recover_id_by_email.php

   1 <?php
   2
   3 require('includes/header.php');
   4 $page_title = 'Recover ID by e-mail';
   5 $onload_javascript = 'focusId(\'e-mail\');';
   6
   7 if( ! empty($_POST['e-mail']))
   8 {
   9         // Validate e-mail address.
  10         if ( ! filter_var($_POST['e-mail'], FILTER_VALIDATE_EMAIL))
  11         {
  12                 add_error('That doesn\'t look like a valid e-mail address.');
  13         }
  14         // Deny flooders (hack; should be done from the database for security).
  15         if($_SESSION['recovery_email_count'] > 4)
  16         {
  17                 add_error('How many times do you need to recover your password in one day?');
  18         }
  19
  20
  21         $stmt = $link->prepare('SELECT user_settings.uid, users.password FROM user_settings INNER JOIN users ON user_settings.uid = users.uid WHERE user_settings.email = ? LIMIT 50');
  22         $stmt->bind_param('s', $_POST['e-mail']);
  23         $stmt->execute();
  24         $stmt->bind_result($uid, $password);
  25
  26         $ids_for_email = array();
  27         while($stmt->fetch())
  28         {
  29                 $ids_for_email[$uid] = $password;
  30         }
  31         $stmt->close();
  32
  33         if(empty($ids_for_email))
  34         {
  35                 add_error('There are no IDs associated with that e-mail.');
  36         }
  37
  38         if( ! $erred)
  39         {
  40                 $num_ids = count($ids_for_email);
  41                 if($num_ids == 1)
  42                 {
  43                         $email_body = 'Your ID is ' . key($ids_for_email) . ' and your password is ' . current($ids_for_email) . '. To restore your ID, follow this link: ' . DOMAIN . 'restore_ID/' . key($ids_for_email) . '/' . current($ids_for_email);
  44                 }
  45                 else
  46                 {
  47                         $email_body = 'The following IDs are associated with your e-mail address:' . "\n\n";
  48                         foreach($ids_for_email as $id => $password)
  49                         {
  50                                 $email_body .= 'ID: ' . $id . "\n" . 'Password: ' . $password . "\n" . 'Link to restore: ' . DOMAIN . 'restore_ID/' . $id . '/' . $password . "\n\n";
  51                         }
  52                 }
  53
  54                 mail($_POST['e-mail'], SITE_TITLE . ' ID recovery', $email_body, 'From: ' . SITE_TITLE . '<' . MAILER_ADDRESS . '>');
  55
  56                 $_SESSION['recovery_email_count']++;
  57                 redirect('ID recovery e-mail sent.', '');
  58         }
  59 }
  60
  61 print_errors();
  62
  63 ?>
  64
  65 <p>If your ID has an e-mail address associated with it (as set in the <a href="/dashboard">dashboard</a>), this tool can be used to recover its password. You will be sent a recovery link for every ID associated with your e-mail address.</p>
  66
  67 <form action="" method="post">
  68         <div class="row">
  69                 <label for="e-mail">Your e-mail address</label>
  70                 <input type="text" id="e-mail" name="e-mail" size="30" maxlength="100" />
  71         </div>
  72
  73         <div class="row">
  74                 <input type="submit" value="Send recovery e-mail" />
  75         </div>
  76 </form>
  77
  78 <?php
  79
  80 require('includes/footer.php');
  81
  82 ?>