Index: trunk/wb/admin/login/forgot/index.php
===================================================================
--- trunk/wb/admin/login/forgot/index.php	(revision 292)
+++ trunk/wb/admin/login/forgot/index.php	(revision 293)
@@ -43,7 +43,7 @@
 	$email = $_POST['email'];
 	
 	// Check if the email exists in the database
-	$query = "SELECT user_id,username,display_name,email,last_reset FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'";
+	$query = "SELECT user_id,username,display_name,email,last_reset,password FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'";
 	$results = $database->query($query);
 	if($results->numRows() > 0) {
 
@@ -61,6 +61,8 @@
 			
 		} else {
 			
+			$old_pass = $results_array['password'];
+			
 			// Generate a random password then update the database with it
 			$new_pass = '';
 			$salt = "abchefghjkmnpqrstuvwxyz0123456789";
@@ -98,6 +100,7 @@
 					$message = $MESSAGE['FORGOT_PASS']['PASSWORD_RESET'];
 					$display_form = false;
 				} else {
+					$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'");
 					$message = $MESSAGE['FORGOT_PASS']['CANNOT_EMAIL'];
 				}
 			}
Index: trunk/wb/account/forgot_form.php
===================================================================
--- trunk/wb/account/forgot_form.php	(revision 292)
+++ trunk/wb/account/forgot_form.php	(revision 293)
@@ -37,7 +37,7 @@
 	$email = $_POST['email'];
 	
 	// Check if the email exists in the database
-	$query = "SELECT user_id,username,display_name,email,last_reset FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($_POST['email'])."'";
+	$query = "SELECT user_id,username,display_name,email,last_reset,password FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($_POST['email'])."'";
 	$results = $database->query($query);
 	if($results->numRows() > 0) {
 		// Get the id, username, and email from the above db query
@@ -65,7 +65,7 @@
 				$new_pass = $new_pass . $tmp;
 				$i++;
 			}
-			
+			$old_pass = $results_array['password'];
 			$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".md5($new_pass)."' WHERE user_id = '".$results_array['user_id']."'");
 			
 			if($database->is_error()) {
@@ -91,6 +91,7 @@
 					$message = $MESSAGE['FORGOT_PASS']['PASSWORD_RESET'];
 					$display_form = false;
 				} else {
+  					$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'");
 					$message = $MESSAGE['FORGOT_PASS']['CANNOT_EMAIL'];
 				}
 			}