public static function forgotPW($account_name, $account_email)
{
$account_name = mysql_real_escape_string($account_name);
$account_email = mysql_real_escape_string($account_email);
if (empty($account_name) || empty($account_email)) {
echo '<b class="red_text">Please enter both fields.</b>';
} else {
connect::selectDB('logondb');
$result = mysql_query("SELECT COUNT('id') FROM account\r\n\t\t\t\t\t\t\t\t WHERE username='******' AND email='" . $account_email . "'");
if (mysql_result($result, 0) == 0) {
echo '<b class="red_text">The username or email is incorrect.</b>';
} else {
//Success, lets send an email & add the forgotpw thingy.
$code = RandomString();
$emailSent = website::sendEmail($account_email, $GLOBALS['default_email'], 'Forgot Password', "\r\n\t\t\t\tHello there. <br/><br/>\r\n\t\t\t\tA password reset has been requested for the account " . $account_name . " <br/>\r\n\t\t\t\tIf you wish to reset your password, click the following link: <br/>\r\n\t\t\t\t<a href='" . $GLOBALS['website_domain'] . "?p=forgotpw&code=" . $code . "&account=" . account::getAccountID($account_name) . "'>\r\n\t\t\t\t" . $GLOBALS['website_domain'] . "?p=forgotpw&code=" . $code . "&account=" . account::getAccountID($account_name) . "</a>\r\n\r\n\t\t\t\t<br/><br/>\r\n\r\n\t\t\t\tIf you did not request this, just ignore this message.<br/><br/>\r\n\t\t\t\tSincerely, The Management.");
if ($emailSent) {
$account_id = self::getAccountID($account_name);
connect::selectDB('webdb');
mysql_query("DELETE FROM password_reset WHERE account_id='" . $account_id . "'");
mysql_query("INSERT INTO password_reset (code,account_id)\r\n\t\t\t\t VALUES ('" . $code . "','" . $account_id . "')");
echo "An email containing a link to reset your password has been sent to the Email address you specified.\r\n\t\t\t\t\t If you've tried to send other forgot password requests before this, they won't work. <br/>";
} else {
echo '<h4 class="red_text">Failed to send email! (Check error logs for details)</h4>';
}
}
}
}