/
forgotpassword.php
76 lines (56 loc) · 1.78 KB
/
forgotpassword.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<?php
require_once("system-db.php");
start_db();
initialise_db();
$errmsg_arr = null;
if (! isset($_POST['login']) || $_POST['login'] == "") {
$errmsg_arr[] = "Missing User ID";
} else {
$word = "";
$memberid = 0;
$login = $_POST['login'];
$_SESSION['ERR_USER'] = $_POST['login'];
$qry = "SELECT * FROM {$_SESSION['DB_PREFIX']}members WHERE login='$login'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
$member = mysql_fetch_assoc($result);
$memberid = $member['member_id'];
srand(time());
for ($i = 0; $i < 10; $i++) {
$random = (rand()%52);
if ($random > 26) {
$random = $random - 26;
$random = $random + 32;
}
$word = $word . chr($random + 65);
}
$qry = "UPDATE {$_SESSION['DB_PREFIX']}members " .
"SET passwd = '" . md5($word) . "', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " .
"WHERE member_id = $memberid";
$result = mysql_query($qry);
if (! $result) {
logError("Error RESET PASSWORD:" . $qry . " - " . mysql_error());
}
$errmsg_arr[] = "An email has been sent with a reset password.";
sendUserMessage(
$memberid,
"Password reset",
"Your password has been reset to $word.<br>Please contact your system administrator if you have any problems."
);
sendRoleMessage(
"ADMIN",
"Password reset",
"User $login has had the password reset to $word."
);
} else {
$errmsg_arr[] = "Invalid user.";
}
} else {
$errmsg_arr[] = "Invalid user.";
}
}
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
header("location: passwordchanged.php");
?>