forgot_password.php

完善的PHP/MySQL电子商务方案

<?
/* forgot_password.php (c) 2000 Ying Zhang (ying@zippydesign.com)
 *
 * TERMS OF USAGE:
 * This file was written and developed by Ying Zhang (ying@zippydesign.com)
 * for educational and demonstration purposes only.  You are hereby granted the
 * rights to use, modify, and redistribute this file as you like.  The only
 * requirement is that you must retain this notice, without modifications, at
 * the top of your source code.  No warranties or guarantees are expressed or
 * implied. DO NOT use this code in a production environment without
 * understanding the limitations and weaknesses pretaining to or caused by the
 * use of these scripts, directly or indirectly. USE AT YOUR OWN RISK!
 */

/******************************************************************************
 * MAIN
 *****************************************************************************/

include("../application.php");

/* form has been submitted, check if it the user login information is correct */
if (match_referer() && isset($HTTP_POST_VARS)) {
	$frm = $HTTP_POST_VARS;
	$errormsg = validate_form($frm, $errors);

	if (empty($errormsg)) {
		$username = get_username($HTTP_POST_VARS["email"]);
		reset_user_password($username);

		$DOC_TITLE = "MyMarket Password Recovery";
		include("$CFG->templatedir/header.php");
		include("templates/forgot_password_success.php");
		include("$CFG->templatedir/footer.php");
		die;
	}
}

include("templates/forgot_password_form.php");

/******************************************************************************
 * FUNCTIONS
 *****************************************************************************/

function validate_form(&$frm, &$errors) {
/* validate the forgot password form, and return the error messages in a string.
 * if the string is empty, then there are no errors */

	$errors = new Object;
	$msg = "";

	if (empty($frm["email"])) {
		$errors->email = true;
		$msg .= "You did not specify your email address";

	} elseif (! email_exists($frm["email"])) {
		$errors->email = true;
		$msg .= "The specified email address is not on file";
	}

	return $msg;
}

function get_username($email) {
/* get the username based on an email address */

	$qid = db_query("SELECT username FROM users WHERE email = '$email'");
	$user = db_fetch_object($qid);

	return $user->username;
}

?>