function _userNewpwd()
{
global $_CONF, $_TABLES, $_USER, $LANG04;
$retval = '';
$uid = COM_applyFilter($_GET['uid'], true);
$reqid = COM_sanitizeID(COM_applyFilter($_GET['rid']));
if (!empty($uid) && is_numeric($uid) && $uid > 1 && !empty($reqid) && strlen($reqid) == 16) {
$uid = (int) $uid;
$safereqid = DB_escapeString($reqid);
$valid = DB_count($_TABLES['users'], array('uid', 'pwrequestid'), array($uid, $safereqid));
if ($valid == 1) {
$retval .= newpasswordform($uid, $reqid);
} else {
// request invalid or expired
$retval .= COM_showMessage(54, '', '', 1, 'error');
$retval .= getpasswordform();
}
} else {
// this request doesn't make sense - ignore it
echo COM_refresh($_CONF['site_url']);
}
return $retval;
}
COM_clearSpeedlimit($_CONF['passwordspeedlimit'], 'password');
$last = COM_checkSpeedlimit('password');
if ($last > 0) {
$display .= COM_showMessageText(sprintf($LANG04[93], $last, $_CONF['passwordspeedlimit']), $LANG12[26]);
} else {
$display .= getpasswordform();
}
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[25]));
break;
case 'newpwd':
$uid = COM_applyFilter($_GET['uid'], true);
$reqid = COM_applyFilter($_GET['rid']);
if (!empty($uid) && is_numeric($uid) && $uid > 0 && !empty($reqid) && strlen($reqid) == 16) {
$valid = DB_count($_TABLES['users'], array('uid', 'pwrequestid'), array($uid, $reqid));
if ($valid == 1) {
$display .= newpasswordform($uid, $reqid);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[92]));
} else {
// request invalid or expired
$display .= COM_showMessage(54);
$display .= getpasswordform();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[25]));
}
} else {
// this request doesn't make sense - ignore it
COM_redirect($_CONF['site_url'] . '/index.php');
}
break;
case 'setnewpwd':
if (empty($_POST['passwd']) || $_POST['passwd'] != $_POST['passwd_conf']) {
COM_redirect($_CONF['site_url'] . '/users.php?mode=newpwd&uid=' . $_POST['uid'] . '&rid=' . $_POST['rid']);