Revision 293
Added by stefan over 18 years ago
| trunk/wb/admin/login/forgot/index.php | ||
|---|---|---|
| 43 | 43 |
$email = $_POST['email']; |
| 44 | 44 |
|
| 45 | 45 |
// Check if the email exists in the database |
| 46 |
$query = "SELECT user_id,username,display_name,email,last_reset FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'"; |
|
| 46 |
$query = "SELECT user_id,username,display_name,email,last_reset,password FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'";
|
|
| 47 | 47 |
$results = $database->query($query); |
| 48 | 48 |
if($results->numRows() > 0) {
|
| 49 | 49 |
|
| ... | ... | |
| 61 | 61 |
|
| 62 | 62 |
} else {
|
| 63 | 63 |
|
| 64 |
$old_pass = $results_array['password']; |
|
| 65 |
|
|
| 64 | 66 |
// Generate a random password then update the database with it |
| 65 | 67 |
$new_pass = ''; |
| 66 | 68 |
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
| ... | ... | |
| 98 | 100 |
$message = $MESSAGE['FORGOT_PASS']['PASSWORD_RESET']; |
| 99 | 101 |
$display_form = false; |
| 100 | 102 |
} else {
|
| 103 |
$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'");
|
|
| 101 | 104 |
$message = $MESSAGE['FORGOT_PASS']['CANNOT_EMAIL']; |
| 102 | 105 |
} |
| 103 | 106 |
} |
| trunk/wb/account/forgot_form.php | ||
|---|---|---|
| 37 | 37 |
$email = $_POST['email']; |
| 38 | 38 |
|
| 39 | 39 |
// Check if the email exists in the database |
| 40 |
$query = "SELECT user_id,username,display_name,email,last_reset FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($_POST['email'])."'"; |
|
| 40 |
$query = "SELECT user_id,username,display_name,email,last_reset,password FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($_POST['email'])."'";
|
|
| 41 | 41 |
$results = $database->query($query); |
| 42 | 42 |
if($results->numRows() > 0) {
|
| 43 | 43 |
// Get the id, username, and email from the above db query |
| ... | ... | |
| 65 | 65 |
$new_pass = $new_pass . $tmp; |
| 66 | 66 |
$i++; |
| 67 | 67 |
} |
| 68 |
|
|
| 68 |
$old_pass = $results_array['password']; |
|
| 69 | 69 |
$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".md5($new_pass)."' WHERE user_id = '".$results_array['user_id']."'");
|
| 70 | 70 |
|
| 71 | 71 |
if($database->is_error()) {
|
| ... | ... | |
| 91 | 91 |
$message = $MESSAGE['FORGOT_PASS']['PASSWORD_RESET']; |
| 92 | 92 |
$display_form = false; |
| 93 | 93 |
} else {
|
| 94 |
$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'");
|
|
| 94 | 95 |
$message = $MESSAGE['FORGOT_PASS']['CANNOT_EMAIL']; |
| 95 | 96 |
} |
| 96 | 97 |
} |
Also available in: Unified diff
Forgotten password: if sending of e-mail fails, restore old password. Ticket #110