function session_hash(database $database, base $base, $username)
{
//generate new hash
$session_hash = $base->randomString(35);
//update old hash to new one (after checking the hahs doesn't exist)
$database->processQuery("SELECT * FROM `users` WHERE `cookie` = ?", array($session_hash), false);
if ($database->getRowCount() == 0) {
$database->processQuery("UPDATE `users` SET `cookie` = ? WHERE `username` = ? LIMIT 1", array($session_hash, $username), false);
return $session_hash;
} else {
session_hash();
}
}
}
if (preg_match('#[^a-zA-Z0-9$ ]#', $answer)) {
$errors[] = 'Question #' . $i . ' contains illegal characters.';
}
}
if (count($errors) >= 1) {
//back button
?>
<center><input type="button" value="Back" onclick="goBack()" /></center> <?php
//display errors
foreach ($errors as $error) {
echo $error . '<br/>';
}
} else {
//generate a tracking ID
$rand_hash = $base->randomString(11);
$tracking_id = substr($rand_hash, 0, 3) . '-' . substr($rand_hash, 4, 3) . '-' . substr($rand_hash, 7, 3);
//create the recovery request
$database->processQuery("INSERT INTO `tracking` VALUES (null, ?, ?, NOW(), ?, ?, 0, ?, ?, ?, ?, ?, ?)", array($user->getIdByName($_POST['username']), $_SERVER['REMOTE_ADDR'], time(), $tracking_id, $answers[0], $answers[1], $answers[2], $answers[3], $answers[4], $answers[5]), false);
?>
<fieldset class="question">
<legend>Success!</legend>
You have successfully submitted a recovery request to the Asgarniax team. Within 24 hours, your request will be reviewed. To get the status of the administrator's review,
you can track the recovery by the tracking ID given to you below. <b>Write the tracking ID down so you don't forget.</b>
</fieldset>
<br/>
<br/>
<b>Tracking ID: <?php
echo $tracking_id;
?>
</b>
