$extAuthPasswordCount = 0; $passwordFound = false; $userAccountList = array(); // Get the forgotten email from the form if (isset($_REQUEST['Femail'])) { $emailTo = strtolower(trim($_REQUEST['Femail'])); } else { $emailTo = ''; } // Main section if (isset($_REQUEST['searchPassword']) && !empty($emailTo)) { // search user with this email $sql = "SELECT `user_id` `uid` ,\n `nom` `lastName` ,\n `prenom` `firstName` ,\n `username` `loginName` ,\n `password` ,\n `email` ,\n `authSource` ,\n `creatorId`\n FROM `" . $tbl_user . "`\n WHERE LOWER(email) = '" . claro_sql_escape($emailTo) . "'"; $userList = claro_sql_query_fetch_all($sql); if (count($userList) > 0) { $allowedAuthSources = AuthDriverManager::getDriversAllowingLostPassword(); foreach ($userList as $user) { if (isset($allowedAuthSources[$user['authSource']])) { $passwordFound = true; if (get_conf('userPasswordCrypted', false)) { /* * If password are crypted, we can not send them as such. * We have to generate new ones. */ $user['password'] = generate_passwd(); // UPDATE THE DB WITH THE NEW GENERATED PASSWORD $sql = 'UPDATE `' . $tbl_user . '` SET `password` = "' . claro_sql_escape(md5($user['password'])) . '" WHERE `user_id` = "' . $user['uid'] . '"'; if (claro_sql_query($sql) === false) { trigger_error('<p align="center">' . get_lang('Wrong operation') . '</p>', E_USER_ERROR);