<?php

// =====================================================================
//	GET
// =====================================================================
if( ($url['id_user']===null) || ($url['other']===null) )
{
	$_DB_USERS->set_blacklist();
	exit('Nibbleblog security error');
}

require_once(FILE_SHADOW);

if( !isset($_USER[$url['id_user']]) )
{
	$_DB_USERS->set_blacklist();
	exit('Nibbleblog security error');
}

require_once(FILE_KEYS);

$hash = Crypt::get_hash($_USER[$url['id_user']]['salt'].$_KEYS[2]);

if( $hash!==$url['other'] )
{
	$_DB_USERS->set_blacklist();
	exit('Nibbleblog security error - Invalid hash');
}

$Login->set_login( array('id_user'=>$url['id_user'], 'username'=>$_USER[$url['id_user']]['username']) );

// =====================================================================
//	POST
// =====================================================================
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
	$new_salt = Text::random_text(11);
	$new_hash = Crypt::get_hash($_POST['pw_new'],$new_salt);
	$text = '<?php $_USER[0]["uid"] = "0"; $_USER[0]["username"] = "'.$_USER[0]['username'].'"; $_USER[0]["password"] = "'.$new_hash.'"; $_USER[0]["salt"] = "'.$new_salt.'"; $_USER[0]["email"] = "'.$_USER[0]['email'].'"; ?>';

	$file = fopen(FILE_SHADOW, 'w');
	fputs($file, $text);
	fclose($file);

	Session::set_alert($_LANG['PASSWORD_HAS_BEEN_CHANGED_SUCCESSFULLY']);

	// Redirect to Dashboard
	Redirect::controller('admin','dashboard','view');
}

?>