$version, 'showform' => true); $opId = verifyparam("id", "/^\d{1,10}$/"); $token = verifyparam("token", "/^[\dabcdef]+$/"); $operator = operator_by_id($opId); if (!$operator) { $errors[] = "No such operator"; $page['showform'] = false; } else if ($token != $operator['vcrestoretoken']) { $errors[] = "Wrong token"; $page['showform'] = false; } if (count($errors) == 0 && isset($_POST['password'])) { $password = getparam('password'); $passwordConfirm = getparam('passwordConfirm'); if (!$password) $errors[] = no_field("form.field.password"); if ($password != $passwordConfirm) $errors[] = getlocal("my_settings.error.password_match"); if (count($errors) == 0) { $page['isdone'] = true; $link = connect(); $query = "update ${mysqlprefix}chatoperator set vcpassword = '" . mysql_real_escape_string(calculate_password_hash($operator['vclogin'], $password), $link) . "', vcrestoretoken = '' where operatorid = " . intval($opId); perform_query($query, $link); mysql_close($link); $page['loginname'] = $operator['vclogin']; start_html_output(); require('../view/resetpwd.php'); exit; } } $page['id'] = $opId; $page['token'] = $token; $page['isdone'] = false; start_html_output(); require('../view/resetpwd.php'); ?>