<?php echo $company_name; ?>

SMTPDebug = false; // No debug output as client facing $mail->isSMTP(); // Set mailer to use SMTP $mail->Host = $config_smtp_host; // Specify main and backup SMTP servers $mail->SMTPAuth = true; // Enable SMTP authentication $mail->Username = $config_smtp_username; // SMTP username $mail->Password = $config_smtp_password; // SMTP password $mail->SMTPSecure = $config_smtp_encryption; // Enable TLS encryption, `ssl` also accepted $mail->Port = $config_smtp_port; // TCP port to connect to //Recipients $mail->setFrom($config_mail_from_email, $config_mail_from_name); $mail->addAddress("$email", "$name"); // Add user as recipient // Content $mail->isHTML(true); // Set email format to HTML $mail->Subject = "Password reset for $company_name ITFlow Portal"; $mail->Body = "Hello, $name

Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal.

Please click here to reset your password.

Alternatively, copy and paste this URL into your browser: $url

If you didn't request this change, you can safely ignore this email.

~
$company_name
Support Department
$config_mail_from_email"; $mail->send(); } catch(Exception $e){ echo "Message could not be sent. Please contact $company_name."; mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'FAILED to send a portal password reset e-mail for $email due to PHP Mailer error.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company"); exit(); } //End Mail IF Try-Catch } else { sleep(rand(2, 4)); // Mimic the e-mail send delay even if email is invalid to help prevent user enumeration } $_SESSION['login_message'] = "If your account exists, a reset link is on it's way!"; /* * Do password reset */ } elseif(isset($_POST['password_reset_set_password'])){ if(!isset($_POST['new_password']) || !isset($_POST['email']) || !isset($_POST['token']) || !isset($_POST['client'])) { $_SESSION['login_message'] = WORDING_ERROR; } $token = strip_tags(mysqli_real_escape_string($mysqli, $_POST['token'])); $email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email'])); $client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_POST['client']))); // Query user $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client AND contact_auth_method = 'local' LIMIT 1"); $contact_row = mysqli_fetch_array($sql); $contact_id = $contact_row['contact_id']; $name = $contact_row['contact_name']; $company = $contact_row['company_id']; // Ensure the token is correct if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) { // Set password, invalidate token, logging $password = mysqli_real_escape_string($mysqli, password_hash($_POST['new_password'], PASSWORD_DEFAULT)); mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company"); // Send confirmation email $mail = new PHPMailer(true); try{ //Mail Server Settings $mail->SMTPDebug = false; // No debug output as client facing $mail->isSMTP(); // Set mailer to use SMTP $mail->Host = $config_smtp_host; // Specify main and backup SMTP servers $mail->SMTPAuth = true; // Enable SMTP authentication $mail->Username = $config_smtp_username; // SMTP username $mail->Password = $config_smtp_password; // SMTP password $mail->SMTPSecure = $config_smtp_encryption; // Enable TLS encryption, `ssl` also accepted $mail->Port = $config_smtp_port; // TCP port to connect to //Recipients $mail->setFrom($config_mail_from_email, $config_mail_from_name); $mail->addAddress("$email", "$name"); // Add user as recipient // Content $mail->isHTML(true); // Set email format to HTML $mail->Subject = "Password reset confirmation for $company_name ITFlow Portal"; $mail->Body = "Hello, $name

Your password for your account on $company_name's ITFlow Client Portal was successfully reset. You should be all set!

If you didn't reset your password, please get in touch ASAP.

~
$company_name
Support Department
$config_mail_from_email"; $mail->send(); } catch(Exception $e){ echo "Message could not be sent. Please contact $company_name."; mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'FAILED to send a password reset e-mail for $email due to PHP Mailer error.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company"); exit(); } //End Mail IF Try-Catch // Redirect to login page $_SESSION['login_message'] = "Password reset successfully!"; header("Location: login.php"); exit(); } else { $_SESSION['login_message'] = WORDING_ERROR; } } } ?> <?php echo $company_name; ?> | Password Reset

Back to login