Файл: recover.php
Строк: 60
<?php
include('common.php');
if(!islogged())
{
echo theader($lang['lostpassword']);
if(getarg('code') != NULL){
$query=mysql_query("select * from `recover` where `code`='".getarg('code')."'");
if(mysql_num_rows($query) > 0){
$newpassword = clean(getcode());
$result = mysql_fetch_array($query);
$userid = intval($result['user']);
$query=mysql_query("select * from `users` where `id`='$userid'");
$result = mysql_fetch_array($query);
$useremail = $result['email'];
$query=mysql_query("update `users` set `password`='".md5(md5($newpassword))."' where `id`='$userid'");
if(mysql_affected_rows() > 0){
$msub = $lang['lostpassword'];
$mmsg = $lang['yournewpassword'] . ' ' . $newpassword . "rn" . $s_siteurl . '/' . "rn";
@mail($useremail, $msub, $mmsg, "From: $s_email <$s_email>rn");
mysql_query("delete from `recover` where `code`='".getarg('code')."'");
echo '<div class="list2">' . $lang['newpasswordsent'] . '<br />
<a href="/index.php">' . $lang['back'] . '</a></div>';
}else{
echo '<div class="list2">' . $lang['recoveryerror'] . '<br />
<a href="/recover.php">' . $lang['back'] . '</a></div>';
}
}else{
echo '<div class="list2">' . $lang['wrongrecoverycode'] . '<br />
<a href="/index.php">' . $lang['back'] . '</a></div>';
}
}else{
if(isset($_POST['email']) && !empty($_POST['email'])){
$email = trim($_POST['email']);
$query=mysql_query("select * from `users` where `email`='$email'");
if(mysql_num_rows($query) > 0){
$result = mysql_fetch_array($query);
$userid = intval($result['id']);
$query=mysql_query("select * from `recover` where `user`='$userid'");
if(mysql_num_rows($query) > 0){
$result = mysql_fetch_array($query);
$code = trim($result['code']);
$msub = $lang['lostpassword'];
$mmsg = $lang['torecover'] . "rn" . $s_siteurl . '/recover.php&code=' . $code . "rn";
@mail($email, $msub, $mmsg, "From: $s_email <$s_email>rn");
echo '<div class="list2">' . $lang['recoversent'] . '<br />
<a href="/index.php">' . $lang['back'] . '</a></div>';
}else{
$code = clean(getcode());
mysql_query("insert into `recover` set `user`='$userid', `code`='$code', `date`='".time()."'");
$msub = $lang['lostpassword'];
$mmsg = $lang['torecover'] . "rn" . $_SERVER['HTTP_HOST'] . '/recover.php&code=' . $code . "rn";
@mail($email, $msub, $mmsg, "From: $s_email <$s_email>rn");
echo '<div class="list2">' . $lang['recoversent'] . '<br />
<a href="/index.php">' . $lang['back'] . '</a></div>';
}
}else{
echo '<div class="list2">' . $lang['emailnotinuse'] . '<br />
<a href="/recover.php">' . $lang['back'] . '</a></div>';
}
}else{
echo '<div class="list2">' . $lang['enteremail'] . '</div>';
echo trecoverbox();
echo '<div class="list2"><a href="/index.php">' . $lang['back'] . '</a></div>';
}
}
echo tfooter();
}else{
echo'<div class="list2">'.$lang['error'].'</div>';
}
exit();
?>