<form action="<?php echo $settings['domain'] . "/admin_login.php"; ?> " accept-charset="utf-8" method="post"> <div class="panel"> <?php ($hook = get_hook('forgot_password_header')) ? eval($hook) : null; ?> <?php if (isset($_REQUEST['email'])) { ?> <table> <tr> <td> <?php send_password_email(); ?> </td> </tr> </table> <?php } elseif (isset($_REQUEST['old_pw'])) { ?> <table> <tr> <td> <?php get_new_password(); ?> </td> </tr>
/** * Check user's email & send password * * @access public * @return void */ function check_password_reminder() { global $task, $err, $debug; $task = 'password_sender'; if (!$_POST['email']) { $err[] = 'Please enter your email address'; } else { $_POST['email'] = echo_value('email'); } if (!count($err) && !validate_email($_POST['email'])) { $err[] = 'Please enter a valid email address'; } // look up email in DB if (!count($err)) { // check email $_POST['email'] = mysql_real_escape_string($_POST['email']); // Escaping all input data $row = db_fetch("SELECT email, password, title, forename, surname FROM " . TABLE_COMMUNITY . " WHERE email='{$_POST['email']}'"); // if email exists, check password if ($row['email']) { $name = $row['title'] . ' ' . $row['forename'] . ' ' . $row['surname']; send_password_email($row['email'], $name, $row['password']); $err[] = 'A password reminder has been sent to your registered email address'; $task = 'start'; } else { $err[] = 'Not a registered email address'; } } }