Project

General

Profile

« Previous | Next » 

Revision 322

Added by stefan over 18 years ago

Ticket #137 - Last Reset timer not reset in frontend forgotten password process

View differences:

trunk/wb/account/forgot_form.php
40 40 
	$query = "SELECT user_id,username,display_name,email,last_reset,password FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($_POST['email'])."'";
41 41 
	$results = $database->query($query);
42 42 
	if($results->numRows() > 0) {
43 
		// Get the id, username, and email from the above db query
43
44 
		// Get the id, username, email, and last_reset from the above db query
44 45 
		$results_array = $results->fetchRow();
45 46
46 47 
		// Check if the password has been reset in the last 2 hours
......
54 55
55 56 
		} else {
56 57
58 
			$old_pass = $results_array['password'];
59 

  		




  57
  60
  
    
			// Generate a random password then update the database with it


  		




  58
  61
  
    
			$new_pass = '';


  		




  59
  62
  
    
			$salt = "abchefghjkmnpqrstuvwxyz0123456789";


  		




  ......




  65
  68
  
    
				$new_pass = $new_pass . $tmp;


  		




  66
  69
  
    
				$i++;


  		




  67
  70
  
    
			}


  		




  68
  
  
    
			$old_pass = $results_array['password'];


  		




  69
  
  
    
			$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".md5($new_pass)."' WHERE user_id = '".$results_array['user_id']."'");


  		




  
  71
  
    
			$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".md5($new_pass)."', last_reset = '".mktime()."' WHERE user_id = '".$results_array['user_id']."'");


  		




  70
  72
  
    
			


  		




  71
  73
  
    
			if($database->is_error()) {


  		




  72
  74
  
    
				// Error updating database


  		




  ......




  87
  89
  
    

  		




  88
  90
  
    
If you have received this message in error, please delete it immediatly.';


  		




  89
  91
  
    
				// Try sending the email


  		




  90
  
  
    
				if($wb->mail('',$mail_to,$mail_subject,$mail_message)) { 


  		




  
  92
  
    
				if($wb->mail('From: '.SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) { 


  		




  91
  93
  
    
					$message = $MESSAGE['FORGOT_PASS']['PASSWORD_RESET'];


  		




  92
  94
  
    
					$display_form = false;


  		




  93
  95
  
    
				} else {


  		




  94
  
  
    
  					$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'");


  		




  
  96
  
    
					$database->query("UPDATE ".TABLE_PREFIX."users SET password = '".$old_pass."' WHERE user_id = '".$results_array['user_id']."'");


  		




  95
  97
  
    
					$message = $MESSAGE['FORGOT_PASS']['CANNOT_EMAIL'];


  		




  96
  98
  
    
				}


  		




  97
  99
  
    
			}


  		




  98
  
  
    
		}	


  		




  
  100
  
    
		


  		




  
  101
  
    
		}


  		




  
  102
  
    

  		




  99
  103
  
    
	} else {


  		




  100
  104
  
    
		// Email doesn't exist, so tell the user


  		




  101
  105
  
    
		$message = $MESSAGE['FORGOT_PASS']['EMAIL_NOT_FOUND'];


  		












Also available in:  Unified diff