add_slashes($_POST['email'])."'"; $results = $database->query($query); if($results->numRows() > 0) { // Get the id, username, email, and last_reset from the above db query $results_array = $results->fetchRow(); // Check if the password has been reset in the last 2 hours $last_reset = $results_array['last_reset']; $time_diff = time()-$last_reset; // Time since last reset in seconds $time_diff = $time_diff/60/60; // Time since last reset in hours if($time_diff < 2) { // Tell the user that their password cannot be reset more than once per hour $message = $MESSAGE['FORGOT_PASS']['ALREADY_RESET']; } else { $old_pass = $results_array['password']; // Generate a random password then update the database with it $new_pass = ''; $salt = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double)microtime()*1000000); $i = 0; while ($i <= 7) { $num = rand() % 33; $tmp = substr($salt, $num, 1); $new_pass = $new_pass . $tmp; $i++; } $database->query("UPDATE ".TABLE_PREFIX."users SET password = '".md5($new_pass)."', last_reset = '".time()."' WHERE user_id = '".$results_array['user_id']."'"); if($database->is_error()) { // Error updating database $message = $database->get_error(); } else { // Setup email to send $mail_to = $email; $mail_subject = $MESSAGE['SIGNUP2']['SUBJECT_LOGIN_INFO']; // Replace placeholders from language variable with values $search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}'); $replace = array($results_array['display_name'], WEBSITE_TITLE, $results_array['username'], $new_pass); $mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2']['BODY_LOGIN_INFO']); // Try sending the email if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) { $message = $MESSAGE['FORGOT_PASS']['PASSWORD_RESET']; $display_form = false; } else { $database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'"); $message = $MESSAGE['FORGOT_PASS']['CANNOT_EMAIL']; } } } } else { // Email doesn't exist, so tell the user $message = $MESSAGE['FORGOT_PASS']['EMAIL_NOT_FOUND']; } } else { $email = ''; } if(!isset($message)) { $message = $MESSAGE['FORGOT_PASS']['NO_DATA']; $message_color = '000000'; } else { $message_color = 'FF0000'; } ?>

: