dvm/praxisstelle/resetpassword.php

<?php
header("Expires: Mon, 12 Jul 1995 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H.i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
$verz = "upload/"; // relatives Uploadverzeichnis (relativ zum 'Spassworddort' dieser Datei, wohin die Dateien kopiert werden sollen

## INDEX gegen DB
session_start();

include_once '../classes/TestProjektSmarty.class_subdir.php';
require_once("../config.inc.php");
require_once("../config/datenbankanbindung.php");
require_once("../func_get_parameter.php");
require_once("../config/func_cryption.php");
$smarty       = new SmartyAdmin();
$templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html";
require_once "../language/german.inc.php";


$action = $_GET['action'];
if ($action == '') {
  $mail = cryption($_GET["confirmationCode"], 'd');
  
  #Code prüfen
  $result = $db->query("SELECT count(*) Anz
                          FROM dvm_dienststellen
                         WHERE mail = '$mail'
                           AND mail_reset > DATE_SUB(now(), INTERVAL 24 HOUR)
                           AND mail_reset != '0000-00-00 00:00:00'
                        ");
  $row    = $result->fetch_array();

    if ($row['Anz'] == 0) {
      $smarty->assign('index_error', 1);
      $smarty->assign('index_error_text', "Der Link ist ungültig");
    }
   $_SESSION["reset_mail"] = $mail;
   $_SESSION["reset_cfCode"] = $_GET["confirmationCode"];
   
  if (isset($_GET['error'])) {
    
    $errorno = $_GET['error'];
    
    $smarty->assign('index_error', 1);
   
    
    if ($errorno == 1) {
      # ungültiges Datum
      $smarty->assign('index_error_text', "Es müssen alle Felder ausgefüllt werden!");
    }
    if ($errorno == 2) {
      # ungültiges Datum
      $smarty->assign('index_error_text', "Das eingegebene Passwort stimmt nicht mit der Passwortwiederholung überein!");
    }
    
  }

}

if ($action == 'pwback') {
  $pwd        = $_POST['resetpwd'];
  $pwd_wied   = $_POST['resetpwd_wied'];
  $mail       = $_SESSION["reset_mail"];
  $cfCode     = urlencode($_SESSION["reset_cfCode"]);
  
  if($pwd == '' or $pwd_wied == ''){
    echo "<meta http-equiv=\"refresh\" content=\"0; URL=" . $_SERVER['PHP_SELF'] . "?&error=1&confirmationCode=$cfCode\">";
    exit;    
  }


  if($pwd != $pwd_wied){
    echo "<meta http-equiv=\"refresh\" content=\"0; URL=" . $_SERVER['PHP_SELF'] . "?error=2confirmationCode=$cfCode\">";
    exit;    
  }

  $pwd_md5 = md5($pwd);
  $result = $db->query("UPDATE dvm_dienststellen 
                           SET pwd = '$pwd_md5'
                              ,mail_reset = '0000-00-00 00:00:00'
                        WHERE mail = '$mail'
                       ");
}



$smarty->assign('action', "$action");
$smarty->display("$template/praxisstelle/$templatename");
?>