Файл: pass.php
Строк: 110
<?############# hak NOOO ###################
include("header.php");
$urlpage='Востановления пороля';
$submit=$_POST['submit'];
if(!isset($submit)):
$str=Array("1", "2", "3", "4", "5", "6", "7", "8", "9", "0", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z");
$pass="";
for ($i=0;$i<rand(8,12);$i++) $pass.=$str[rand(0,count($str))];
?>
<div align="center">
<div class="s5_mod_h3_l">
<div class="s5_mod_h3_r">
<div class="s5_mod_h3_m">
<h3 class="s5_mod_h3"><span class="s5_h3_first">
<?=$lang['pass'];?>
</span></h3>
</div>
</div>
</div>
<?=$lang['pass1'];?>
<BR>
<BR>
<FORM METHOD=POST ACTION="pass.php">
<div class="<?=$moduletablehilite3;?>" align="center">
<?=$lang['pass2'];?>
<INPUT TYPE="text" NAME="ename" class=form6>
<?=$lang['pass4'];?>
<INPUT TYPE="text" NAME="email" class=form6>
<INPUT TYPE="submit" name=submit value=".:: <?=$lang['pass3'];?> ::." class=button>
</div>
</FORM>
</div>
<?
else:
require ("inc/connect.inc.php");
$sql=mysql_query("select*from ".$db_pref."users where user='".mysql_real_escape_string($_POST['ename'])."' and email='".mysql_real_escape_string($_POST['email'])."'");
$num=mysql_num_rows($sql);
$row=mysql_fetch_array($sql);
$email=$row['email'];
$ename=$row['user'];
if($num=='0'):
?><div align="center">
<i> <h3><font color="red"><?=$lang['pass6'];?></font></h3></i>
<br>
<FORM METHOD=POST ACTION="pass.php">
<div align="center"><?=$lang['pass2'];?>
<INPUT TYPE="text" NAME="ename" class=form6>
<?=$lang['pass4'];?>
<INPUT TYPE="text" NAME="email" class=form6>
<INPUT TYPE="submit" name=submit value=".:: <?=$lang['pass3'];?> ::." class=button>
</div>
</FORM>
</div>
<?
else:
$str=Array("1", "2", "3", "4", "5", "6", "7", "8", "9", "0", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z");
$pass="";
for ($i=0;$i<rand(8,12);$i++) $pass.=$str[rand(0,count($str))];
$password = md5(md5(trim($pass.$sekretkey)));
mysql_query("update ".$db_pref."users set pass='$password' where user='".mysql_real_escape_string($_POST['ename'])."' and email='".mysql_real_escape_string($_POST['email'])."'");
$sql=mysql_query("select*from ".$db_pref."sysvals");
$row=mysql_fetch_array($sql);
$site_url=$row['site_url'];
$currency=$row['currency'];
$name_title=$row['name_title'];
$sqlad=mysql_query("select*from ".$db_pref."users where id='1'");
$rowad=mysql_fetch_array($sqlad);
$admin_email=$rowad['email'];
//$sql=mysql_query("select*from ".$db_pref."users where user='".mysql_real_escape_string($_POST['ename'])."");
$lang['pass_mail']=str_replace("{name}",$ename,$lang['pass_mail']);
$lang['pass_mail']=str_replace("{name_title}",$name_title,$lang['pass_mail']);
$lang['pass_mail']=str_replace("{pass}",$pass,$lang['pass_mail']);
$lang['pass_mail']=str_replace("{email}",$email,$lang['pass_mail']);
$lang['pass_mail']=str_replace("{site_url}",$site_url,$lang['pass_mail']);
$pass_title=$lang['pass'];
$message=$lang['pass_mail'];
mail("$email","$pass_title & $name_title","$message","From: $admin_emailn"."Content-type: text/plain; charset=utf-8");
?>
<div align="center"><font color="gren"><b><?=$lang['pass7'];?></b></font></div>
<?endif;endif;
include("footer.php");
?>