// uzivatelske jmeno and otisk $badlink = false; $userdata = DB::query("SELECT id,email,password,salt,username FROM `" . _mysql_prefix . "-users` WHERE username='******'"); if (DB::size($userdata) == 0) { $errors[] = $_lang['mod.lostpass.badlink']; $badlink = true; } else { $userdata = DB::row($userdata); if ($hash != md5($userdata['email'] . $userdata['salt'] . $userdata['password'])) { $errors[] = $_lang['mod.lostpass.badlink']; $badlink = true; } } // zmena a odeslani emailu nebo vypis chyb if (count($errors) == 0) { $newpass = _md5Salt(_wordGen()); $text_tags = array("*domain*", "*username*", "*newpass*", "*date*", "*ip*"); $text_contents = array(_getDomain(), $userdata['username'], $newpass[2], _formatTime(time()), _userip); if (_mail($userdata['email'], str_replace('*domain*', _getDomain(), $_lang['mod.lostpass.mail.subject']), str_replace($text_tags, $text_contents, $_lang['mod.lostpass.mail.text2']), "Content-Type: text/plain; charset=UTF-8\n" . _sysMailHeader())) { DB::query("UPDATE `" . _mysql_prefix . "-users` SET password='******', salt='" . $newpass[1] . "' WHERE id=" . $userdata['id']); $module .= _formMessage(1, $_lang['mod.lostpass.generated']); } else { $module .= _formMessage(3, $_lang['hcm.mailform.msg.failure2']); } $done = true; } else { $module .= _formMessage(2, _eventList($errors, "errors")); if ($badlink) { _iplogUpdate(1); } }
/** * Vytvoreni MD5 hashe * @param string $str vstupni retezec * @param string|null $salt string saltu.. pokud je null, vybere se nahodne a funkce vrati array(hash, salt, puvodni_vstup) * @return string|array */ function _md5Salt($str, $usesalt = null) { if ($usesalt === null) { $salt = _wordGen(8, 3); } else { $salt = $usesalt; } $hash = md5($salt . $str . $salt); if ($usesalt === null) { return array($hash, $salt, $str); } else { return $hash; } }