$_r = $rpgDB->query(sprintf("SELECT email FROM %s WHERE pname = '%s'", $TABLE_USERS, addslashes($pname))); if (!$_r) { __printFatalErr("Failed to query database.", __LINE__, __FILE__); } if ($rpgDB->num_rows() != 1) { __printFatalErr("Profile not found."); } // Make sure the email address is not null. $r = $rpgDB->fetch_row($_r); $email = $r['email']; if (!is_valid_email($email, $err_dummy)) { __printFatalErr("An invalid or non-existent email address was found in your profile."); } // Generate a key and put it in the db. $keygen = new Id(); $id = $keygen->GenerateId(); $_r = $rpgDB->query(sprintf("UPDATE %s SET pwd_key = '%s' WHERE pname = '%s' LIMIT 1", $TABLE_USERS, addslashes($id), addslashes($pname)), $rpgDB); if (!$_r) { __printFatalErr("Failed to update database.", __LINE__, __FILE__); } if ($rpgDB->num_rows() != 1) { __printFatalErr("Failed to update profile.", __LINE__, __FILE__); } // Send off the message. $to = $email; $from = "From: {$EMAIL_WEBMASTER}"; $subject = "RPG Web Profiler password reset."; $body = "{$pname},\n\nYour RPG Web Profiler password at {$URI_HOME} was recently requested to be reset. To complete the process, visit the link below and follow the directions that 3EProfiler asks.\n\n{$URI_BASE}/resetpwd.php?p={$pname}&k={$id}\n\nIf you never requested your password to be reset, please disregard this message. No information was given to the person requesting your password."; if (!mail($to, $subject, $body, $from)) { __printFatalErr("Failed to send email to address listed in profile."); }