tablerender(LAN_03, "

".$txt."

"); require_once(FOOTERF); exit; } //the separator character used $fpw_sep = "#"; if (e_QUERY) { // User has clicked on the emailed link define("FPW_ACTIVE","TRUE"); $tmp = explode($fpw_sep, e_QUERY); $tmpinfo = preg_replace("#[\W_]#", "", $tp -> toDB($tmp[0], true)); if ($sql->db_Select("tmp", "*", "`tmp_info` LIKE '%{$fpw_sep}{$tmpinfo}' ")) { $row = $sql->db_Fetch(); extract($row); $sql->db_Delete("tmp", "`tmp_info` LIKE '%{$fpw_sep}{$tmpinfo}' "); $newpw = ""; $pwlen = rand(8, 12); for($a = 0; $a <= $pwlen; $a++) { $newpw .= chr(rand(97, 122)); } $mdnewpw = md5($newpw); // Generate new random password list($loginName, $md5) = explode($fpw_sep, $tmp_info); $sql->db_Update("user", "`user_password`='{$mdnewpw}', `user_viewed`='' WHERE `user_loginname`='".$tp -> toDB($loginName, true)."' "); cookie($pref['cookie_name'], "", (time()-2592000)); $_SESSION[$pref['cookie_name']] = ""; $txt = "

".LAN_FPW8."

".LAN_218."	{$loginName}
".LAN_FPW9."	{$newpw}

".LAN_FPW10." ".LAN_FPW11." ".LAN_FPW12."

"; fpw_error($txt); } else { fpw_error(LAN_FPW7); } } // Request to reset password //-------------------------- if (isset($_POST['pwsubmit'])) { // Request for password reset submitted require_once(e_HANDLER."mail.php"); $email = $_POST['email']; if ($pref['fpwcode'] && extension_loaded("gd")) { if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) { fpw_error(LAN_FPW3); } } $clean_email = check_email($tp -> toDB($_POST['email'])); $clean_username = $tp -> toDB($_POST['username']); $query = "`user_email`='{$clean_email}' "; // Allow admins to remove 'username' from fpw_template.php if they wish. $query .= (isset($_POST['username'])) ? " AND `user_loginname`='{$clean_username}'" : ""; if ($sql->db_Select("user", "*", $query)) { // Found user in DB $row = $sql->db_Fetch(); extract($row); if ($row['user_admin'] == 1 && $row['user_perms'] == "0") { // Main admin expected to be competent enough to never forget password! (And its a security check - so warn them) sendemail($pref['siteadminemail'], LAN_06, LAN_07."".$e107->getip()." ".LAN_08); echo "\n"; die(); } if ($result = $sql->db_Select("tmp", "*", "`tmp_ip` = 'pwreset' AND `tmp_info` LIKE '{$row['user_loginname']}{$fpw_sep}%'")) { fpw_error(LAN_FPW4); exit; } mt_srand ((double)microtime() * 1000000); $maxran = 1000000; $rand_num = mt_rand(0, $maxran); $datekey = date("r"); $rcode = md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey); $link = SITEURL."fpw.php?{$rcode}"; $message = LAN_FPW5." ".SITENAME." ".LAN_FPW14." : ".$e107->getip().".\n\n".LAN_FPW15."\n\n".LAN_FPW16."\n\n".LAN_FPW17."\n\n{$link}"; // $message = LAN_FPW5."\n\n{$link}"; $deltime = time()+86400 * 2; //Set timestamp two days ahead so it doesn't get auto-deleted $sql->db_Insert("tmp", "'pwreset',{$deltime},'{$row['user_loginname']}{$fpw_sep}{$rcode}'"); if (sendemail($_POST['email'], "".LAN_09."".SITENAME, $message)) { $text = "

".LAN_FPW6."

"; } else { $text = "

".LAN_02."

"; } $ns->tablerender(LAN_03, $text); require_once(FOOTERF); exit; } else { $text = LAN_213; $ns->tablerender(LAN_214, "

".$text."

"); } } if (USE_IMAGECODE) { $FPW_TABLE_SECIMG_LAN = LAN_FPW2; $FPW_TABLE_SECIMG_HIDDEN = ""; $FPW_TABLE_SECIMG_SECIMG = $sec_img->r_image(); $FPW_TABLE_SECIMG_TEXTBOC = ""; } if (!$FPW_TABLE) { if (file_exists(THEME."fpw_template.php")) { require_once(THEME."fpw_template.php"); } else { require_once(e_THEME."templates/fpw_template.php"); } } $text = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE); $ns->tablerender(LAN_03, $text); require_once(FOOTERF); ?>