// exit the big switch()
}
$err = array();
if (!empty($_POST)) {
if (!isset($_POST['username']) || empty($_POST['username'])) {
$err[] = $l['log-bad-user'];
// bad username
} else {
$username = slash_if_needed($_POST['username']);
if (!$user->userExists($username)) {
$err[] = $l['log-bad-user'];
} else {
// build new user object to manip his data
$client = new nlb_user($db);
$id = $client->getIdByName($username);
$client->setId($id);
// create new password. 6 random letters + numbers
$newpass = uniqid(rand(), true);
$newpass = substr($newpass, 0, 6);
$hash = md5($newpass);
$link = full_url . script_path . 'login.php';
$message = $l['log-forgot-email'];
$message = str_replace('%USERNAME%', $client->get('username'), $message);
$message = str_replace('%PASSWORD%', $newpass, $message);
$message = str_replace('%LINK%', $link, $message);
$mail->AddAddress($client->get('email'), $client->get('username'));
$mail->Subject = $config->get('site_name') . $l['log-forgot-subject'];
$mail->Body = $message;
if (!$mail->Send()) {
// if we can't send the email, then don't write the
// new password in the db
