Revision 293
Added by stefan over 18 years ago
index.php | ||
---|---|---|
43 | 43 |
$email = $_POST['email']; |
44 | 44 |
|
45 | 45 |
// Check if the email exists in the database |
46 |
$query = "SELECT user_id,username,display_name,email,last_reset FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'"; |
|
46 |
$query = "SELECT user_id,username,display_name,email,last_reset,password FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'";
|
|
47 | 47 |
$results = $database->query($query); |
48 | 48 |
if($results->numRows() > 0) { |
49 | 49 |
|
... | ... | |
61 | 61 |
|
62 | 62 |
} else { |
63 | 63 |
|
64 |
$old_pass = $results_array['password']; |
|
65 |
|
|
64 | 66 |
// Generate a random password then update the database with it |
65 | 67 |
$new_pass = ''; |
66 | 68 |
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
... | ... | |
98 | 100 |
$message = $MESSAGE['FORGOT_PASS']['PASSWORD_RESET']; |
99 | 101 |
$display_form = false; |
100 | 102 |
} else { |
103 |
$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'"); |
|
101 | 104 |
$message = $MESSAGE['FORGOT_PASS']['CANNOT_EMAIL']; |
102 | 105 |
} |
103 | 106 |
} |
Also available in: Unified diff
Forgotten password: if sending of e-mail fails, restore old password. Ticket #110