header("Pragma: cache"); require "includes/header.php"; } if (isset($_POST['username']) && $_POST['username'] != "") { $user = $db->real_escape_string(htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8')); $query = "SELECT email, id FROM {$user_table} WHERE user='******' LIMIT 1"; $result = $db->query($query); $count = $result->num_rows(); if ($count > 0) { $row = $result->fetch_assoc(); if ($row['email'] != "" && $row['email'] != NULL && strpos($row['email'], "@") !== false && strpos($row['email'], ".") !== false && strlen($row['email']) > 2) { $misc = new misc(); $code = hash('sha256', rand(132, 1.0049583277478826E+21)); $link = $site_url . "/index.php?page=reset_password&code=" . $code . "&id=" . $row['id']; $body = 'A password reset has been requested for your account.<br /><br /> If you didn\'t request this, please ignore this email.<br /><br />To reset you password, please click on this link: <a href="' . $link . '">' . $link . '</a>'; $misc->send_mail($row['email'], $email_recovery_subject, $body); $query = "UPDATE {$user_table} SET mail_reset_code='{$code}' WHERE id='" . $row['id'] . "'"; $db->query($query); print "An email with a reset link has been sent to your mailbox.<br />"; } else { print "No email has been added to this account.<br />"; } } else { print "No email has been added to this account.<br />"; } } if (isset($_GET['code']) && $_GET['code'] != "" && isset($_GET['id']) && $_GET['id'] != "" && is_numeric($_GET['id'])) { $id = $db->real_escape_string($_GET['id']); $code = $db->real_escape_string($_GET['code']); $query = "SELECT id FROM {$user_table} WHERE id='{$id}' AND mail_reset_code='{$code}' LIMIT 1"; $result = $db->query($query) or die($db->error);