Вход Регистрация
Файл: recover.php
Строк: 60
<?php
    
include('common.php');

    if(!
islogged())
    {
        echo 
theader($lang['lostpassword']);
        if(
getarg('code') != NULL){
            
$query=mysql_query("select * from `recover` where `code`='".getarg('code')."'");
            if(
mysql_num_rows($query) > 0){
                
$newpassword clean(getcode());
                
$result mysql_fetch_array($query);
                
$userid intval($result['user']);
                
$query=mysql_query("select * from `users` where `id`='$userid'");
                
$result mysql_fetch_array($query);
                
$useremail $result['email'];
                
$query=mysql_query("update `users` set `password`='".md5(md5($newpassword))."' where `id`='$userid'");
                if(
mysql_affected_rows() > 0){
                    
$msub $lang['lostpassword'];
                    
$mmsg $lang['yournewpassword'] . ' ' $newpassword "rn" $s_siteurl '/' "rn";
                    @
mail($useremail$msub$mmsg"From: $s_email <$s_email>rn");
                    
mysql_query("delete from `recover` where `code`='".getarg('code')."'");
                    echo 
'<div class="list2">' $lang['newpasswordsent'] . '<br />
                    <a href="/index.php">' 
$lang['back'] . '</a></div>';
                }else{
                    echo 
'<div class="list2">' $lang['recoveryerror'] . '<br />
                    <a href="/recover.php">' 
$lang['back'] . '</a></div>';
                }
            }else{
                echo 
'<div class="list2">' $lang['wrongrecoverycode'] . '<br />
                <a href="/index.php">' 
$lang['back'] . '</a></div>';
            }
        }else{
            if(isset(
$_POST['email']) && !empty($_POST['email'])){
                
$email trim($_POST['email']);
                
$query=mysql_query("select * from `users` where `email`='$email'");
                if(
mysql_num_rows($query) > 0){
                    
$result mysql_fetch_array($query);
                    
$userid intval($result['id']);
                    
$query=mysql_query("select * from `recover` where `user`='$userid'");
                    if(
mysql_num_rows($query) > 0){
                        
$result mysql_fetch_array($query);
                        
$code trim($result['code']);
                        
$msub $lang['lostpassword'];
                        
$mmsg $lang['torecover'] . "rn" $s_siteurl '/recover.php&code=' $code "rn";
                        @
mail($email$msub$mmsg"From: $s_email <$s_email>rn");
                        echo 
'<div class="list2">' $lang['recoversent'] . '<br />
                        <a href="/index.php">' 
$lang['back'] . '</a></div>';
                    }else{
                        
$code clean(getcode());
                        
mysql_query("insert into `recover` set `user`='$userid', `code`='$code', `date`='".time()."'");
                        
$msub $lang['lostpassword'];
                        
$mmsg $lang['torecover'] . "rn" $_SERVER['HTTP_HOST'] . '/recover.php&code=' $code "rn";
                        @
mail($email$msub$mmsg"From: $s_email <$s_email>rn");
                        echo 
'<div class="list2">' $lang['recoversent'] . '<br />
                        <a href="/index.php">' 
$lang['back'] . '</a></div>';
                    }
                }else{
                    echo 
'<div class="list2">' $lang['emailnotinuse'] . '<br />
                    <a href="/recover.php">' 
$lang['back'] . '</a></div>';
                }
            }else{
                echo 
'<div class="list2">' $lang['enteremail'] . '</div>';
                echo 
trecoverbox();
                echo 
'<div class="list2"><a href="/index.php">' $lang['back'] . '</a></div>';
            }
        }
        echo 
tfooter();
    }else{
        echo
'<div class="list2">'.$lang['error'].'</div>';
    }
    exit();
?>
Онлайн: 0
Реклама