headers = get_email_headers($mail_from, $mail_cc, $mail_bcc, $mail_reply_to, $mail_return_path, $mail_type);

				$user_message = preg_replace("/\r\n|\r|\n/", CRLF, $t->get_var("user_message"));
				mail($email, $t->get_var("user_subject"), $user_message, $email_headers);

				$message_desc = FORGOT_EMAIL_SENT_MSG;
			} else {
				$error_desc = FORGOT_EMAIL_ERROR_MSG;
			}
		} else {
			$error_desc = INVALID_EMAIL_MSG;
		}
	}

	if ($message_desc) {
		$t->set_var("message_desc", $message_desc);
		$t->parse("forgot_message", false);
	}
	if ($error_desc) {
		$t->set_var("email", htmlspecialchars($email));
		$t->set_var("error_desc", $error_desc);
		$t->parse("forgot_error", false);
	} else {
		$t->set_var("email", "");
	}

	include("./header.php");
	include("./footer.php");

	$t->pparse("main");

?>