Revision 322
Added by stefan about 18 years ago
| forgot_form.php | ||
|---|---|---|
| 40 | 40 |
$query = "SELECT user_id,username,display_name,email,last_reset,password FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($_POST['email'])."'"; |
| 41 | 41 |
$results = $database->query($query); |
| 42 | 42 |
if($results->numRows() > 0) {
|
| 43 |
// Get the id, username, and email from the above db query |
|
| 43 |
|
|
| 44 |
// Get the id, username, email, and last_reset from the above db query |
|
| 44 | 45 |
$results_array = $results->fetchRow(); |
| 45 | 46 |
|
| 46 | 47 |
// Check if the password has been reset in the last 2 hours |
| ... | ... | |
| 54 | 55 |
|
| 55 | 56 |
} else {
|
| 56 | 57 |
|
| 58 |
$old_pass = $results_array['password']; |
|
| 59 |
|
|
| 57 | 60 |
// Generate a random password then update the database with it |
| 58 | 61 |
$new_pass = ''; |
| 59 | 62 |
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
| ... | ... | |
| 65 | 68 |
$new_pass = $new_pass . $tmp; |
| 66 | 69 |
$i++; |
| 67 | 70 |
} |
| 68 |
$old_pass = $results_array['password']; |
|
| 69 |
$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".md5($new_pass)."' WHERE user_id = '".$results_array['user_id']."'");
|
|
| 71 |
$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".md5($new_pass)."', last_reset = '".mktime()."' WHERE user_id = '".$results_array['user_id']."'");
|
|
| 70 | 72 |
|
| 71 | 73 |
if($database->is_error()) {
|
| 72 | 74 |
// Error updating database |
| ... | ... | |
| 87 | 89 |
|
| 88 | 90 |
If you have received this message in error, please delete it immediatly.'; |
| 89 | 91 |
// Try sending the email |
| 90 |
if($wb->mail('',$mail_to,$mail_subject,$mail_message)) {
|
|
| 92 |
if($wb->mail('From: '.SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) {
|
|
| 91 | 93 |
$message = $MESSAGE['FORGOT_PASS']['PASSWORD_RESET']; |
| 92 | 94 |
$display_form = false; |
| 93 | 95 |
} else {
|
| 94 |
$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'");
|
|
| 96 |
$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'");
|
|
| 95 | 97 |
$message = $MESSAGE['FORGOT_PASS']['CANNOT_EMAIL']; |
| 96 | 98 |
} |
| 97 | 99 |
} |
| 98 |
} |
|
| 100 |
|
|
| 101 |
} |
|
| 102 |
|
|
| 99 | 103 |
} else {
|
| 100 | 104 |
// Email doesn't exist, so tell the user |
| 101 | 105 |
$message = $MESSAGE['FORGOT_PASS']['EMAIL_NOT_FOUND']; |
Also available in: Unified diff
Ticket #137 - Last Reset timer not reset in frontend forgotten password process