escapeString($_POST['email']).'\''; $oRes = $database->query($query); if($oRes->numRows() > 0) { // Get the id, username, email, and last_reset from the above db query $results_array = $oRes->fetchRow(MYSQLI_ASSOC); // Check if the password has been reset in the last 2 hours $last_reset = $results_array['last_reset']; $time_diff = time()-$last_reset; // Time since last reset in seconds $time_diff = $time_diff/60/60; // Time since last reset in hours if($time_diff < 2) { // Tell the user that their password cannot be reset more than once per hour $message = $MESSAGE['FORGOT_PASS_ALREADY_RESET']; } else { $old_pass = $results_array['password']; // Generate a random password then update the database with it $new_pass = ''; $salt = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double)microtime()*1000000); $i = 0; while ($i <= 7) { $num = rand() % 33; $tmp = substr($salt, $num, 1); $new_pass = $new_pass . $tmp; $i++; } $sql = 'UPDATE `'.TABLE_PREFIX.'users` SET ' . '`password` = \''.$database->escapeString(md5($new_pass)).'\', ' . '`last_reset` = '.time().' ' . 'WHERE `user_id` = '.$results_array['user_id'].''; $database->query($sql); if($database->is_error()) { // Error updating database $message = $database->get_error(); } else { // Setup email to send $mail_to = $email; $mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO']; // Replace placeholders from language variable with values $search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}'); $replace = array($results_array['display_name'], WEBSITE_TITLE, 'xxxxxxxxxx', $new_pass); $mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_FORGOT']); // Try sending the email if($admin->mail( SERVER_EMAIL, $mail_to, $mail_subject, $mail_message )) { $message = $MESSAGE['FORGOT_PASS_PASSWORD_RESET']; $display_form = false; } else { $sql = 'UPDATE `'.TABLE_PREFIX.'users` SET ' . '`password` = \''.$database->escapeString($old_pass).'\' ' . 'WHERE `user_id` = '.$results_array['user_id'].''; // $database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'"); $database->query($sql); $message = $MESSAGE['FORGOT_PASS_CANNOT_EMAIL']; } } } } else { // Email doesn't exist, so tell the user $message = $MESSAGE['FORGOT_PASS_EMAIL_NOT_FOUND']; // and delete the wrong Email $email = ''; } } else { $email = ''; } if(!isset($message)) { $message = $MESSAGE['FORGOT_PASS_NO_DATA']; $message_color = '000000'; } else { $message_color = 'FF0000'; } // Setup template object, parse vars to it, then parse it // Create new template object $template = new Template(dirname($admin->correct_theme_source('login_forgot.htt'))); $template->set_file('page', 'login_forgot.htt'); $template->set_block('page', 'main_block', 'main'); if(defined('FRONTEND')) { $template->set_var('ACTION_URL', 'forgot.php'); } else { $template->set_var('ACTION_URL', 'index.php'); } $template->set_var('EMAIL', $email); if(isset($display_form)) { $template->set_var('DISPLAY_FORM', 'display:none;'); } $template->set_var(array( 'SECTION_FORGOT' => $MENU['FORGOT'], 'MESSAGE_COLOR' => $message_color, 'MESSAGE' => $message, 'WB_URL' => WB_URL, 'ADMIN_URL' => ADMIN_URL, 'THEME_URL' => THEME_URL, 'LANGUAGE' => strtolower(LANGUAGE), 'TEXT_EMAIL' => $TEXT['EMAIL'], 'TEXT_SEND_DETAILS' => $TEXT['SEND_DETAILS'], 'TEXT_HOME' => $TEXT['HOME'], 'TEXT_NEED_TO_LOGIN' => $TEXT['NEED_TO_LOGIN'], 'TEXT_SAVE' => $TEXT['SAVE'], 'TEXT_RESET' => $TEXT['RESET'], ) ); if(defined('FRONTEND')) { $template->set_var('LOGIN_URL', WB_URL.'/account/login.php'); } else { $template->set_var('LOGIN_URL', ADMIN_URL.'/login/index.php'); } $template->set_var('INTERFACE_URL', ADMIN_URL.'/interface'); if(defined('DEFAULT_CHARSET')) { $charset=DEFAULT_CHARSET; } else { $charset='utf-8'; } $template->set_var('CHARSET', $charset); $template->parse('main', 'main_block', false); $template->pparse('output', 'page');