if ($GLOBALS["FORUMLINK"] == "smf") {
$passhash = smf_passgen($arr["username"], $newpassword);
do_sqlquery("UPDATE {$db_prefix}members SET passwd='{$passhash['0']}', passwordSalt='{$passhash['1']}' WHERE ID_MEMBER=" . $arr["smf_fid"]);
}
$body = sprintf($language["RECOVER_EMAIL_2"], $arr["username"], $newpassword, "{$BASEURL}/index.php?page=login", $SITENAME);
send_mail($email, "{$SITENAME} " . $language["ACCOUNT_DETAILS"], $body) or stderr($language["ERROR"], $language["ERR_SEND_EMAIL"]);
redirect("index.php?page=recover&act=recover_ok&id={$id}&random={$random}");
die;
} elseif ($act == "recover_ok") {
$id = intval(0 + $_GET["id"]);
$random = intval($_GET["random"]);
if (!$id || !$random || empty($random) || $random == 0) {
stderr($language["ERROR"], $language["ERR_UPDATE_USER"]);
}
$res = do_sqlquery("SELECT username, email, random" . ($GLOBALS["FORUMLINK"] == "smf" ? ", smf_fid" : "") . " FROM {$TABLE_PREFIX}users WHERE id = {$id}");
$arr = mysql_fetch_array($res) or httperr();
if ($random != $arr["random"]) {
stderr($language["ERROR"], $language["ERR_UPDATE_USER"]);
}
$email = $arr["email"];
success_msg($language["SUCCESS"], $language["SUC_SEND_EMAIL"] . " <b>{$email}</b>.\n" . $language["SUC_SEND_EMAIL_2"]);
$tpl->set("main_footer", bottom_menu() . "<br />\n");
$tpl->set("btit_version", print_version());
echo $tpl->fetch(load_template("main.tpl"));
die;
} elseif ($act == "recover") {
}
$recovertpl = new bTemplate();
global $language, $recovertpl;
$recovertpl->set("language", $language);
$recover = array();
$attachment_dir = ROOT_DIR . "forum_attachments";
$at = sql_query("SELECT * FROM attachments WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$resat = mysql_fetch_assoc($at);
$filename = $attachment_dir . '/' . $resat['filename'];
if (!$resat || !is_file($filename) || !is_readable($filename)) {
// return not found header
httperr();
}
if ($_GET['action'] == 'delete') {
if (get_user_class() >= UC_MODERATOR) {
@unlink($filename);
sql_query("DELETE FROM attachments WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
sql_query("DELETE FROM attachmentdownloads WHERE fileid=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
die('<font color=\\"red\\">File successfull deleted...');
} else {
httperr();
}
}
$file_extension = strtolower(substr(strrchr($filename, "."), 1));
switch ($file_extension) {
case "pdf":
$ctype = "application/pdf";
break;
case "exe":
$ctype = "application/octet-stream";
break;
case "zip":
$ctype = "application/zip";
break;
case "rar":
$ctype = "application/zip";
</span>
</td>
</tr>
</table>
<div id="foot">
<span><a href="http://www.btiteam.org" target="_blank">BtiTeam.org</a> | <a href="https://github.com/Yupy/BtiTracker-1.5.1" target="_blank">GitHub.com</a> | <a href="#">BtiTracker v1.5.1 by Yupy & Btiteam</a></span>
</div>
<?php
} elseif ($_GET) {
$id = 0 + (int) $_GET["id"];
$random = intval($_GET["random"]);
if (!$id || !$random || empty($random) || $random == 0) {
stderr(ERROR, ERR_UPDATE_USER);
}
$res = $db->query("SELECT username, email, random FROM users WHERE id = " . $id);
$arr = $res->fetch_array(MYSQLI_BOTH) or httperr();
if ($random != $arr["random"]) {
stderr(ERROR, ERR_UPDATE_USER);
}
$email = $arr["email"];
// generate new password;
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$newpassword = '';
for ($i = 0; $i < 10; $i++) {
$newpassword .= $chars[mt_rand(0, utf8::strlen($chars) - 1)];
}
$db->query("UPDATE users SET password = '******' WHERE id = " . $id . " AND random = " . $random);
if (!$db->affected_rows) {
stderr(ERROR, ERR_UPDATE_USER);
}
$body = <<<EOD
