} else {
// Check if the email exists in the database
$sql = 'SELECT `user_id`,`username`,`display_name`,`email`,`last_reset`,`password` ' . 'FROM `' . TABLE_PREFIX . 'users` ' . 'WHERE `email`=\'' . $wb->add_slashes($_POST['email']) . '\'';
if ($results = $database->query($sql)) {
if ($results_array = $results->fetchRow()) {
// Get the id, username, email, and last_reset from the above db query
// Check if the password has been reset in the last 2 hours
if (time() - (int) $results_array['last_reset'] < 2 * 3600) {
// Tell the user that their password cannot be reset more than once per hour
$errMsg = $MESSAGE['FORGOT_PASS_ALREADY_RESET'];
} else {
require_once WB_PATH . '/framework/PasswordHash.php';
$pwh = new PasswordHash(0, true);
$old_pass = $results_array['password'];
// Generate a random password then update the database with it
$new_pass = $pwh->NewPassword();
$sql = 'UPDATE `' . TABLE_PREFIX . 'users` SET ' . '`password`=\'' . $database->escapeString($pwh->HashPassword($new_pass, true)) . '\', ' . '`last_reset`=' . time() . ' ' . 'WHERE `user_id`=' . (int) $results_array['user_id'];
unset($pwh);
// destroy $pwh-Object
if ($database->query($sql)) {
// Setup email to send
$mail_to = $email;
$mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO'];
// Replace placeholders from language variable with values
$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
$replace = array($results_array['display_name'], WEBSITE_TITLE, $results_array['username'], $new_pass);
$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_FORGOT']);
// Try sending the email
if ($wb->mail(SERVER_EMAIL, $mail_to, $mail_subject, $mail_message)) {
$message = $MESSAGE['FORGOT_PASS_PASSWORD_RESET'];
$display_form = false;
