Файл: Krimos/recover.php
Строк: 121
<?php
// Криме / Krime
include('common.php');
if(!islogged())
{
echo theader($lang['lostpassword']);
if(getarg('code') != NULL)
{
$query = mysql_query('SELECT * FROM `recover` WHERE `code` = '' . getarg('code') . '';');
if(mysql_num_rows($query) > 0)
{
$newpassword = clean(getcode());
$result = mysql_fetch_array($query);
$userid = intval($result['user']);
$query = mysql_query('SELECT * FROM `users` WHERE `id` = '' . $userid . '';');
$result = mysql_fetch_array($query);
$useremail = $result['email'];
$query = mysql_query('UPDATE `users` SET `password` = '' . md5(md5($newpassword)) . '' WHERE `id` = '' . $userid . '';');
if(mysql_affected_rows() > 0)
{
$msub = $lang['lostpassword'];
$mmsg = $lang['yournewpassword'] . ' ' . $newpassword . "rn" . $s_siteurl . '/' . "rn";
@mail($useremail, $msub, $mmsg, "From: $s_email <$s_email>rn");
@mysql_query('DELETE FROM `recover` WHERE `code` = '' . getarg('code') . '';');
echo ' <span>' . $lang['newpasswordsent'] . '</span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "rn";
}
else
{
echo ' <span>' . $lang['recoveryerror'] . '</span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/recover.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "rn";
}
}
else
{
echo ' <span>' . $lang['wrongrecoverycode'] . '</span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "rn";
}
}
else
{
if(isset($_POST['email']) && !empty($_POST['email']))
{
$email = trim($_POST['email']);
$query = mysql_query('SELECT * FROM `users` WHERE `email` = '' . $email . '';');
if(mysql_num_rows($query) > 0)
{
$result = mysql_fetch_array($query);
$userid = intval($result['id']);
$query = mysql_query('SELECT * FROM `recover` WHERE `user` = '' . $userid . '';');
if(mysql_num_rows($query) > 0)
{
$result = mysql_fetch_array($query);
$code = trim($result['code']);
$msub = $lang['lostpassword'];
$mmsg = $lang['torecover'] . "rn" . $s_siteurl . '/recover.php?lang=' . $language . '&code=' . $code . "rn";
@mail($email, $msub, $mmsg, "From: $s_email <$s_email>rn");
echo ' <span>' . $lang['recoversent'] . '</span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "rn";
}
else
{
$code = clean(getcode());
@mysql_query('INSERT INTO `recover` VALUES('0', '' . $userid . '', '' . $code . '', '' . time() . '');');
$msub = $lang['lostpassword'];
$mmsg = $lang['torecover'] . "rn" . $s_siteurl . '/recover.php?lang=' . $language . '&code=' . $code . "rn";
@mail($email, $msub, $mmsg, "From: $s_email <$s_email>rn");
echo ' <span>' . $lang['recoversent'] . '</span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "rn";
}
}
else
{
echo ' <span>' . $lang['emailnotinuse'] . '</span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/recover.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "rn";
}
}
else
{
echo ' <span>' . $lang['enteremail'] . '</span><br /><br />' . "rn";
echo trecoverbox();
echo ' <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "rn";
}
}
echo tfooter();
}
else
{
header('Location: ' . $s_siteurl . '/index.php?lang=' . $language);
}
exit();
?>