setCharset(get_lang('lang_charset')); $errorCount = 0; if(isset($errors)){ unset($errors); } $moduleLink = "index.php?m=lostpwd"; $lang_switch = (isset($_GET['lang']) and $_GET['lang'] != "") ? '&lang='.$_GET['lang'] : ""; echo '

'. get_lang("recover") . '

'; // We either need to show the form or process the email address input if(!isset( $_GET['user_id'] ) AND !isset( $_GET['ch_pass_uid'] )){ if(isset($_POST['email_address'])){ /* Start of Process User Input */ $email_address = trim($_POST['email_address']); if ( empty($email_address) ) { $errorCount++; $errors[] = get_lang('incomplete'); } if (!stristr($email_address,"@") OR !stristr($email_address,".")) { $errorCount++; $errors[] = get_lang('errormail'); } if($errorCount == 0){ // Check to see if email address is in the database $user_info = $db->getUserByEmail($email_address); if ( empty($user_info) ) { $errorCount++; $errors[] = get_lang('errormail'); } // Still no errors? if($errorCount == 0){ $user_id = $user_info['user_id']; $ch_pass_uid = $user_info['users_passwd']; $subject = get_lang('confirm_change_subject'); $s = ( isset($_SERVER['HTTPS']) and get_true_boolean($_SERVER['HTTPS']) ) ? "s" : ""; $recover_link = 'http'.$s.'://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']."&user_id=".$user_id.'&ch_pass_uid='.$ch_pass_uid.''; $message = get_lang_f('confirm_change_password_message',$recover_link); if (mymail($email_address, $subject, $message, $settings) == TRUE) { echo "

".get_lang('confirm_send')."

"; } else { echo "

".get_lang('mail_failed')."

"; } unset($_POST['email_address']); } } }else{ // Show form $showForm = 1; } // Any errors? If so, show the form if($errorCount > 0){ $showForm = 1; } if(isset($showForm) and $showForm == 1){ echo '

'; // Print errors if there are any if(isset($errors) && is_array($errors)){ foreach($errors as $error){ echo ' ' . $error . ' '; } } echo ' ' . get_lang("email") . '

'; } }else if(isset( $_GET['user_id'] ) AND isset( $_GET['ch_pass_uid'] )){ $user_id = trim($_GET['user_id']); $ch_pass_uid = trim($_GET['ch_pass_uid']); $user_info = $db->getUserById($user_id); if ( empty($user_info) ) { print_failure(get_lang('errormail')); echo "

<< ".get_lang('back')."

"; return; } $email_address = $user_info['users_email']; $random_password = makeRandomPassword(); $db_password = md5($random_password); $old_pass_md5_hash = $user_info['users_passwd']; if ( $old_pass_md5_hash != $ch_pass_uid ) { print_failure("Failed to update password for user."); echo "

<< ".get_lang('back')."

"; return; } $random_password = makeRandomPassword(); $db_password = md5($random_password); if ( $db->updateUsersPassword($user_id,$db_password) === FALSE ) { print_failure("Failed to update password for user."); echo "

<< ".get_lang('back')."

"; return; } $subject = get_lang('subject'); $message = get_lang_f('password_message',$random_password); if (mymail($email_address, $subject, $message, $settings) == TRUE) { echo "

".get_lang('send')."

"; } else { echo "

".get_lang('mail_failed')."

"; } echo "

".get_lang('click')." ".get_lang('here')." ".get_lang('to_login')."

"; }else{ print_failure("Security alert."); } } ?>