<?php 
     /**
      * Reset Password
      *
      * Resets the password for GetSimple control panel access
      *
      * @package GetSimple
      * @subpackage Login
      */
     
     # setup inclusions
     $load['plugin'] = true;
     include('inc/common.php');
     
     if(isset($_POST['submitted'])){
     	
     	// check for csrf
     	if (!defined('GSNOCSRF') || (GSNOCSRF == FALSE) ) {
     		$nonce = $_POST['nonce'];
     		if(!check_nonce($nonce, "reset_password")) {
     			die("CSRF detected!");
     		}
     	}
     	
     	if(isset($_POST['username']))	{
     
     		# user filename
     		$file = _id($_POST['username']).'.xml';
     		
     		# get user information from existing XML file
     		if (file_exists(GSUSERSPATH . $file)) {
     			$data = getXML(GSUSERSPATH . $file);
     			$USR = strtolower($data->USR);
     			$EMAIL = $data->EMAIL;
     			
     			if(strtolower($_POST['username']) == $USR) {
     				# create new random password
     				$random = createRandomPassword();
     				
     				# create backup
     				createBak($file, GSUSERSPATH, GSBACKUSERSPATH);
     				
     				# create password change trigger file
     				$flagfile = GSUSERSPATH . _id($USR).".xml.reset";
     				copy(GSUSERSPATH . $file, $flagfile);
     				
     				# resave new user xml file
     				$xml = new SimpleXMLElement('<item></item>');
     				$xml->addChild('USR', $data->USR);
     				$xml->addChild('PWD', passhash($random));
     				$xml->addChild('EMAIL', $data->EMAIL);
     				$xml->addChild('HTMLEDITOR', $data->HTMLEDITOR);
     				$xml->addChild('PRETTYURLS', $data->PRETTYURLS);
     				$xml->addChild('PERMALINK', $data->PERMALINK);
     				$xml->addChild('TIMEZONE', $data->TIMEZONE);
     				$xml->addChild('LANG', $data->LANG);
     				XMLsave($xml, GSUSERSPATH . $file);
     				
     				# send the email with the new password
     				$subject = $site_full_name .' '. i18n_r('RESET_PASSWORD') .' '. i18n_r('ATTEMPT');
     				$message = "<p>". cl($SITENAME) ." ". i18n_r('RESET_PASSWORD') ." ". i18n_r('ATTEMPT').'</p>';
     				$message .= "<p>". i18n_r('LABEL_USERNAME').": <strong>". $USR."</strong>";
     				$message .= "<br>". i18n_r('NEW_PASSWORD').": <strong>". $random."</strong>";
     				$message .= '<br>'. i18n_r('EMAIL_LOGIN') .': <a href="'.$SITEURL . $GSADMIN.'/">'.$SITEURL . $GSADMIN.'/</a></p>';
     				exec_action('resetpw-success');
     				$status = sendmail($EMAIL,$subject,$message);
     				
     				# show the result of the reset attempt
     				redirect("resetpassword.php?upd=pwd-".$status);
     			} else{
     				
     				# username doesnt match listed xml username
     				exec_action('resetpw-error');
     				redirect("resetpassword.php?upd=pwd-error");
     			} 
     		} else {
     			# no user exists for this username, but do not show this to the submitter		
     		}
     	} else {
     		
     		# no username was submitted
     		redirect("resetpassword.php?upd=pwd-error");
     	}
     } 
     
     get_template('header', cl($SITENAME).' » '.i18n_r('RESET_PASSWORD')); 
     
     ?>
     </div>
     </div>
     <div class="wrapper clearfix">
     	
     	<?php include('template/error_checking.php'); ?>
     	
     	<div id="maincontent">
     		<div class="main" >
     		
     		<h3><?php i18n('RESET_PASSWORD'); ?></h3>
     		<p class="desc"><?php i18n('MSG_PLEASE_EMAIL'); ?></p>
     		
     		<form class="login" action="<?php myself(); ?>" method="post" >
     			<input name="nonce" id="nonce" type="hidden" value="<?php echo get_nonce("reset_password");?>"/>
     			<p><b><?php i18n('LABEL_USERNAME'); ?>:</b><br /><input class="text" name="username" type="text" value="" /></p>
     			<p><input class="submit" type="submit" name="submitted" value="<?php echo i18n('SEND_NEW_PWD'); ?>" /></p>
     		</form>
     		<p class="cta" ><b>«</b> <a href="<?php echo $SITEURL; ?>"><?php i18n('BACK_TO_WEBSITE'); ?></a>   |   <a href="index.php"><?php i18n('CONTROL_PANEL'); ?></a> »</p>
     		</div>
     		
     	</div>
     
     <?php get_template('footer'); ?>