{$lang_forgot_passwd_php['err_unk_user']}
|
EOT;
}
} elseif (isset($_GET['key']) && isset($_GET['id'])) {
$randkey = addslashes($_GET['key']);
$user_id = addslashes($_GET['id']);
$sql = "select null from {$cpg_udb->sessionstable} where session_id = md5('{$randkey}{$user_id}');";
$result = cpg_db_query($sql);
if (!mysql_num_rows($result)) {
cpg_die($lang_forgot_passwd_php['forgot_passwd'], $lang_forgot_passwd_php['illegal_session']);
}
mysql_free_result($result);
$sql = "select {$cpg_udb->field['username']}, {$cpg_udb->field['email']} from {$cpg_udb->usertable} where {$cpg_udb->field['user_id']}='$user_id';";
$result = cpg_db_query($sql);
if (!mysql_num_rows($result)) {
cpg_die($lang_forgot_passwd_php['forgot_passwd'], $lang_forgot_passwd_php['err_unk_user']);
}
$row = mysql_fetch_assoc($result);
mysql_free_result($sql);
// Reset Password
$new_password = $cpg_udb->make_password();
if ($CONFIG['enable_encrypted_passwords']) {
$password = md5($new_password);
} else {
$password = $new_password;
}
$sql = "update {$cpg_udb->usertable} set ";
$sql .= "{$cpg_udb->field['password']}='$password' ";
$sql .= "where {$cpg_udb->field['email']}='{$row['user_email']}'";
cpg_db_query($sql);
// send the password
if (!cpg_mail($row['user_email'],
sprintf($lang_forgot_passwd_php['passwd_reset_subject'], $CONFIG['gallery_name']),
sprintf($lang_forgot_passwd_php['passwd_reset_body'], $row['user_name'], $new_password,
$CONFIG['ecards_more_pic_target'].(substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') .'login.php'))){
cpg_die(CRITICAL_ERROR, $lang_forgot_passwd_php['failed_sending_email'], __FILE__, __LINE__);
}
$sql = "delete from {$cpg_udb->sessionstable} where session_id=md5('{$randkey}{$user_id}');";
cpg_db_query($sql);
// output the message
pageheader($lang_forgot_passwd_php['forgot_passwd'], "");
$referer = 'login.php';
msg_box($lang_forgot_passwd_php['forgot_passwd'], sprintf($lang_forgot_passwd_php['email_sent'], $row['user_email']), $lang_continue, $referer);
$USER_DATA['user_password'] = '***********';
pagefooter();
exit;
}
pageheader($lang_forgot_passwd_php['forgot_passwd']);
echo '';
pagefooter();
ob_end_flush();
?>