// exit the big switch() } $err = array(); if (!empty($_POST)) { if (!isset($_POST['username']) || empty($_POST['username'])) { $err[] = $l['log-bad-user']; // bad username } else { $username = slash_if_needed($_POST['username']); if (!$user->userExists($username)) { $err[] = $l['log-bad-user']; } else { // build new user object to manip his data $client = new nlb_user($db); $id = $client->getIdByName($username); $client->setId($id); // create new password. 6 random letters + numbers $newpass = uniqid(rand(), true); $newpass = substr($newpass, 0, 6); $hash = md5($newpass); $link = full_url . script_path . 'login.php'; $message = $l['log-forgot-email']; $message = str_replace('%USERNAME%', $client->get('username'), $message); $message = str_replace('%PASSWORD%', $newpass, $message); $message = str_replace('%LINK%', $link, $message); $mail->AddAddress($client->get('email'), $client->get('username')); $mail->Subject = $config->get('site_name') . $l['log-forgot-subject']; $mail->Body = $message; if (!$mail->Send()) { // if we can't send the email, then don't write the // new password in the db