function recover() { $err = array(); $msg = array(); foreach ($_POST as $key => $value) { $data[$key] = filter($value); } if (!isEmail($data['user_email'])) { $err[] = "ERROR - Please enter a valid email"; } $user_email = $data['user_email']; //check if activ code and user is valid as precaution $rs_check = mysql_query("select id from users where user_email='{$user_email}'") or die(mysql_error()); $num = mysql_num_rows($rs_check); // Match row found with more than 1 results - the user is authenticated. if ($num <= 0) { $err[] = "Error - Sorry no such account exists or registered."; //header("Location: forgot.php?msg=$msg"); //exit(); } if (empty($err)) { $new_pwd = GenPwd(); $pwd_reset = PwdHash($new_pwd); //$sha1_new = sha1($new); //set update sha1 of new password + salt $rs_activ = mysqli_query($link, "update users set pwd='{$pwd_reset}' WHERE \n\t\t\t\t\t\t\t user_email='{$user_email}'") or die(mysql_error()); $host = $_SERVER['HTTP_HOST']; $host_upper = strtoupper($host); //send email $message = "Here are your new password details ...\n\n\tUser Email: {$user_email} \n\n\tPasswd: {$new_pwd} \n\n\n\tThank You\n\n\tAdministrator\n\t{$host_upper}\n\t______________________________________________________\n\tTHIS IS AN AUTOMATED RESPONSE. \n\t***DO NOT RESPOND TO THIS EMAIL****\n\t"; mail($user_email, "Reset Password", $message, "From: \"Member Registration\" <auto-reply@{$host}>\r\n" . "X-Mailer: PHP/" . phpversion()); $msg[] = "Your account password has been reset and a new password has been sent to your email address."; } }
} if (!isEmail($data['user_email'])) { $err[] = "ERROR - Please enter a valid email"; } $user_email = $data['user_email']; //check if activ code and user is valid as precaution $rs_check = mysqli_query($link, "select id from users where user_email='{$user_email}'") or die(mysql_error()); $num = mysqli_num_rows($link, $rs_check); // Match row found with more than 1 results - the user is authenticated. if ($num <= 0) { $err[] = "Error - Sorry no such account exists or registered."; //header("Location: forgot.php?msg=$msg"); //exit(); } if (empty($err)) { $new_pwd = GenPwd(); $pwd_reset = PwdHash($new_pwd); //$sha1_new = sha1($new); //set update sha1 of new password + salt $rs_activ = mysqli_query($link, "update users set pwd='{$pwd_reset}' WHERE \n\t\t\t\t\t\t user_email='{$user_email}'") or die(mysql_error()); $host = $_SERVER['HTTP_HOST']; $host_upper = strtoupper($host); //send email $message = "Here are your new password details ...\n\nUser Email: {$user_email} \n\nPasswd: {$new_pwd} \n\n\nThank You\n\nAdministrator\n{$host_upper}\n______________________________________________________\nTHIS IS AN AUTOMATED RESPONSE. \n***DO NOT RESPOND TO THIS EMAIL****\n"; mail($user_email, "Reset Password", $message, "From: \"Member Registration\" <auto-reply@{$host}>\r\n" . "X-Mailer: PHP/" . phpversion()); $msg[] = "Your account password has been reset and a new password has been sent to your email address."; //$msg = urlencode(); //header("Location: forgot.php?msg=$msg"); //exit(); } }
<?php } ?> </p> <?php if ($_POST['doSubmit'] == 'Create') { $rs_dup = mysql_query("select count(*) as total from users where user_name='{$post['user_name']}' OR user_email='{$post['user_email']}'") or die(mysql_error()); list($dups) = mysql_fetch_row($rs_dup); if ($dups > 0) { die("The user name or email already exists in the system"); } if (!empty($_POST['pwd'])) { $pwd = $post['pwd']; $hash = PwdHash($post['pwd']); } else { $pwd = GenPwd(); $hash = PwdHash($pwd); } mysql_query("INSERT INTO users (`user_name`,`user_email`,`pwd`,`approved`,`date`,`user_level`)\r\n\t\t\t VALUES ('{$post['user_name']}','{$post['user_email']}','{$hash}','1',now(),'{$post['user_level']}')\r\n\t\t\t ") or die(mysql_error()); $message = "Thank you for registering with us. Here are your login details...\n\r\nUser Email: {$post['user_email']} \n\r\nPasswd: {$pwd} \n\r\n\r\n*****LOGIN LINK*****\n\r\nhttp://{$host}{$path}/login.php\r\n\r\nThank You\r\n\r\nAdministrator\r\n{$host_upper}\r\n______________________________________________________\r\nTHIS IS AN AUTOMATED RESPONSE.\r\n***DO NOT RESPOND TO THIS EMAIL****\r\n"; if ($_POST['send'] == '1') { mail($post['user_email'], "Login Details", $message, "From: \"Member Registration\" <auto-reply@{$host}>\r\n" . "X-Mailer: PHP/" . phpversion()); } echo "<div class=\"msg\">User created with password {$pwd}....done.</div>"; } ?> <h2><font color="#FF0000">Create New User</font></h2> <table width="80%" border="0" cellpadding="5" cellspacing="2" class="myaccount"> <tr> <td><form name="form1" method="post" action="admin.php">