Revision 293
Added by stefan over 18 years ago
| index.php | ||
|---|---|---|
| 43 | 43 |
$email = $_POST['email']; |
| 44 | 44 |
|
| 45 | 45 |
// Check if the email exists in the database |
| 46 |
$query = "SELECT user_id,username,display_name,email,last_reset FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'"; |
|
| 46 |
$query = "SELECT user_id,username,display_name,email,last_reset,password FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'";
|
|
| 47 | 47 |
$results = $database->query($query); |
| 48 | 48 |
if($results->numRows() > 0) {
|
| 49 | 49 |
|
| ... | ... | |
| 61 | 61 |
|
| 62 | 62 |
} else {
|
| 63 | 63 |
|
| 64 |
$old_pass = $results_array['password']; |
|
| 65 |
|
|
| 64 | 66 |
// Generate a random password then update the database with it |
| 65 | 67 |
$new_pass = ''; |
| 66 | 68 |
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
| ... | ... | |
| 98 | 100 |
$message = $MESSAGE['FORGOT_PASS']['PASSWORD_RESET']; |
| 99 | 101 |
$display_form = false; |
| 100 | 102 |
} else {
|
| 103 |
$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'");
|
|
| 101 | 104 |
$message = $MESSAGE['FORGOT_PASS']['CANNOT_EMAIL']; |
| 102 | 105 |
} |
| 103 | 106 |
} |
Also available in: Unified diff
Forgotten password: if sending of e-mail fails, restore old password. Ticket #110